![Page 1: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/1.jpg)
How Exposed Are You:Fraud, Privacy & Risk Management Issues
Ohio Society of CPAs
Health Care SummitOctober 19, 2017
![Page 2: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/2.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Today’s Cyber Landscape
• You read the headlines
• You see the statistics
![Page 3: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/3.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
You’re left wondering…
• Is it REALLY that bad?
• What’s ACTUALLY going on out there?
• Why would my non-profit be a target?
![Page 4: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/4.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Learning Objectives
• Examine the factors that are increasing exposure
• Review strategies for diagnosing current state of affairs
• Identify strategies to address the challenges
![Page 5: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/5.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Today’s Cyber LandscapeWhat’s it look like out there?
![Page 6: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/6.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
By the Numbers
• Avg 63,000+ reported security incidents annually
• 2016: 1,093 breaches, 36million + records exposed
• Average cost to organizations with 1000+ employees is $7.7m
• The US Military Treats Cyber as one of five domains: air, sea, land, space and now cyber.-General Michael Hayden. Former Director CIA and NSA
![Page 7: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/7.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Some Health Care Headlines• “Arkansas Oral Facial Surgery Center hit by
Ransomware” (128,000 patients)
• “Augusta University Medical Center Impacted by Successful Phishing Attack for a Second Time”
• “Women’s Health Care Group of Pennsylvania Compromise Discovered in May, Hackers had Unauthorized Access as Early as January” (300,000 patients)
• “UC Davis Health Employee Responds to Phishing E-mail with Login Credentials. 15,000 Records Compromised”
![Page 8: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/8.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Some more scary thoughts
• Cybercrime costs in US up 19%
• 2016 Data Breaches up 40% over 2015. Expected to continue to rise!
• Average cost of compromise - $3.4 million
• 66% of companies say it is likely or very likely they will experience an Advanced Persistent Threat (APT)… and
• 1 in 3 of those companies say they’re prepared
![Page 9: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/9.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
![Page 10: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/10.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Why Should we care?
• C-Suite / Business Executive / Leadership Team misconceptions
![Page 11: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/11.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
From their perspective
• The organization has a firewall protecting them from OUTSIDER threats?
• The IT Department/Company/Parent Company handles their CyberSecurity?
• They are (fill in the blank) compliant…CyberSecurity is just not an issue…
• They (believe they) don’t have anything sensitive that anyone would want?
![Page 12: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/12.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
This stuff doesn’t apply to you, right? • The Difference between Your Organization &
Everyone Else…• Your perimeter is safe – after-all you’ve spent hundreds
of thousands of dollars on the latest and greatest technology,
• Your IT department is on-top of this,
• You don’t just claim you’re HIPAA-compliant – you actually are.
![Page 13: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/13.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
So why should you care?Case Studies
![Page 14: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/14.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
ALL of the following had:
• A firewall
• An IT Department/Company handling their CyberSecurity
• Didn’t have anything they believed to be of value
• And were compliant with all regulations and compliancy requirements
![Page 15: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/15.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Case Studies
• Down on the Pharm: The case of the digital bank heist
• You Did What with that Laptop?
• Teach a Man to Phish: Business E-mail Compromises
![Page 16: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/16.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Still think you’re not a target?
• “…though there were initial questions as to why a foodbank would be targeted...[he] quickly came to learn that such hacks are perpetrated by robots who do not see information as having belonged to the food bank, but rather a vulnerable IP address.”
![Page 17: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/17.jpg)
It’s not safe to turn onyour computer.
![Page 18: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/18.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
From Our Perspective
• We are Electronic Evidence Experts
• Specialize in: Digital Forensics & CyberSecurity• 19 Years in CyberSecurity realm
• 17 Years in Digital Forensics
• Incident Response / Data Breach is a large percent of what we do.
We are parachuted in to organizations to solve problems
![Page 19: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/19.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
So what’s really going on out thereTurning Your Users into Issue Spotters
![Page 20: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/20.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Top Ten Threats1. Phishing / Business E-mail Compromises
2. Ransomware
3. Third Party Attacks
4. Internet of Things
5. Social Networks
6. Advanced Persistent Threat (APT)/Cyber Warfare
7. Reputational Damage
8. Targeted Botnets
9. Data Privacy in the Cloud / Big Data
10. Skills Gap / Routine Maintenance Neglected
![Page 21: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/21.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Phishing / Business Email Compromises (BEC)• Plays on un-aware
victims
• Getting harder to tell real from fake
• Spear-Phishing
![Page 22: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/22.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Ransomware
• Has become “big business” for criminal rings
• 100s of variants
• Bitcoin or other cyber currency
• Clock is ticking!
![Page 23: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/23.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Third Party Attacks• Trusted Connections• Upstream/Downstream Liability• Shared Data, Shared Infrastructure• Employees – VPN
![Page 24: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/24.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
IoT: Insecurity of Things
• Ubiquity of Interconnected Devices
• Designers not attentive to security needs
• Novel uses of technology without forethought
• Lack of standards
• Integrated with back-end systems
![Page 25: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/25.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Social Networks Personally Identifiable
Information “Twenty Questions”
• What was your most embarrassing moment?
• Have I ever played hooky?
• What was the name of my first elementary school?
• What was my favorite pet’s name?
Disclosure of whereabouts• “Looking forward to the family vacation next
week at Disney World.”
Malware, Spyware
Hoaxes
Disclosure of Secrets• “Rumor has it the Acme Widgets acquisition
fell through”
• Working to troubleshoot a major software bug we just found”
![Page 26: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/26.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Advanced Persistent Threat (APT)/Cyber Warfare
• You have something attacker wants:• Intellectual Property• Cash / Financial resource stream• E-mail addresses• Employee’s names• Project names & participants• Back-door connectivity (trusted) to intended target
• Concerns:• Downstream liability• Upstream liability (3rd Party Liability)• Getting them the hell out of there
![Page 27: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/27.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Targeted Botnets
• Thousands to Tens of Thousands of “drones” under control of attacker
• Wide Destruction
• Migration• Used to be: General targeting
• Now: Targeted• DDOS – More advanced (Adaptive)
• Malware Delivery
• Spam
![Page 28: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/28.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Cloud Computing• Tempting Target
• Personal information
• Passwords
• Trusted “gateway” to other resources
• APIs with vulnerabilities
• “Mother-lode” for the successful attacker
• Big Data = Big Target!
• Weak passwords / too many people with access
![Page 29: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/29.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Skills Gap /Maintenance Negligence
• Inability to find, hire & retain qualified individuals• Not identifying the “right” things to secure• Not monitoring/looking at things consistently• Too much to accomplish with too little resources• Failure to put Best Practices in place• Failure to properly maintain (on a consistent basis)
• Failure to update security patches
• Sunset versions• Passwords not expiring
• Service accounts (especially default)
• Elevated accounts for installed software/outsourced arrangements• Accounts not disabled
• Poor Passwords
![Page 30: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/30.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Top Ten Threats1. Phishing / Business E-mail Compromises
2. Ransomware
3. Third Party Attacks
4. Internet of Things
5. Social Networks
6. Advanced Persistent Threat (APT)/Cyber Warfare
7. Reputational Damage
8. Targeted Botnets
9. Data Privacy in the Cloud / Big Data
10. Skills Gap / Routine Maintenance Neglected
![Page 31: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/31.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
The Big Issues• IT Security is NOT an IT Problem
“It’s the Users… Stupid !”
![Page 32: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/32.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Why is IT Security so Hard?• IT Security is not solely an IT Problem
• Users
• Convenience-Security Balance
• Training / Focus• What is IT put into place to do?
![Page 33: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/33.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Determining Your Risk:Pre-Breach Assessments
Getting Your House in Order
![Page 34: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/34.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Understanding Your Environment
• Holistic Approach• Data
• Infrastructure
• Regulatory/Compliance Requirements
• Strengths, but mostly Weaknesses
• Policies, Procedures & People
• Scenarios for Data Exfiltration
![Page 35: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/35.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Compliance is Not Enough
• HIPAA, PCI, GLBA, FISMA, FERPA, ISO, SOX, HSA, ITAL and a whole bunch of alphabet soup
• Some overlap, but for most part, each only cover areas of interest
• i.e. Sarbanes-Oxley (SOX) – interested only in financial impact –doesn’t care about loss of cardholder data (PCI) or healthcare info (HIPAA)
![Page 36: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/36.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
![Page 37: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/37.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Attacking the ATETM
Item Strategy
Data Understand what you have &
where it is
Infrastructure Layered Defenses
Regulatory/Compliance Understand Requirements
Weaknesses Risk Assessment, Prioritize
Methods of Exfiltration Inventory scenarios, plan
accordingly
Awareness Policies, Procedures, Acceptable
Use & Training
![Page 38: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/38.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Data
• Classification System & Standards of Care
• Marking Documents Appropriately
• Logical Protection
• Training Employees• Document Authors
• Custodians
• Data Loss Prevention (DLP)Technology
StrategyItem
Policies, Procedures, Acceptable
Use & TrainingAwareness
Inventory scenarios, plan
accordingly
Methods of Exfiltration
Risk Assessment, PrioritizeWeaknesses
Understand RequirementsRegulatory/Compliance
Layered DefensesInfrastructure
Understand what you have &
where it is
Data
StrategyItem
Policies, Procedures, Acceptable
Use & TrainingAwareness
Inventory scenarios, plan
accordingly
Methods of Exfiltration
Risk Assessment, PrioritizeWeaknesses
Understand RequirementsRegulatory/Compliance
Layered DefensesInfrastructure
Understand what you have &
where it is
Data
![Page 39: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/39.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
StrategyItem
Policies, Procedures, Acceptable
Use & TrainingAwareness
Inventory scenarios, plan
accordingly
Methods of Exfiltration
Risk Assessment, PrioritizeWeaknesses
Understand RequirementsRegulatory/Compliance
Layered DefensesInfrastructure
Understand what you have &
where it is
Data
StrategyItem
Policies, Procedures, Acceptable
Use & TrainingAwareness
Inventory scenarios, plan
accordingly
Methods of Exfiltration
Risk Assessment, PrioritizeWeaknesses
Understand RequirementsRegulatory/Compliance
Layered DefensesInfrastructure
Understand what you have &
where it is
Data
Infrastructure• Today’s Problem
• We rely on people
• Sit behind a firewall and
• Believe that’s all we need to do
• Defense in Layers• A Firewall is not Sufficient
Enough
• Shore up the Weaknesses
People
Least PrivilegeSecurity
ServerHardening
Firewall &Perimeter
![Page 40: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/40.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
StrategyItem
Policies, Procedures, Acceptable
Use & TrainingAwareness
Inventory scenarios, plan
accordingly
Methods of Exfiltration
Risk Assessment, PrioritizeWeaknesses
Understand RequirementsRegulatory/Compliance
Layered DefensesInfrastructure
Understand what you have &
where it is
Data
StrategyItem
Policies, Procedures, Acceptable
Use & TrainingAwareness
Inventory scenarios, plan
accordingly
Methods of Exfiltration
Risk Assessment, PrioritizeWeaknesses
Understand RequirementsRegulatory/Compliance
Layered DefensesInfrastructure
Understand what you have &
where it is
Data
Regulatory/Compliance
• Inventory
• Choose a Framework & Map to Framework• ISO
• CobIT
• Recognize that Regulatory/Compliance Doesn’t Cover Everything
![Page 41: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/41.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
StrategyItem
Policies, Procedures, Acceptable
Use & TrainingAwareness
Inventory scenarios, plan
accordingly
Methods of Exfiltration
Risk Assessment, PrioritizeWeaknesses
Understand RequirementsRegulatory/Compliance
Layered DefensesInfrastructure
Understand what you have &
where it is
Data
StrategyItem
Policies, Procedures, Acceptable
Use & TrainingAwareness
Inventory scenarios, plan
accordingly
Methods of Exfiltration
Risk Assessment, PrioritizeWeaknesses
Understand RequirementsRegulatory/Compliance
Layered DefensesInfrastructure
Understand what you have &
where it is
Data
Weaknesses
• Vulnerability Scans/Pen Tests• Traditionally focused on perimeter only (compliance)• Measure What IS and What COULD Be
• Recommend internally focused scans• Recommend unauthenticated and authenticated
• Risk Assessment• Prioritize High Impact Areas• Likelihood vs Impact
• Assessment/Audit• Design of Control• Testing of Control
![Page 42: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/42.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
StrategyItem
Policies, Procedures, Acceptable
Use & TrainingAwareness
Inventory scenarios, plan
accordingly
Methods of Exfiltration
Risk Assessment, PrioritizeWeaknesses
Understand RequirementsRegulatory/Compliance
Layered DefensesInfrastructure
Understand what you have &
where it is
Data
StrategyItem
Policies, Procedures, Acceptable
Use & TrainingAwareness
Inventory scenarios, plan
accordingly
Methods of Exfiltration
Risk Assessment, PrioritizeWeaknesses
Understand RequirementsRegulatory/Compliance
Layered DefensesInfrastructure
Understand what you have &
where it is
Data
Exfiltration• Understand How Data Can Leave Organization
• Manual vs Automated
• People vs Systemic
• Brainstorm & Inventory Scenarios• Loss of Device
• Mobile/BYOD
• 3rd Parties
• LAN/WAN Connectivity
• Social Engineering
• Malicious/Direct Theft
![Page 43: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/43.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
StrategyItem
Policies, Procedures, Acceptable
Use & TrainingAwareness
Inventory scenarios, plan
accordingly
Methods of Exfiltration
Risk Assessment, PrioritizeWeaknesses
Understand RequirementsRegulatory/Compliance
Layered DefensesInfrastructure
Understand what you have &
where it is
Data
StrategyItem
Policies, Procedures, Acceptable
Use & TrainingAwareness
Inventory scenarios, plan
accordingly
Methods of Exfiltration
Risk Assessment, PrioritizeWeaknesses
Understand RequirementsRegulatory/Compliance
Layered DefensesInfrastructure
Understand what you have &
where it is
Data
Awareness• Document What you Want to Happen
• Policies & Procedures
• Design Controls to Prevent or Monitor
“Asking Employees to Do What you Want them to, without Making it a Policy and without Putting Controls in-place is not Security…it’s a Hope!”
![Page 44: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/44.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Putting It All Together
• Pre-Breach Assessment• Actual Threat EnvironmentTM Identification• Risk Assessment (tied to ATETM)• Prioritize Areas of Focus (collaborative)• Scoping (results of Risk Assessment)• Assessment• Findings• Remediation Prioritization (collaborative)• Remediation• On-Going Review• Rinse & Repeat…
![Page 45: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/45.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Pre-Breach Assessments• Value – The “Why”
• Lowered Risk• Eliminate the low-hanging fruit that attackers find attractive
• Move on to more attractive targets
• Lowered Costs when there is a Breach• Lowered Investigative fees
• Lower and/or eliminate regulatory penalties
• Lower Insurance premiums and/or deductibles
• Development of an Incident Response Plan• Know What to Do When It Happens
![Page 46: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/46.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Protecting YourselfWhat You Can Do…Starting Today
![Page 47: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/47.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
A 9 Step Program
• Change in Attitude• Recognize Impacts of Not Being Secure• “It Ain’t Easy”• Commit to Being Vigilant• Establish a CyberSecurity Program• Hold People Accountable for CyberSecurity• Educate• Provide Resources for CyberSecurity• Plan for the Inevitable
![Page 48: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/48.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Change in Attitude
• You MUST accept that you’re a target…just because
• Always-on connectivity
• Opportunistic
• You DO have SOMETHING that SOMEONE wants
“Vulnerable IP Address syndrome
![Page 49: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/49.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
The Price of Not Being Secure
• Hard Costs• Remediation
• Investigation
• Notification, Credit Monitoring & Call Center
• Litigation & Penalties
• Soft Costs• Lost Productivity, time & wages for those involved
• Loss of Business
• Public Relations
![Page 50: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/50.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
“It ain’t easy”
• Give up on the belief that CyberSecurity is easy and can be solved with money and is a one-time initiative.
• Most of the changes come down to:• Configuration
• Attitude – being vigilant
• Paying attention
• Achieve a “culture of security”
![Page 51: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/51.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Commit to Becoming Vigilant
• “Always On” means you need to become “Always Aware”
• Question the out-of-the-ordinary• Ex. Log File Review of incident
• Build new habits out of old• Ex. Review of e-mails for
phishing attempts
![Page 52: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/52.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Establish a CyberSecurity Program
• Understand your risks and prioritize them
• Assess/Audit your environment regularly• Understand your options:
• DIY vs External – Biases?• Types – Vulnerability Scanning, Penetration Testing, Ethical
Hacking, A&P, White-hat/Grey-hat hacking
• Layered approach & focus on external and internal
• Prioritize the results
• Remediate the issues
![Page 53: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/53.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Hold People Accountable
• CyberSecurity isn’t an IT issue – it’s everyone’s issue
• Make sure everyone understands their part in the picture; hold them accountable for action & inaction
• Establish policies
• Ensure compliance
![Page 54: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/54.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Educate
• People “don’t know what they don’t know”
• Need to sensitize them to what’s out there
![Page 55: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/55.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Provide Resources for CyberSecurity• Resources need to be made available:
• Tone at the Top
• Time to research and remediate
• Some money
• Don’t fall into trap of believing “money solves everything”
• Don’t believe vendor’s claims that their “product” is the panacea.
![Page 56: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/56.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Plan for the Inevitable
• The 6 Ps
• During an Incident is the WORST time to plan
• Need to know what steps to take
• Create an:• Incident Response/Data Breach Plan
• Up-front (Now is a great time)
![Page 57: How Exposed Are You - Vestige: Digital Forensic Investigator€¦ · How Exposed Are You: Fraud, Privacy & Risk Management Issues Ohio Society of CPAs Health Care Summit October 19,](https://reader034.vdocuments.net/reader034/viewer/2022042319/5f0907917e708231d424e45c/html5/thumbnails/57.jpg)
800.314.4357 | www.VestigeLtd.com | Responsiveness, Speed & Availability Reliability Knowledge | Copyright ©2016 Vestige Ltd
Q&A
Damon S. Hacker, MBA, CCE, CISA
Vestige Digital Investigations
Cleveland | Columbus | [email protected]