Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in - - PowerPoint PPT Presentation

Cybersecurity Today

CYBERSECURITY IN TODAY’S WORLD

Cyberattacks in Wyoming

Medical Facilities Law Enforcement Media Outlets Schools Local Government

The threat and how to think about it

► Ransomware has rapidly emerged as the most visible cybersecurity risk.

► Private sector ► Government agencies

FBI – Public Service Announcement

► Alert number I-100219-PSA Dated October 2, 2019 ► If my system is infected, should I pay the ransom? Should I contact the FBI? ► The FBI does not advocate paying a ransom, in part because it does not guarantee

an organization will regain access to its data. In some cases, victims who paid a ransom were never provided with decryption keys. In addition, due to flaws in the encryption algorithms of certain malware variants, victims may not be able to recover some or all of their data even with a valid decryption key.

► Paying ransoms emboldens criminals to target other organizations and provides an

alluring and lucrative enterprise to other criminals. However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all

• ptions to protect their shareholders, employees, and customers.

► Regardless of whether you or your organization have decided to pay the ransom,

the FBI urges you to report ransomware incidents to law enforcement. Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks.

Actions for today – Don’t be tomorrow’s headline

► Prioritize assets and processes ► Identify cyber risks ► Plan security controls and response plans ► Implement security controls and response

plans

► Monitor the progress

► Backup your data, system images and configurations.

► Keep backups offline ►Awareness training for all staff ►Update and patch systems ►Make sure your security solutions are up to date ►Review and exercise your incident response plan ►Pay attention to ransomware events and apply lessons learned ►Explore the option of cyber insurance through your agent

Actions for today – Don’t be tomorrow’s headline

Building an Incident Response Plan

► Determine authority to call an incident ► Assign IRT responsibilities ► Do not assign severity levels ► Establish communications procedures and responsibilities ► Gather pertinent information ► Outline the process ► Review and test the plan

Actions to recover if impacted – Don’t let a bad day get worse

► Ask for help ► Work with an experienced advisor to help recover ► Isolate the infected systems and phase your return to operations ► Review the connections of any business relationships (customers,

partners, vendors) that touch your network

► Apply business impact assessment finds to prioritize recovery

Actions to secure your environment – Don’t be an easy mark

► Practice good cyber hygiene; backup, update, whitelist apps, limit

privilege and use multifactor authentication

► Segment your networks; make it hard for bad guys to move around

and infect multiple systems

► Develop containment strategies; if bad guys get in, make it hard for

them to get stuff out

► Know your system’s baseline for recovery ► Review disaster recovery procedures and validate goals

Cybersecurity road map

► Tier 1 – Have you communicated the importance of cybersecurity to

your business?

► Has your business begun to follow basic cybersecurity best practices? ► Tier 2 – Are you implementing a leadership-driven, company-wide

cybersecurity program?

► Have you integrated cybersecurity with risk management processes ► Tier 3 – Are you evaluating your cybersecurity posture and capabilities? ► Are you participating in an information sharing forum to gain insights

and strategies?

► Tier 4 – Have you trained your staff to prevent, detect and respond to

cyber incidents?

► Are you utilizing cyber defense technologies to support your

• peration?

Questions?

LELAND CHRISTENSEN WYOMING OFFICE OF HOMELAND SECURITY 307-777-4900