am i too small to be a target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/cit-cyber... ·...
TRANSCRIPT
![Page 1: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/1.jpg)
![Page 2: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/2.jpg)
![Page 3: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/3.jpg)
Am I Too Small To Be A Target?
Cybersecurity Issues for Small Businesses
![Page 4: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/4.jpg)
A Special Presentation For <Name>
• Date
• Location
• Special thanks to
![Page 5: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/5.jpg)
• Senior Cybersecurity
Engineer at CIT
• Certified Ethical Hacker –
2013
• Cybersecurity Blogger @ wyzguyscybersecurity.com
and cit-net.com/tech-talk/
Your Speaker – Bob Weiss MCSE, A+, CEH
![Page 6: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/6.jpg)
CIT Cybersecurity Services
• Cybersecurity Awareness Training
• Security Audits
• Vulnerability Assessments
• Penetration Testing
• Computer Forensics
• Incident Response
![Page 7: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/7.jpg)
• Typical Exploits
• Cost of Cybercrime
• Examples of SMB Crimes
• Legal Issues
• Compliance Issues– PCI/DSS
– HIPAA
– GLBA
• Cybersecurity Preparedness
• Incident Response Plan
• Training
• Passwords
• Banking
• Encryption
Agenda
![Page 8: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/8.jpg)
What’s happening out there?
![Page 9: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/9.jpg)
Plan for the attack
• You will be hacked (if you haven’t been already)
• You may not know when it happens.
• You may be informed by your customer, credit card
processor or government regulator
• You may be fined
• You may be sued
• You may end up in the news
![Page 10: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/10.jpg)
Typical Exploits
• Phishing for user passwords or remote access
• Hijacking a computer to use in a bot-net
• Spamming to sell illegal or fraudulent products
• Stealing intellectual property
• Thefts from online bank and financial accounts
![Page 11: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/11.jpg)
Typical Exploits
• Distribution of malware to other computers
• Posting confidential information on the Internet
• Holding critical information for ransom
• Attacking critical network infrastructure to disrupt
operations
![Page 12: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/12.jpg)
Typical Exploits
• Theft of data – all data has value!– User credentials
– Employee data
– Customer data
– Patient data
– Financial data
– Proprietary information
![Page 13: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/13.jpg)
Other Cyber Security Issues
• Politically Motivated Attacks and Hacktivism– Anonymous, Lulz Sec
• Cyber-Warfare– Stuxnet and Flame
– Ukrainian electric utilities
• Government Sponsored Cyber Spying– NSA
– China
![Page 14: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/14.jpg)
Top Two Attack Vectors
• Email– Clickable Links and Attachments
– Phishing and Spear-phishing
• Web Sites– Malware distributed by compromised legitimate sites.
– Spoofed or cloned sites
– Search redirection malware
![Page 15: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/15.jpg)
Cost of Cyber-crime
• Average annual loss per employee - $1500
• In 2015, $400 billion in losses worldwide
• 96% of small businesses unprepared for cyber attack
(Ernst and Young 2013 Survey)
![Page 16: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/16.jpg)
Small Business Targets
![Page 17: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/17.jpg)
Small Businesses in crosshairs
• SMBs targeted by cyber-criminals
• More money in the bank than individuals
• Less security than larger enterprise businesses.
• Employees have little or no training about cyber
security.
• Easy to exploit
![Page 18: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/18.jpg)
NC Fuel Company Loses $800 K
• 15 employee fuel distribution company.
• Monthly payroll of $60,000
• Thieves gained access to bank account using
compromised password
• Bank had recently made changes to its security process
to make online banking “easier.”
• Insurance only covered a portion of the loss.
![Page 19: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/19.jpg)
CA Escrow Company loses $1.5 M
• 9 person company
• 3 electronic transfers of about $500k each
• One in Dec 2012 and two in Jan 2013
• Bank provided two factor authentication, but it wasn’t working at the time.
• Although this company had never transferred funds overseas, bank did not question large transfers – even after the first was reported!
• Company in receivership.
![Page 20: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/20.jpg)
Construction Company Loses $500K
• $447,000 dollars was stolen from Ferma, a California construction company.
• A banking Trojan such as Zeus, downloaded from a web site.
• A Ferma employee logs into their bank's on-line financial Web portal.
• After authentication was confirmed, the employee begins making legitimate payments.
• At the same time, the Zeus Trojan made 27 fund transfers totaling $447,000 to various bank accounts.
![Page 21: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/21.jpg)
HVAC Vendor Opens Door For Target Xmas Attack
• Fazio Mechanical small HVAC contractor to Target
• Phishing email installed password stealing malware
• Target network credentials stolen
• Over 17 days between Thanksgiving and Dec 15, cyber-
thieves accessed Target’s POS system and collected
credit card transaction information on 40 million
customers.
![Page 22: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/22.jpg)
Slovenian Gang Target Small Business
• Spoofed email sent looking like it came from a bank or a tax authority warning of late payment.
• Clicking on the link in the email installed a remote access Trojan horse program
• Thieves watched computer for online banking activity.
• Withdrawals timed to occur on Friday or before a holiday
• Group netted $2.5 million.
![Page 23: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/23.jpg)
Regulatory Compliance and
Legal Issues
![Page 24: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/24.jpg)
Legal Issues
• Regulatory fines
• Civil suits
• Cyber insurance may not cover “willful negligence”
• Cybersecurity or computer use policy
• Incident Response Plan
![Page 25: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/25.jpg)
PCI/DSS
• Payment Card Industry Data Security Standard v3.1– Build and maintain a secure network
– Protect cardholder data
– Maintain vulnerability management program
– Implement strong access control measures
– Regularly monitor and test networks
– Maintain information security policy
![Page 26: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/26.jpg)
PCI/DSS Penalties
• Non-compliant companies can be fined $5000 to
$100,000 per month
• $50-$90 per cardholder record compromised
• Brand and reputation damage
• Civil litigation
![Page 27: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/27.jpg)
HIPAA
• Health Insurance Portability and Accountability Act
• Regulates patient information– Access – who can read it
– Transmission – how data is transferred from location to location
– Storage – how and where data is stored
• Business Associate– CIT employees need to be trained and certified if they have contact
with patient information
![Page 28: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/28.jpg)
HIPAA Violation Penalties
• Accidental - $100 per violation – annual max $25,000
• For cause - $1000 per violation – annual max $100,000
• Willful neglect - $10,000 per violation – annual max $250,000
• Uncorrected willful neglect - $50,000 per violation – annual max $1.5 million
![Page 29: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/29.jpg)
GLBA
• Gramm-Leach-Bliley Act
• Financial Privacy Rule– Consumers need to be informed how their information is used and may
opt out of information sharing
• Safeguards Rule – Consumer information security plan and implementation
• Pretexting Provisions– Systems and training to defeat social engineering
![Page 30: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/30.jpg)
GLBA Penalties
• The penalties for violating the GLBA are quite severe:– A financial institution can be fined up to $100,000 for each violation
– The officers and directors can be fined up to $10,000 for each violation
– Criminal penalties include imprisonment for up to 5 years, a fine, or
both
– If the GLBA is violated at the same time that another federal law is
violated, or if the GLBA is violated as part of a pattern of any illegal
activity involving more than $100,000 within a 12-month period, the
violator's fine will be doubled and he or she will be imprisoned for up to
10 years
![Page 31: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/31.jpg)
Policy Considerations
![Page 32: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/32.jpg)
Cybersecurity Preparedness
• Patch
• Backup
• Keep antimalware software updated
• Enforce good password policy
• Use two factor authentication when possible
• Create alertness through training and events
![Page 33: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/33.jpg)
Incident Response Plan – Before the Breach
• Plan to be attacked
• Know who is in charge
• Have a cybersecurity expert on retainer
• Review insurance coverage
• Review legal requirements and exposure
• Plan for a media response
![Page 34: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/34.jpg)
Incident Response Plan – After the Breach
• Find out what happened – review your logs
• Remove affected devices from network
• Save affected devices for forensics – do not wipe drives!
• Report to the police and Internet Crime Complaint
Center
• Responding to media – be brief but truthful
![Page 35: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/35.jpg)
Creating a More Secure Environment
![Page 36: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/36.jpg)
Train Your Staff
• Train your employees in the fundamentals of
cybersecurity.
• Create a data practices policy for your employees.
• Even the most sophisticated security defenses cannot
prevent a malware breach that is permitted when an
employee clicks on a malicious link in an email.
![Page 37: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/37.jpg)
The Basics
• Internet security software on every computer
• Hardware firewall – blocks attacks from outside
• Intrusion Detection System (IDS) – detects attack traffic
both outside and inside the network
• Security information and event management (SIEM) -
provides real-time analysis of security alerts generated
by network hardware and applications
![Page 38: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/38.jpg)
Password policy
• 10 characters or longer– 8 character passwords can be cracked in under 12 hours
– 10 character passwords take several centuries.
• No dictionary words in any language
• Use complexity rules, at least one from each group– UPPER CASE
– lower case
– Num63r5
– $ym%o!s* _- ! @ # $ % & *
![Page 39: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/39.jpg)
Advanced Password policy
• Character substitution (p@5$w0#d)
• Use passphrase (i.e. @mBwu10cPW! = “at my business
we use 10 character pass words”)
• Use two-factor authentication when available
• Check password at Passfault (passfault.com)
• Nothing will matter if you lose your plain text password to
a keylogger or phishing exploit
![Page 40: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/40.jpg)
![Page 41: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/41.jpg)
Physical Security
• Server in locked server room or closet
• Beware unescorted visitors or vendors
• Mobile employees and laptop users should put laptop in
trunk not on the seat.
• Intellectual property often leaves the building on a flash
drive.
• Use data encryption to protect against loss or theft of
computers.
![Page 42: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/42.jpg)
Email Security
• Never click on a link in an email, its always safer to type
in the address manually.
• Never open an email attachment until you confirm who
sent it and why they sent it.
• Use email encryption if your provider supports it.
![Page 43: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/43.jpg)
Avoid Phishing Emails
• Fake but realistic looking emails
• Attachments, often in .zip format will install exploit code,
such as CryptoWall ransomware.
• Malicious links take you to fake websites.
• Trojan horse malware is downloaded.
• Personal information is surrendered via a web form.
![Page 44: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/44.jpg)
How To Catch a Phish
![Page 45: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/45.jpg)
![Page 46: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/46.jpg)
Web Security
• Use the most up to date web browser versions– Internet Explorer 11
– Firefox 26
– Chrome 31
– Safari 7
• Be wary of changes to your home page or search
provider
![Page 47: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/47.jpg)
Banking
• On-line banking – are you using all the security tools your bank provides? – Two factor authentication?
– Treasury management?
• Find out what security features are provided by your bank.
• Will your bank alert you if there unusual transactions?
• Whose responsible for unauthorized transactions?
![Page 48: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/48.jpg)
Zeus and Neverquest Bank Trojans
• Zeus – 2009
• Neverquest – 2013
• Dyre Wolf - 2015– Multiple installation avenues
– Automatically looks for vulnerable computers
– Works like a botnet
– Keylogger watches for banking activity
– Captures your banking logon credentials
– Allows remote attacker to transfer money from your bank account using your own computer.
– Also watches for logon info for other accounts.
![Page 49: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/49.jpg)
Protect against Banking Trojans
• Use a bootable LiveCD– OS and apps on a CD cannot be changed
– Linux based OS
• Use a dedicated computer system for all banking and
financial transactions– Linux is better than Windows
– Google Chromebook
![Page 50: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/50.jpg)
Encryption
• Use encryption whenever possible– HTTPS websites
– VPN for mobile workers or traveling employees
– Full disk encryption for laptops
– Encryption for employee and client records, proprietary data
– Encrypted email solutions like Zix
![Page 51: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/51.jpg)
Where Do I Begin?
![Page 52: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/52.jpg)
CIT Cybersecurity Services
• Cybersecurity Awareness Training
• Security Audits
• Vulnerability Assessments
• Penetration Testing
• Computer Forensics
• Incident Response Management
![Page 53: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/53.jpg)
More CIT Cybersecurity Services
• Zix secure email
• Data backup and recovery solutions
• Computer Use and Cybersecurity Policy development
• Business Continuity and Disaster Recovery
• Incident Response Planning
![Page 54: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/54.jpg)
Thank You!
Any questions?
![Page 55: Am I Too Small To Be A Target?wyzguyscybersecurity.com/wp-content/uploads/2016/01/CIT-Cyber... · •Group netted $2.5 million. Regulatory Compliance and Legal Issues. Legal Issues](https://reader033.vdocuments.net/reader033/viewer/2022060603/6058598c930d547c921a89b8/html5/thumbnails/55.jpg)
Thanks
• Please take a business card
• Contact me for a security review or on-site training for
your employees.– [email protected]
– 651 387-1668