ronald l merriman cyber security discussion...what will it take to resume operations? ‣put your...
TRANSCRIPT
![Page 1: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/1.jpg)
CYBER SECURITY DISCUSSION Dubai 2016
Ronald L Merriman Paul Samadani Henry Wu
![Page 2: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/2.jpg)
USE AT YOUR OWN RISK!IS FOR ENTERTAINMENT PURPOSES ONLY
This Presentation
![Page 3: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/3.jpg)
OUR AGENDA
‣ Defining Cyber Security‣ How Do Hackers Find & Compromise Systems ‣ 5 Steps to Avoid becoming an Easy Target‣ In Real Life…‣ Group Discussion
![Page 4: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/4.jpg)
WHAT IS AT RISK?
Brand Reputation Consumer Trust Intellectual Property Bank Fees, Penalties & Credit Company Fines
Loss of Revenue
![Page 5: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/5.jpg)
WE ARE CREATING A CYBER SECURITY NIGHTMARE
![Page 6: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/6.jpg)
WE ARE CREATING A CYBER SECURITY NIGHTMARE
HACKERS CAN:
▸ Take Control of Your Car
▸ Add Virtual Airplanes to Radar
▸ Control a Rollercoaster
▸ Shut Down the Power
▸ Know Where You Are
▸ Who You Are Talking to
▸ Share Your Deepest Secrets
![Page 7: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/7.jpg)
COMMON WAYS HACKERS FIND YOU?
‣Google to Find Un-Patched PCs‣Embedded Link on an Email‣USB Stick‣Supplier / Vendor Backdoors‣Social Engineering
![Page 8: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/8.jpg)
COMMON WAYS HACKERS FIND YOU?
‣ Google to Find Un-Patched PCs‣ Embedded Link on an Email‣ USB Stick‣ Supplier / Vendor Backdoors‣ Social Engineering
![Page 9: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/9.jpg)
IDENTIFY PROTECT DETECT
RESPOND RECOVER
![Page 10: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/10.jpg)
YOU CAN’T PROTECT IT IF YOU DON’T KNOW ABOUT IT
‣ Credit Card – Parking, Gift Shop… ‣ Back Door Vendor System Access ‣ Internet Connected Devices ‣ Rogue Access Points
IDENTIFY
![Page 11: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/11.jpg)
YOU CAN’T PROTECT IT IF YOU DON’T KNOW ABOUT IT
‣ Credit Card – Parking, Gift Shop… ‣ Back Door Vendor System Access ‣ Internet Connected Devices ‣ Rogue Access Points
![Page 12: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/12.jpg)
AUTOMATED TOOLS FOR DISCOVERING DEVICES
‣The Dude by Mikro Tik http://www.mikrotik.com/thedude
‣GFI LanGuard http://www.gfi.com
‣KALI Linux https://www.kali.org/
![Page 13: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/13.jpg)
IF YOU WANT TO KEEP IT - PROTECT IT
‣Provide Training for Your Staff ‣SPAM & Web Filtering ‣Remove Admin Access ‣Patch Your Systems ‣Segment Your Network
PROTECT
![Page 14: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/14.jpg)
IF YOU WANT TO KEEP IT - PROTECT IT
‣Provide Training for Your Staff ‣SPAM & Web Filtering ‣Remove Admin Access ‣Patch Your Systems ‣Segment Your Network
![Page 15: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/15.jpg)
AUTOMATED PATCHING TOOLS
‣GFI LanGuardhttp://www.gfi.com
‣ Windows Server Update Services (WSUS) www.Microsoft.com
‣Hire Experts for Network Segmentation
![Page 16: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/16.jpg)
TRUST BUT VERIFY
‣Hack Yourselfhttps://www.shodan.io
http://routersecurity.org/testrouter.php
‣KALI Linux https://www.kali.org/
‣Offer Bug Bounty
DETECT
![Page 17: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/17.jpg)
TRUST BUT VERIFY
‣Hack Yourselfhttps://www.shodan.io
http://routersecurity.org/testrouter.php
‣KALI Linux https://www.kali.org/
‣Offer Bug Bounty
![Page 18: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/18.jpg)
“A GOAL WITHOUT A PLAN IS JUST A WISH”
‣ Actionable Response Plan ‣ Test Your Plan ‣ FCC Cyber Planner
https://www.fcc.gov/cyberplanner
‣ Explore Insurance Options ‣ Not Just IT Related…Should Include Disasters ‣ Know Your Law Enforcement Agencies
RESPOND
![Page 19: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/19.jpg)
“A GOAL WITHOUT A PLAN IS JUST A WISH”
‣ Actionable Response Plan ‣ Test Your Plan ‣ FCC Cyber Planner
https://www.fcc.gov/cyberplanner
‣ Explore Insurance Options ‣ Not Just IT Related…Should Include Disasters ‣ Know Your Law Enforcement Agencies
![Page 20: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/20.jpg)
WHAT WILL IT TAKE TO RESUME OPERATIONS?
‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss ‣Set Aside Cash Reserves ‣It Usually Happens at the Worse Possible Time ‣Work Closely with Attorneys & PR Firms
RECOVER
![Page 21: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/21.jpg)
WHAT WILL IT TAKE TO RESUME OPERATIONS?
‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss ‣Set Aside Cash Reserves ‣It Usually Happens at the Worse Possible Time ‣Work Closely with Attorneys & PR Firms
![Page 22: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/22.jpg)
ANYONE CAN BE A VICTIM OF A MAJOR CYBER ATTACK
IT CAN HAPPEN TO YOU
‣ More than just Financially & Operationally Costly‣ Incredibly Consuming ‣ Further Breaches Inevitable
What Can We Do About it?
![Page 23: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/23.jpg)
LAX CYBER SECURITY RESULTS IN CRIPPLING ECONOMIC & REPUTATIONAL PENALTIES
LESSONS LEARNED
‣ Stay Up-to-Date with Credit Card Transaction Technology
‣ Limit Exposure‣ Segregated and Secure Network & Critical Computers‣ Backup, Then Backup Again‣ Protect High-Volume Email Accounts
![Page 24: Ronald L Merriman CYBER SECURITY DISCUSSION...WHAT WILL IT TAKE TO RESUME OPERATIONS? ‣Put Your Plan in Action ‣Consider All Dependencies ‣It is All About Minimizing the Loss](https://reader030.vdocuments.net/reader030/viewer/2022040321/5e513102066c0a74a6256df9/html5/thumbnails/24.jpg)
Paul Samadani [email protected]
Henry Wu [email protected]
Ronald L Merriman [email protected]
For Cyber Security Links Email: