introduction
play

INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current - PowerPoint PPT Presentation

Aug 04, 2023 •38 likes •368 views

Section 1 Dr. Bruce Burton California Cybersecurity INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and implications Learn from past attacks Understand the NIST Cybersecurity Framework (CSF) &

  1. Section 1 Dr. Bruce Burton California Cybersecurity INTRODUCTION Institute 12/10/2018 1

  2. OBJECTIVES • Current cybersecurity statistics and implications • Learn from past attacks • Understand the NIST Cybersecurity Framework (CSF) & potential quick hits 12/10/2018 2

  3. Section 2 YOUR ENTERPRISE IS UNDER ATTACK 12/10/2018 3

  4. LOSSES DUE TO INTERNET-RELATED CRIME CONTINUE TO GROW! * *FBI's Internet Crime Report 12/10/2018 4

  5. 2017 REPORT – SMALL BUSINESS TRENDS 12/10/2018 5

  6. 2017 Report – CA Breach Law California law requires a business or state agency to notify any California resident whose unencrypted personal information, as defined, was acquired, or reasonably believed to have been acquired, by an unauthorized person Any person or business that is required to issue a security breach notification to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General . 12/10/2018 6

  7. 2017 REPORT – SMALL BUSINESS TRENDS 12/10/2018 7

  8. 2017 REPORT – SMALL BUSINESS TRENDS 12/10/2018 8

  9. Section 3 PAST ATTACKS AND WHAT WE CAN LEARN FROM THEM 12/10/2018 9

  10. TARGET DATA BREACH 12/10/2018 10

  11. BACKGROUND – WHAT HAPPENED? • Hackers gained access to Target's networks • Compromised servers to allow exfiltration of customer data • Collected personal financial data from POS terminals on millions of customers 12/10/2018 11

  12. HOW DID IT HAPPEN? 12-15-13 Unkown Date 12-02-13 Target acknowledges a Target's HVAC vendor's Customer credit card data breach; computer systems information was 40,000,000 credit card were infected through transmitted out from records stolen a phishing attack Target's computer system ALL WARNINGS IGNORED BY TARGET 11-30-13 12-12-13 01-10-14 Target acknowledges Malicious software was Authorities notified 70,000,000 additional detected on Target Target of the data customer records were servers and Target's breach stolen security team was notified 12/10/2018 12

  13. IMPACT • Millions of impacted customers • Tarnished reputation • Drop in sales transactions resulted in a RIF • Data breach expenses > $100M • CEO Resigned 12/10/2018 13

  14. Personal Information is an Attractive Target 12/10/2018 14

  15. LESSONS TO BE LEARNED FROM THIS ATTACK • Personal financial info is an attractive target • Users play an important role in system security • Limiting employee/third party access to sensitive network assets is key • Importance of team training and oversight • Don't ignore the warning signs of a breach • Be extremely careful if you store sensitive personal data 12/10/2018 15

  16. COTTAGE HEALTH DATA BREACH 12/10/2018 16

  17. BACKGROUND – WHAT HAPPENED? • Cottage Health Systems, a medium sized health delivery organization in the Santa Barbara area learned of a data breach • In the course of investigating the first breach, a second breach was discovered • Both events exposed patients' medical information • Fortunately, Cottage Health had a cybersecurity insurance policy and it covered much of the expense of the data breach 12/10/2018 17

  18. HOW DID IT HAPPEN? • 3rd party supplier removed electronic security protections from one of Cottage Health's servers • Poor oversight over IT service suppliers • Violation of other basic security principles 12/10/2018 18

  19. IMPACT • Huge amount of bad publicity • Listed on the HHS "wall of shame" website • Numerous lawsuits on behalf of impacted patients • $2M fine from the state of CA • Requirement to significantly upgrade their security practices 12/10/2018 19

  20. IMPACT - CONTINUED • Insurer sues Cottage Health for $4.125 million plus attorneys' fees • Alleges that hospital failed to take reasonable steps to protect data • The devil is in the details 12/10/2018 20

  21. LESSONS TO BE LEARNED FROM THIS ATTACK • Ignorance is not bliss... know your state laws • Deliberate vs. accidental – self-inflicted wound • Ensure that your customer's data is protected in accordance with industry standard security practices • Importance of training and organizational response • Review and negotiate cybersecurity policy terms – the devil is in the details • Beware of broadly worded cybersecurity/data protection exclusions • Guard against a misrepresentation defense 12/10/2018 21

  22. PUPPY PALACE – CYBER ATTACK EXAMPLE 12/10/2018 22

  23. 12/10/2018 23

  24. THE HOW AND WHAT What Happened? • Appears that the business was attacked and customer/employee info was stolen How? • Through a phishing attack What Impact? • May trigger disclosure requirement • Future bad publicity • Potential negative business impacts 12/10/2018 24

  25. LESSONS TO BE LEARNED • Importance of training – employees are your first line of defense • Importance of good cyber hygiene • Value of encrypting sensitive information • Limitations of law enforcement help • Importance of cybersecurity insurance 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack* * U.S. National Cyber Security Alliance 12/10/2018 25

  26. Section 4 COST-EFFECTIVE STEPS FOR CYBER RESILIENCY 12/10/2018 26

  27. ORGANIZE YOUR CYBERSECURITY DEFENSE IN LINE WITH THE NIST CS F The NIST Cybersecurity Framework (NIST CSF) provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks 12/10/2018 27

  28. NIST Cyber Security Framework (CSF) Identify Protect Detect Respond Recover • Asset • Access Control • Anomalies & • Response • Recovery management events planning Planning • Awareness and • Business training • Security • Communications • Improvements environment continuous • Data Security • Analysis • Communications monitoring • Governance • Information • Mitigation • Detection • Risk assessment protection and • Improvements process procedures • Risk management • Maintenance strategy • Protective technology 12/10/2018 28

  29. A Word of Caution about Email/Password Accounts • The practice of reusing passwords is common but risky! • The website https://haveibeenpwned.com/ provides insight into both data breaches and password capture 12/10/2018 29

  30. APPLYING THE NIST CSF https://www.nist.gov/cyberframework/small-and-medium-business-resources 12/10/2018 30

  31. IN CLOSING... Common sense and the right actions can significantly reduce your risk of attack! 12/10/2018 31

  32. Coming Soon… 12/10/2018 32

  33. QUESTIONS?? 12/10/2018 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION

INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION

TRAINING COURSE ON SOCIAL PROTECTION & FORMALIZATION TRINIDAD AND TOBAGO MARCH 15, 2017 INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION INTRODUCTION Design of the NIS Assistance from the

547 views • 23 slides
INTRODUCTION Introduction 2/42 INTRODUCTION Alternations I am giving bread to the

INTRODUCTION Introduction 2/42 INTRODUCTION Alternations I am giving bread to the

Patterns of variation in the expression of case and agreement Andrs Brny Leiden University Centre for Linguistics 9 November 2019, BaSIS Workshop a.barany@hum.leidenuniv.nl INTRODUCTION Introduction 2/42 INTRODUCTION

1.37k views • 42 slides
Introduction Introduction Introduction Introduction Outline Motivation Failures

Introduction Introduction Introduction Introduction Outline Motivation Failures

Introduction Introduction Introduction Introduction Outline Motivation Failures Definition and concepts Process and product properties Principles SE Approaches Motivation Software and the economy The economies of

1.03k views • 49 slides
Introduction Introduction Introduction Nationwide Cause for Concern 1

Introduction Introduction Introduction Nationwide Cause for Concern 1

Introduction Introduction Introduction Nationwide Cause for Concern 1 https://www.cdc.gov/std/stats17/infographic.htm Introduction Epidemiology in Western Colorado CPHE Surveillance Data Report, May 2018 Chlamydia Epidemiology in Western

977 views • 39 slides
DAQ introduction Purpose of this talk : (1) Introduction for those who have not been in every

DAQ introduction Purpose of this talk : (1) Introduction for those who have not been in every

DAQ introduction Purpose of this talk : (1) Introduction for those who have not been in every meeting (2) Some ideas of diagrams for section 7.1 (Introduction) of TP. Giles Barr 25 Jan 2018, Pembroke College On DUNE, the reality is there is a

474 views • 10 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Overview Introduction to SMIL Introduction to W3C and XML Introduction to SMIL

Overview Introduction to SMIL Introduction to W3C and XML Introduction to SMIL

Overview Introduction to SMIL Introduction to W3C and XML Introduction to SMIL Writing a SMIL file Adding Media Objects Martin Halvey Clipping media files January 2008 Timing and Synchronising Layout World Wide

387 views • 14 slides
14 Introduction Introduction Bad guys can put malware into Example: hosts

14 Introduction Introduction Bad guys can put malware into Example: hosts

Introduction Introduction source Encapsulation ISO/OSI reference model message M application segment H t H t M transport network datagram H n H n H t M presentation: allow applications to frame link H l H n H t M interpret

583 views • 4 slides
Previous Lecture Introduction to SMIL 2 Introduction to W3C and XML Introduction to SMIL

Previous Lecture Introduction to SMIL 2 Introduction to W3C and XML Introduction to SMIL

Previous Lecture Introduction to SMIL 2 Introduction to W3C and XML Introduction to SMIL Writing a SMIL file Adding Media Objects Martin Halvey Clipping media files January 2008 Timing and Synchronising Layout

322 views • 8 slides
Lecture 1 Andreas Habegger Introduction Zynq Introduction Zynq Introduction Zynq PS vs. PL

Lecture 1 Andreas Habegger Introduction Zynq Introduction Zynq Introduction Zynq PS vs. PL

Introduction Zynq Lecture 1 Andreas Habegger Introduction Zynq Introduction Zynq Introduction Zynq PS vs. PL Processing System Processor Peripherals Data Buses AXI Bus Conclusion BTE5380 - Embedded Systems Octobre 2014 Andreas Habegger

1.81k views • 30 slides
2018.06 01 SMILE5 Introduction S E 5 02 Alpha Cloud M I L 03 Company Introduction 04

2018.06 01 SMILE5 Introduction S E 5 02 Alpha Cloud M I L 03 Company Introduction 04

2018.06 01 SMILE5 Introduction S E 5 02 Alpha Cloud M I L 03 Company Introduction 04 Project References S E 5 PART.1 SMILE5 Introduction M I L Introduction STORION-SMILE5 Residential Energy Storage System Inverter 5kW Output Input

1.06k views • 25 slides
Introduction to CICS Course introduction Course introduction What is CICS? What is an

Introduction to CICS Course introduction Course introduction What is CICS? What is an

Introduction to CICS Course introduction Course introduction What is CICS? What is an application server? Why use an application server? Course introduction Services provided by CICS How CICS applications are defined Scaling CICS to meet

1.84k views • 146 slides
Network Visualization Introduction Presented by Shahed Introduction Introduction Basic

Network Visualization Introduction Presented by Shahed Introduction Introduction Basic

Network Visualization Introduction Presented by Shahed Introduction Introduction Basic building blocks Node Links (relationship between nodes) Spatial information Network data

584 views • 9 slides
Introduction Introduction (1) Main argument of the paper: universities are not only

Introduction Introduction (1) Main argument of the paper: universities are not only

Le jugement des pairs comme outil de management des universits Peer-review as a management tool Christine Musselin (CSO, Sciences Po et CNRS) Avril 2013, Lirrsistible ascension du capitalisme acadmique Introduction Introduction (1)

590 views • 28 slides
Introduction Introduction to storage and to storage and filesystems filesystems Introduction

Introduction Introduction to storage and to storage and filesystems filesystems Introduction

Moreno Baricevic Gilberto Daz Axel Kohlmeyer Stefano Cozzini ULA ICTP CNR-IOM DEMOCRITOS Merida, VENEZUELA Trieste, ITALY Trieste, ITALY Introduction Introduction to storage and to storage and filesystems filesystems Introduction

1.19k views • 51 slides
JABLOTRON JA-100 introduction November 2011 Introduction Todays goals First introduction of

JABLOTRON JA-100 introduction November 2011 Introduction Todays goals First introduction of

JABLOTRON JA-100 introduction November 2011 Introduction Todays goals First introduction of the brand new JA-100 alarm system Visions Basic architecture System components Setting Help us with final validations You are the FIRST ones

1.69k views • 111 slides
How Much Does Software Maintenance Cost? Deputy Assistant Secretary of the Army for Cost and

How Much Does Software Maintenance Cost? Deputy Assistant Secretary of the Army for Cost and

How Much Does Software Maintenance Cost? Deputy Assistant Secretary of the Army for Cost and Economics ICEAA Workshop 2015 9 June 2015 9 June 2015 1 UNCLASSIFIED Distribution Statement A: Approved for Public Release U.S. Army Software

958 views • 34 slides
SR&ED for the Software Sector Northwestern Ontario Innovation Centre Quantifying and

SR&ED for the Software Sector Northwestern Ontario Innovation Centre Quantifying and

SR&ED for the Software Sector Northwestern Ontario Innovation Centre Quantifying and qualifying R&D for a tax credit submission Justin Frape , S enior Manager BDO Canada LLP January 16 th , 2013 AGENDA Today s Obj ectives 1.

349 views • 24 slides
Restart Plan Public Presentation August 6 2020 Welcome & Acknowledgements Board of

Restart Plan Public Presentation August 6 2020 Welcome & Acknowledgements Board of

Restart Plan Public Presentation August 6 2020 Welcome & Acknowledgements Board of Education Community District Consultants District Steering Committee & 10 Task Groups Faculty & Staff Parents Students The Scarsdale Public

793 views • 62 slides
Barangaroo South Stage 1B Public Domain Independent Planning Commission Meeting 14 August 2018

Barangaroo South Stage 1B Public Domain Independent Planning Commission Meeting 14 August 2018

Barangaroo South Stage 1B Public Domain Independent Planning Commission Meeting 14 August 2018 2 IPC DETERMINATION MEETING Agenda 1. Design Presentation (Grant Associates) 2. Ground Plane Materials 3. Hickson Park Staging 4. Deep Soil

208 views • 17 slides
Founders Our Partners The Old Web The Web Today Source:

Founders Our Partners The Old Web The Web Today Source:

The Evolving Cyber Threat and what businesses can do about it Larry Clinton, President Direct 703/907-7028 lclinton@isalliance.org Founders Our Partners The Old Web The Web Today Source:

502 views • 17 slides
HECTOS Harmonized Evaluation, Certification and Testing of Security Products Coordinator: FOI

HECTOS Harmonized Evaluation, Certification and Testing of Security Products Coordinator: FOI

HECTOS Harmonized Evaluation, Certification and Testing of Security Products Coordinator: FOI HECTOS at a glance HECTOS is a project under the EUs seventh framework (FP7) September 2014 August 2017 (3 years) Total: 287 PM, 3.5 M

301 views • 9 slides
CYBER INSURANCE Luxury or necessary protection? What is a data breach? A breach is defined as an

CYBER INSURANCE Luxury or necessary protection? What is a data breach? A breach is defined as an

CYBER INSURANCE Luxury or necessary protection? What is a data breach? A breach is defined as an event in which an individuals name plus personal information such as an address, phone number and/or financial record such as a social security

307 views • 16 slides
Data Security in Todays Dealerships Kai Nielsen & Erik Nachbahr #DSES Kai Nielsen

Data Security in Todays Dealerships Kai Nielsen & Erik Nachbahr #DSES Kai Nielsen

Data Security in Todays Dealerships Kai Nielsen & Erik Nachbahr #DSES Kai Nielsen Director of Strategy & Business Operations Dealertrack DMS @KaiNielsen Kai Nielsen #DSES Erik Nachbahr President Helion Automotive Technologies

453 views • 34 slides

More recommend