![Page 1: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/1.jpg)
Joshua SkeensChief Technical Officer
![Page 2: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/2.jpg)
Sources• Verizon DBIR• SonicWall Security
Report• Cisco Security Report
2018 Year in Review
❑Breach❑An incident that results in confirmation of
information loss
❑Incident❑Event that compromises CIA (no confirmation)
❑Confidentiality
❑Integrity
❑Availability
![Page 3: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/3.jpg)
Top Security concern?!
❑Number 1 cause of breaches & incidents
1 in 5 Breaches
![Page 4: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/4.jpg)
SMB Under Attack
50% of all attacks take place against small businesses
Why is that important?
•97% of all businesses in North America are SMB
50% of all Alerts logged in the US go uninvestigated
60% of customers will think about leaving you if breached
•30% WILL leave
![Page 5: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/5.jpg)
2018 by the
numbers
![Page 6: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/6.jpg)
Hackers = MinutesBusiness = Months
![Page 7: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/7.jpg)
Numbers by Sector
![Page 8: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/8.jpg)
90%
10%
Motives
Financial & Espionage the REST
![Page 9: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/9.jpg)
A customer experience
company that delivers
comprehensive network
security services❑Malicious Software Downloads
❑Ransomware❑39%
![Page 10: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/10.jpg)
It’s NOT…just for the PROs
anymore!
CYBERCRIME!
![Page 11: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/11.jpg)
Let's go fishing!!
❑Phishing❑65% increase – PhishMe
❑Good News❑16 minutes before first click
❑ Bad News❑76% of businesses reported Phishing Attacks
❑30% of phishing campaigns opened❑12% of users click the link
❑Less than 17% of phishing incidents are reported
❑30 minutes before attack is first reported
❑97% of people can’t identify a phishing email – McAfee
PHISHING!!!
![Page 12: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/12.jpg)
1.5 Million NEW Phishing Sites Created Per Month!!!!
![Page 13: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/13.jpg)
Social Engineering – Email Edition
❑Pretexting❑110% increase – PhishMe
❑Target Departments❑Finance
❑Executive
❑Human Resources
❑It can happen to anyone….
![Page 14: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/14.jpg)
Social Engineering – Twitter Edition
![Page 15: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/15.jpg)
What was that noise?!
Checked
your attic
lately?!
![Page 16: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/16.jpg)
Office 365
Hijack
Explained
Nefarious Actor gains access to User Account
• Password Database dump
• Phishing Attack
• Social Engineering
NA creates forwarding rules looking for specific
information
Once triggered, NA springs into action
• Forwards communication offsite
• Starts impersonation
• Automatically deletes correspondence
![Page 17: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/17.jpg)
![Page 18: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/18.jpg)
Check your O365 “attic”
❑ Enable MFA❑ Enable Unified Audit & Logging – Security & Compliance Center❑ Enable Mailbox Auditing❑ Use Microsoft Security Score
❑ Create Forward Alerts❑ Disable ability to forward email
❑ PowerShell scripts for auditing❑ Rules❑ Forwards❑ Alerts
![Page 19: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/19.jpg)
MFA can
save the
day!
Security Best Practices
Security Awareness Training
• KnowBe4
• Moodle
Patch Management
• 60% of businesses were breached
Vulnerability Scans
• 37% of businesses that were breached
• No Vulnerability Scans
MFA/2FA
• Twofactorauth.org
• www.mycerdant.com
![Page 20: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/20.jpg)
K.I.S.SLockdown NON-Standard Ports
Security Best Practices
Control Admin rights
• Don’t operate as
• Domain Admin
• Local Admin
• Microsoft LAPS
![Page 21: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/21.jpg)
SIEMLog & Monitor Lateral Movement
Security Best Practices
VPN for Remote Access
No direct RDP
NEW RDP Bug *PATCH!
Add *External* stamp to Email
50% uplift in preventing incidents
Monthly Account Review
26% of User Accounts are
stale
Involve HR
Network Segmentation
Control Lateral
Movement
![Page 22: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/22.jpg)
Again….Educate Employees
Security Best Practices
![Page 23: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/23.jpg)
Or Not so
Top…
Let’s talk Passwords
• 123456
• password
• 123456789
• 12345678
• 12345
• 111111
• 1234567
• sunshine
Top Passwords for 2018
![Page 24: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/24.jpg)
The Mentalist:Password Creation
Password Requirements:
Minimum 8 charactersUppercase LetterLowercase LetterNumberSpecial Characters / punctuation (Ex: !@#$%^&)
![Page 25: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/25.jpg)
It’s just a matter of When not IF!
❑Average password is 7-9 characters in length
❑Most likely used symbols: ~, !, @, $, %, &, and ?
❑If a number, usually a 1 or 2, sequential, and likely at the end
❑If a capital letter, it’s usually the beginning, followed by a vowel
❑66% of people use 1-3 passwords for all online accounts
❑1 in 9 have a password based on the common Top 500
❑20-60-20 Rule: Large password dump• 20% are easily guessed dictionary words or know common
passwords• 60% are moderate to slight variations of the earlier 20%• 20% are hard, lengthy, complex, or of unique characteristics
![Page 26: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/26.jpg)
How old are your passwords?!
![Page 27: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/27.jpg)
The Domino Effect
![Page 28: Joshua Skeens Chief Technical Officer - Amazon S3 · rules looking for specific information Once triggered, NA springs into action ... Check your O365 “attic” Enable MFA Enable](https://reader033.vdocuments.net/reader033/viewer/2022042123/5e9f1f906f248855551595cf/html5/thumbnails/28.jpg)
A customer experience
company that delivers
comprehensive network
security services
CORPORATE HEADQUARTERS
5747 Perimeter Drive Suite 110 Dublin, OH 43017
PHONE 614.652.3486 EMAIL [email protected]
Thank YOU!