Cybersecurity Update Its More Than Technology People: Your First - - PowerPoint PPT Presentation

cybersecurity update
SMART_READER_LITE
LIVE PREVIEW

Cybersecurity Update Its More Than Technology People: Your First - - PowerPoint PPT Presentation

Sep 28, 2023 174 likes •488 views

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident Response Overview Types of data in your environment and why it is important. Trending threats. Minimizing risks through layers of defense:

slide-1
SLIDE 1

Cybersecurity Update

It’s More Than Technology People: Your First Line of Defense Incident Response

slide-2
SLIDE 2

Overview

  • Types of data in your environment and why it is important.
  • Trending threats.
  • Minimizing risks through layers of defense: People, Polices

and Technology.

slide-3
SLIDE 3

Data You Control

Family Information (Spouse, Children) General Ledger Details Income Tax Returns Insurance Policy Numbers Loan Information (Acct # & Balance) Name, Address, Phone, Date of Birth Organizational Documents Passport Information Social Security Number (SSN) Tax Identification Number

Personally Identifiable Information (PII) Data that could potentially identify a specific individual. Info that could distinguish one person from another.

Account Numbers (Bank & Credit Card) Accounts Payable/Receivable Information Bank Routing Numbers Client Login & Password Information Client Payroll Information Copies of Bank Statements

slide-4
SLIDE 4

Data Breaches

4

World’s Biggest Data Breaches & Hacks

slide-5
SLIDE 5

5

US Breach Summary

  • 1 Jan 2005 – 31 Dec 20181

– Total breaches = 9,084 – Records exposed = 1,099,019,895

1 http://www.idtheftcenter.org/Data-Breaches/data-breaches
slide-6
SLIDE 6

Financial and Insurance

All Sectors

slide-7
SLIDE 7

Avenues of Attack

  • Basic cyber hygiene (it’s like common sense)

– Unpatched known vulnerabilities cause 44 percent of breaches…2 to 4 years old

  • Configurations, Ports & Protocols

– Public facing when it should be behind a firewall – Unused ports should be closed – Remote access should be limited; secure (VPN)

  • User credentials

– Passwords: need complex and changed often – Use multi-factor authentication

  • User behavior

– Education & Awareness

  • StopThinkConnect.org
  • LockDownYourLogin.com

– Prepare for phishing, pretexting & scams – App “Terms of Service”

slide-8
SLIDE 8

Motives for Attacks

2017 Verizon DBIR

slide-9
SLIDE 9

9

The Market for Stolen Account Credentials

First Seven Months of 2017

  • Botmaster sold

approximately 35,000 credential pairs via the ‘Carder’s Paradise’ market

  • Earned $288,609.25
  • Average of $8.19 for each

credential sold through the service.

https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/

slide-10
SLIDE 10

Dark Web Accounts Price List

Criminals can specify the financial institution when purchasing usernames and passwords. If what they want is not available, they can place an “order” for a credential set.

Account Price Verizon Wireless.com $12 Airbnb.com $15 Ebay.com $10 Fido.ca $20 Chase.com $25 Citibank $25 Navyfederal.org $60 Target.com $10 Wellsfargo.com $25 Rbroyalbank.com $65 BB&T.com $25 TDBank.com $25 Ally.com $25 Buy Accounts Orders

slide-11
SLIDE 11

What is working for criminals?

Verizon DBIR 2018

slide-12
SLIDE 12

5 Common Attack Methods

PHISHING PRETEXTING FACILITY ACCESS ENTICEMENT DUMPSTER DIVING

People: Your First Line of Defense

slide-13
SLIDE 13

People Policies Technology

slide-14
SLIDE 14

Employees are your first line of defense.

slide-15
SLIDE 15

Multi-Factor Authentication

slide-16
SLIDE 16

Remain Vigilant

First Line of Defense – People! Users Make or Break Information Security. Recognize and question changes in systems.

slide-17
SLIDE 17
slide-18
SLIDE 18

Incident Response

Incident response is a process, not an isolated event. In order for incident response to be successful, teams should take a coordinated and organized approach to any incident.

slide-19
SLIDE 19

Digital Forensics

Recovering and investigating material found in digital devices Understanding what happened Determining the extent of the breach

slide-20
SLIDE 20

Response Team Representation

 Executive Management  IT Department  IT Vendors  Information Security  Legal  Human Resources

slide-21
SLIDE 21

Incident Response Plan

Should be separate from DR/BC or other plans Define roles and responsibilities Establish common process Categorize incident severity Requires training for team members

slide-22
SLIDE 22

Incident Response

Must be led by an experienced incident manager Communications are essential Pre-determined actions, locations, budgets, etc. are crucial Do Not Jump To Conclusions!

slide-23
SLIDE 23

Incident Response Steps

Detection Response Reporting Recovery Remediation

slide-24
SLIDE 24

DETECTION

Recognize the threat Determine root cause Identify possible solutions Communicate with stakeholders

slide-25
SLIDE 25

Detection Tool - Managed SIEM

(Security Information and Event Management) A Smarter Way to Security Places responsibilities of log management into the expert hands of security analysts and consultants. Eliminates costly capital investment of traditional SIEM operations.

24x7 Alerting Reporting Real-time Analysis

One test per year

slide-26
SLIDE 26

Financial Institution Recommendations

Source: Verizon 2018 Data Breach Investigation Report

slide-27
SLIDE 27

Responding to a Data Breach

Action Items

– Contact Cybersecurity firm to Begin Your Investigation

  • Experienced consultants will help guide your steps both during and after the incident.

– Contact an Attorney

  • As part of our response services, Pratum can guide you to an attorney experienced in data

breaches.

– Contact Your Insurance Agent

  • Keep your insurance agent informed when dealing with a breach.
slide-28
SLIDE 28

Summary

Having a plan to address an incident before it happens is invaluable Assigning an incident manager will help reduce confusion and decrease time and money spent during incident response. Overreaction and assumptions will be costly

slide-29
SLIDE 29

Q&A

Todd.Robran@Pratum.com www.Pratum.com

slide-30
SLIDE 30

References

  • World’s Biggest Data Breaches & Hacks

– http://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

  • Use A Passphrase

– http://www.useapassphrase.com/

  • The Market for Stolen Credentials

– https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/

  • ‘;-- have I been pwned?

– https://haveibeenpwned.com/

  • FFIEC Cybersecurity Assessment Tool User’s Guide

– https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_May_2017.pdf

  • FFIEC Cybersecurity Assessment Tool Frequently Asked Questions

– https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT%20FAQs.pdf

  • FFIEC CAT Overview for CEOs and Boards of Directors

– https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_CEO_Board_Overview_June_2015_PDF1.pdf

  • FSSCC Automated Cybersecurity Assessment Tool V2

– https://www.fsscc.org/files/galleries/FSSCC_ACAT_v2_1.xlsx (updated post to web 12 Jun 2018)

  • FFIEC Cyber Attacks Involving Extortion Joint Statement

– https://www.ffiec.gov/press/PDF/FFIEC%20Joint%20Statement%20Cyber%20Attacks%20Involving%20Extortion.pdf

  • Verizon Data Breach Investigations Report

– https://www.verizonenterprise.com/verizon-insights-lab/dbir/ – 2018 Report: https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_en_xg.pdf

  • Version Data Breach Digest

– http://www.verizonenterprise.com/verizon-insights-lab/data-breach-digest/2017/