florida sbdc at ucf s
play

Florida SBDC at UCF's Cybersecurity for Small Businesses: Protecting - PowerPoint PPT Presentation

May 21, 2023 •23 likes •573 views

Helping Businesses Grow & Succeed Florida SBDC at UCF's Cybersecurity for Small Businesses: Protecting Your Digital Assets in 2018 BYTE-SIZE: The Small Business Cybersecurity Program of the FSBDC Network This presentation is a companion to

  1. Helping Businesses Grow & Succeed Florida SBDC at UCF's Cybersecurity for Small Businesses: Protecting Your Digital Assets in 2018 BYTE-SIZE: The Small Business Cybersecurity Program of the FSBDC Network

  2. This presentation is a companion to the publication entitled The Florida SBDC Network Byte-Size Program: Cybersecurity Basics for Small Business . For more information, visit floridasbdc.org/cybersecurity NOTE: These materials are intended to provide information to assist small businesses consider key cybersecurity concepts, to share ideas for reducing cyber risk, and to identify helpful resources from multiple public and private organizations. However, no single technology or program can eliminate all cyber risk nor can they guarantee protection from constantly evolving digital attacks. It is always best to consult IT security and legal professionals to understand your responsibilities and to manage the specific cyber risks associated with your business.

  3. Lee V. Mangold Co-Founder & CEO GoldSky Security Co-Founder & Vice President Florida Cyber Alliance President Information Systems Security Association (CFL Chapter) Board Director @LeeMangold Security BSides Orlando Lee.Mangold@GoldSkySecurity.com (CISSP, CEH, GLSC, ITIL...) Adjunct Professor University of Central Florida Helping Businesses Grow & Succeed

  4. Section 1 CYBERSECURITY BASICS

  5. Trends (2009-2016) Helping Businesses Grow & Succeed

  6. Who are the attackers? • Organized Crime Organizations – Large syndicates of attackers – Hierarchical organizations; Mafia • State-Sponsored Attackers – Government organizations – Russia, China, Iran, North Korea, etc... • Script Kiddies – Use downloaded tools and scripts – Motivated by fame • Other Professionals – Usually experimenting, learning, or shaming • Hacktivists – All-the-above – Motivated by a social cause Helping Businesses Grow & Succeed

  7. Top Threats & Targets • Top Threats • Top Targets • Malware • Medical Industry – Compromising PHI – Specifically Ransomware – Compromising PHI • Social Engineering – Potentially more... • Legal Industry – Phishing emails – Compromising PII – Extortion attempts – Compromising PHI • • 3 rd Party Data Theft Financial & Administrative Services – Compromising PII – Stolen Credentials – Fraud and monetary theft • – 3 rd Party breaches Retail – Monetary theft (PCI) Helping Businesses Grow & Succeed

  8. Helping Businesses Grow & Succeed

  9. Helping Businesses Grow & Succeed

  10. Three Foundational Cybersecurity Principles What Know what your critical data/assets are Where Know where your critical data/assets are How Know how they are protected Helping Businesses Grow & Succeed

  11. CLOUD!! IaaS PaaS SaaS Helping Businesses Grow & Succeed

  13. Types of Attacks Helping Businesses Grow & Succeed

  14. MALWARE • Malicious software – Steal credentials or other information – Steal money – Ransomware – Botnets – Sabotage – Denial of service Helping Businesses Grow & Succeed

  15. PHISHING • Email designed to lure you in to doing something ill-advised – Execute an attachment – Click on a link – Unwittingly give away sensitive information • Some are really good at exploiting human gullibility Helping Businesses Grow & Succeed

  16. Helping Businesses Grow & Succeed

  17. INTERNET OF THINGS (IoT) • Increasingly, tech devices are being targeted – Eavesdropping – Steal data – Botnet agents – DDoS attacks Helping Businesses Grow & Succeed

  18. APPLICATION ATTACKS • Maliciously manipulate application software – Steal data from database server – Run attack scripts on other users’ PCs – Steal user credentials Helping Businesses Grow & Succeed

  19. Remediation Activities Helping Businesses Grow & Succeed

  20. Employee Education • Technology is great, but your most important assets are your employees – First line of defense – Train them on the tools you use – Encourage them to report strange computer activity Helping Businesses Grow & Succeed

  21. Passwords & MFA • Use Strong Passwords or Passphrases • NEVER share your passwords • Don’t re -use passwords • Enable Multi-Factor Authentication where possible! Helping Businesses Grow & Succeed

  22. PROTECTIONS • Policies and policy management • Software updates • Configurations • Security products • Application software controls Helping Businesses Grow & Succeed

  23. DETECTION MEASURES • Event monitoring • Intrusion detection and prevention systems • Threat monitoring • User reports Helping Businesses Grow & Succeed

  24. RESPONSES • Incident response – Advocates for the business – Reduce the losses – Get back in businesses as quickly as possible – Support investigations – Decision support during incident – Crisis communications Helping Businesses Grow & Succeed

  25. INSURANCE • Is cybersecurity insurance right for you? – It depends – Policies exist – Read the fine print and comply with their requirements – Answer their questions candidly – Understand what is and is not covered Helping Businesses Grow & Succeed

  26. INSURANCE 101 Key questions: • EDP policies • Stand alone • DIC plans are • Bundled cyber are not cyber cyber policies for larger • Bundled vs. Stand policies often Electronic Data Processing (EDP ) Stop-Loss (DIC) coverage. offer the most organizations offer limited Stand-Alone protection. with greater Bundled coverage, not risk profiles. alone? broad protection • Normally • They usually • They provide: • cover: • cover: • Have gaps • What are the • and more • Catastrophic • Third party exclusions. • Data backstop liability. • Usually are an policy exclusions? processing • Covers gaps • Breach equipment. endorse- ment • Meant for to other liability • Hardware Response. • How much policies. • Notification. large Losses replacement. • Can result in when • Property • Restoration. underlying greater coverage. • Business coverage should I coverage is exposure interruption. exhausted. • Reputation purchase? risk. • Who is the breach response firm? Danger Zone Safe(r) Zone Helping Businesses Grow & Succeed

  27. Section 2 CASE STUDIES IN CYBERSECURITY

  28. Breach Case Studies • Insurance Company – COO’s Email Account Credentials Phished – Account Data stolen from Email & Storage – Data exfiltrated to unknown destinations in Russia – Had to notify 3600+ individuals, pay for credit monitoring, etc... • Healthcare Practice – Hard Drive Stolen during A/C Maintenance – Owners extorted, police involved – Had to notify 37,000+ individuals • CPA & Patent Firm – User sent a fake Docusign link, logged in, downloaded malware – Forwarded the email to colleagues – Data exfiltrated to unknown destinations in Russia Helping Businesses Grow & Succeed

  29. Breach Case Studies • TerraCom and YourTel America (2014) – Failed to protect PII of customers – 300,000 identities at risk – Settled with FCC for $3.5M • Verizon (2017) – Failed to protect PII of customers – 3 rd party IT contractor left data unprotected in AWS • Undisclosed Carrier – Hackers gained unauthorized access to SIP trunks – Hundreds of thousands in fraudulent charges billed to customers – Company had no idea how to track or prevent the attacks Helping Businesses Grow & Succeed

  30. Case Study: Mossack Fonseca Helping Businesses Grow & Succeed

  31. Case Study: Mossack Fonseca WordPress Website Drupal Web Portal Exploited Exploited Plugin: Revolution Slider https://Portal.Mossfon.com Email Passwords Get Data! Plugin: WP-SMTP plugin Email Passwords Plugin: ALO EasyMail Outdated; Several Critical Vulnerabilities Get Mail! Log In Email Server Helping Businesses Grow & Succeed

  32. Misconfiguration Configuration Management – Are all your systems provisioned to a baseline standard? – Are all your systems audited REGULARLY? – Could you audit your systems if you had to? – Who has access to what data and how is it protected? Helping Businesses Grow & Succeed

  33. 3 rd Party Problems • How do you know your 3 rd parties are secure? • What data do you share with them? Do you know? • How often have you (or can you) audit 3 rd parties? • Have THEY been breached already? Helping Businesses Grow & Succeed

  34. Mismanagement • Have you formed a security team or a formal security effort? • Do you have procedures in place to help prevent breaches? • What do you do when you HAVE a breach? Would you know? • Are you practicing risk management in IT and Security? Helping Businesses Grow & Succeed

  35. Seek out best practices! 1 2 3 4 Begin practicing Work across IT (and Establish baseline Have a plan and security risk all domains) to security standards seek help where management identify the “what, you need it! where, how” Helping Businesses Grow & Succeed

  36. Section 3 CYBERSECURITY COMPLIANCE (AND RISK MANAGEMENT)

  37. Cybersecurity Management IS Risk Management Helping Businesses Grow & Succeed

  38. NIST Cyber Security Framework NOT A STEP-BY-STEP PROCESS Helping Businesses Grow & Succeed

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Florida SBDC Overview: Interested Bidders Meeting August 15, 2017 State Designated as

Florida SBDC Overview: Interested Bidders Meeting August 15, 2017 State Designated as

Florida SBDC Overview: Interested Bidders Meeting August 15, 2017 State Designated as Floridas Principal Provider of Business Assistance [ 288.001, Fla. Stat.] Helping Businesses Grow & Succeed Big SMALL Business State Business

694 views • 66 slides
CAMP SBDC PRESENTATION DECIDING IF BUSINESS OWNERSHIP IS RIGHT FOR YOU. BASIC STEPS TO STARTING

CAMP SBDC PRESENTATION DECIDING IF BUSINESS OWNERSHIP IS RIGHT FOR YOU. BASIC STEPS TO STARTING

AQUACULTURE BOOT CAMP SBDC PRESENTATION DECIDING IF BUSINESS OWNERSHIP IS RIGHT FOR YOU. BASIC STEPS TO STARTING A BUSINESS. The SBDC at UW-Stevens Point What is the SBDC and How Can we Help Your Business Our SBDC advisors assist current

346 views • 9 slides
Small Business Development Center (SBDC) Courtney Curatolo, Ph.D. What is the SBDC?

Small Business Development Center (SBDC) Courtney Curatolo, Ph.D. What is the SBDC?

Small Business Development Center (SBDC) Courtney Curatolo, Ph.D. What is the SBDC? Administered by the US Small Business Administration, the Small Business Development Center (SBDC) at Jamestown Community College works with regional businesses

123 views • 10 slides
COVID-19 State Designated as Florida's Principal Provider of Business Assistance [ 288.001, Fla.

COVID-19 State Designated as Florida's Principal Provider of Business Assistance [ 288.001, Fla.

Helping Businesses Grow & Succeed Disaster Loans and Programs for Small Businesses COVID-19 State Designated as Florida's Principal Provider of Business Assistance [ 288.001, Fla. Stat.] The Florida SBDC works in conjunction with state and

437 views • 18 slides
COVID-19 State Designated as Florida's Principal Provider of Business Assistance [ 288.001, Fla.

COVID-19 State Designated as Florida's Principal Provider of Business Assistance [ 288.001, Fla.

Helping Businesses Grow & Succeed Disaster Loans for Small Businesses COVID-19 State Designated as Florida's Principal Provider of Business Assistance [ 288.001, Fla. Stat.] The Florida SBDC works in conjunction with state and federal

421 views • 27 slides
Small Business Development Center Dr. Marvin Lozano, Business Advisor SBDC at CNM sbdc@cnm.edu

Small Business Development Center Dr. Marvin Lozano, Business Advisor SBDC at CNM sbdc@cnm.edu

Small Business Development Center Dr. Marvin Lozano, Business Advisor SBDC at CNM sbdc@cnm.edu 505-224-5250 www.nmsbdc.org Small Business Development Center NMSBDC founded in 1989, in our 30 th year National organization with 1000+

247 views • 5 slides
Supervisor CV SBDC V. Manuel Perez Joaquin Tijerina How Do you Contact Me? SITE

Supervisor CV SBDC V. Manuel Perez Joaquin Tijerina How Do you Contact Me? SITE

Supervisor CV SBDC V. Manuel Perez Joaquin Tijerina How Do you Contact Me? SITE www.ociesmallbusiness.org PHONE NUMBER 1-800-616-7232 What is the SBDC? Who am I? Where was I Two Weeks Ago? Where Am I Today? Things You Can Do Now

560 views • 38 slides
S About the SBDC Portland Community College The Small Business Development Center (SBDC) at

S About the SBDC Portland Community College The Small Business Development Center (SBDC) at

Small Business Development Center Portland Community College Tammy Marquez-Oldham Director, SBDC S About the SBDC Portland Community College The Small Business Development Center (SBDC) at Portland Community College is the largest in the

302 views • 12 slides
Washington mall Business Development Center S Statewide Presence SBDC Program History Small

Washington mall Business Development Center S Statewide Presence SBDC Program History Small

Washington mall Business Development Center S Statewide Presence SBDC Program History Small Business Act 1980 63 programs in U.S., Puerto Rico, Virgin Islands, Pacific Islands Washington SBDC hosted by WSU since inception in 1980.

673 views • 20 slides
Florida Counts Flcounts.com The Florida Counts Census 2020 is a partnership between

Florida Counts Flcounts.com The Florida Counts Census 2020 is a partnership between

Florida Counts Flcounts.com The Florida Counts Census 2020 is a partnership between Florida Civic Engagement Table Community Foundation for Palm Beach and Martin Counties Florida Nonprofit Alliance Florida Philanthropic

399 views • 39 slides
TEXAS STATE UNI E UNIVER ERSITY TY - SBDC Rex Steele, MS; MBA; CGBP Certified Senior

TEXAS STATE UNI E UNIVER ERSITY TY - SBDC Rex Steele, MS; MBA; CGBP Certified Senior

TEXAS STATE UNI E UNIVER ERSITY TY - SBDC Rex Steele, MS; MBA; CGBP Certified Senior Business Advisor rex.steele@txstate.edu 512.245.6437 Located at 3055 Hunter Rd. in the Texas State University Star Park Facility

504 views • 25 slides
UTSA SBDC COVID Business Recovery Accelerator COVID Business Town Hall Preparing For the

UTSA SBDC COVID Business Recovery Accelerator COVID Business Town Hall Preparing For the

UTSA SBDC COVID Business Recovery Accelerator COVID Business Town Hall Preparing For the Paycheck Protection Program Loan Forgiveness https://txsbdc.org/businessrecovery/ businessrecovery@utsa.edu (210) 458-2272 Disclaimer This training is

550 views • 28 slides
The Economic Impact of Florida Nonprofits by Florida Nonprofit Alliance Thursday, August 10 2

The Economic Impact of Florida Nonprofits by Florida Nonprofit Alliance Thursday, August 10 2

WEBI EBINAR The Economic Impact of Florida Nonprofits by Florida Nonprofit Alliance Thursday, August 10 2 p.m. ET Presented by Welcome OUR VISION Florida Philanthropic Network builds philanthropy to build a better Florida. OUR MISSION The

527 views • 50 slides
Florida Man: The World's Worst Superhero Florida Man: The World's Worst Superhero Miami Herald

Florida Man: The World's Worst Superhero Florida Man: The World's Worst Superhero Miami Herald

Florida Man: The World's Worst Superhero Florida Man: The World's Worst Superhero Miami Herald Who What is Florida Man? Florida Man Intentionally Drove Ferrari 360 Into Ocean At Top Speed Florida Man Finds a WWII Grenade, Places It in His

744 views • 60 slides
Central & North Florida HIMSS February 1, 2018 2/7/18 Florida HIE Services The Florida

Central & North Florida HIMSS February 1, 2018 2/7/18 Florida HIE Services The Florida

Central & North Florida HIMSS February 1, 2018 2/7/18 Florida HIE Services The Florida HIE currently offers three services Direct Messaging Service Secure, HIPAA-compliant email service DirectTrust accredited State

255 views • 14 slides
University of Florida Florida International University Ruth Steiner, Ph.D. Albert Gan, Ph.D.

University of Florida Florida International University Ruth Steiner, Ph.D. Albert Gan, Ph.D.

ROUNDABOUTS AND ACCESS MANAGEMENT Southeast Region UTC Annual Conference, Orlando, Florida April 4, 2013 University of Florida Florida International University Ruth Steiner, Ph.D. Albert Gan, Ph.D. Scott Washburn, Ph.D. Priyanka Alluri,

724 views • 27 slides
Incentives in Cardano A Symphony Of Blockchains - London Kick off Dr. Lars Brnjes, Director of

Incentives in Cardano A Symphony Of Blockchains - London Kick off Dr. Lars Brnjes, Director of

Incentives in Cardano A Symphony Of Blockchains - London Kick off Dr. Lars Brnjes, Director of Education at IOHK 2018-05-15 Leading the Incentives workstream. About myself PhD in Pure Mathematics from Regensburg University

917 views • 60 slides
ASPRS LiDAR Data Exchange Format Standard ASPRS LiDAR Data Exchange Format Standard LAS IIT

ASPRS LiDAR Data Exchange Format Standard ASPRS LiDAR Data Exchange Format Standard LAS IIT

ASPRS LiDAR Data Exchan ASPRS LiDAR Data Exchange Format Standard LAS ge Format Standard LAS ASPRS LiDAR Data Exchange Format Standard ASPRS LiDAR Data Exchange Format Standard LAS IIT Kanpur IIT Kanpur 1 ASPRS LiDAR Data Exchan ASPRS

474 views • 22 slides
Data Meetup @ Byte Academy By Chaney Ojinnaka and Ivan Kotorov ww w . v endormach.com ww w .

Data Meetup @ Byte Academy By Chaney Ojinnaka and Ivan Kotorov ww w . v endormach.com ww w .

Data Meetup @ Byte Academy By Chaney Ojinnaka and Ivan Kotorov ww w . v endormach.com ww w . v endormach.com V endorMach @ V endorMach VENDOR M A CH Introductions ww w . v endormach.com V endorMach @ V endorMach VENDOR M

909 views • 11 slides
First Parts of H.264 Decoder Chun-Chieh Lin Contents H.264 Overview NAL Unit Unwrapping

First Parts of H.264 Decoder Chun-Chieh Lin Contents H.264 Overview NAL Unit Unwrapping

First Parts of H.264 Decoder Chun-Chieh Lin Contents H.264 Overview NAL Unit Unwrapping Details Entropy Decoding Details Hardware Design Design Explorations Benchmark Results H.264 Overview Works on blocks of 4x4 to

197 views • 17 slides
empower. NDIS made simple and easy for everyone. simple. effective. NDIS Management About Us.

empower. NDIS made simple and easy for everyone. simple. effective. NDIS Management About Us.

empower. NDIS made simple and easy for everyone. simple. effective. NDIS Management About Us. People and their advocates need more assistance with implementing plans. A role more akin to a case manager, who does much of the thinking and

379 views • 14 slides
Welcome to Enobyte Munich! Data Protection Enobyte Introduction Company overview 2 Enobyte

Welcome to Enobyte Munich! Data Protection Enobyte Introduction Company overview 2 Enobyte

Welcome to Enobyte Munich! Data Protection Enobyte Introduction Company overview 2 Enobyte overview GDPR Over Data Protection compliance staff training 20 years support tools tools experience in IT infrastructure & security

553 views • 31 slides
An Efficient GPU-based An Efficient GPU-based LDPC Decoder for Long LDPC Decoder for Long

An Efficient GPU-based An Efficient GPU-based LDPC Decoder for Long LDPC Decoder for Long

An Efficient GPU-based An Efficient GPU-based LDPC Decoder for Long LDPC Decoder for Long Codewords Codewords Stefan Grnroos Kristian Nybom Jerker Bjrkqvist 18.10.11 bo Akademi University - Turku, Finland 1 Background Background

301 views • 11 slides
(c) 2016 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015

(c) 2016 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015

(c) 2016 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2015 Fabbian USA Corp. (c) 2016 Fabbian USA Corp. (c) 2017 Fabbian USA Corp. (c) 2017 Fabbian USA

480 views • 24 slides

More recommend