SlideShare a Scribd company logo

Forthright Security Lunch and Learn - Ransomware Focus 2

D
David Dubree

This document discusses protecting small and medium businesses from cybersecurity threats like ransomware. It notes that SMBs have become more digitally connected and hold valuable customer and business data, making them attractive targets. Common threats include phishing, malware, and insider risks. Specifically, ransomware has become a growing problem as it encrypts systems and demands payment. The document advocates for a holistic security system of people, policies, training and technologies working together to protect, detect, and respond to threats. It emphasizes that compliance does not equal security and that SMBs need to assess their specific risks and ensure they have the capabilities to identify and address breaches before significant damage or liability occurs.

1 of 35
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Don't Be The Next Target! Protecting Your Business From The Latest Threats Welcome! Today’s subject: Protecting Your Company from Ransomware
Trends SMB’s Are More And More Digital Small and Medium business has to compete more and more with Mega-stores. Most have: ● Web Sites ● eCommerce Orders ● Paypal ● Square ● Multiple Email Accounts ● Social Media Accounts ● Etc...
Trends Big Data – Your Data Facebook leverages big data in it’s marketing Most businesses use Facebook in their marketing Every social media platform uses big data
Trends Most SMB’s will be in the cloud soon Cloud services are lowering: ● Costs ● Complexities ● I.T. Staff
Trends Bring Your Own Device(BYOD) is happening So what is happening to Security? Where is Business going to be exposed?
Around the World ● Daily Cyber Attacks Against US Gov ● Dams, Water Treatment, Power Grids ● ISIS Paying Big Money to Hackers
In The News ● Hollywood Hospital - $17,000 in Ransom ● Apple – 600,000 Incidents of Ransomware so far ● iPhone Encryption – FBI hacked it
In The News “The New York State Attorney General’s office said that the number of breach notifications issued by his office had risen 40% during 2016 compared with the same period a year earlier.” - WSJ 05/05/16
What Are The Threats? Bots, Phishing, Social Engineering, Malware of all sorts Who Has Been Affected? Millions spent to respond and Millions in lost revenue The Heritage Foundation Issue Brief #4487 on Cyber Security November 18, 2015 ● Morgan Stanley – 350,000 Client Records Stolen ● Anthem – 80 Million Client Records Stolen ● Penn State – 18,000 Student Records Stolen ● All Had Passwords - Firewalls - AntiVirus
What Are The Threats? BYOD (Bring Your Own Device): ● 20 Years Ago Software was Expensive ● Now iPhone Apps are Free or 99 cents ● Just Search for what you need and install it What Could Go Wrong?
What Are The Threats? Social Media: ● People used to keep things private ● Now everyone’s life is public ● So our exposure to risk is at new levels ● Now it’s Easy for Hackers to find personal info to use in a Social Engineering or Phishing Attack
What Are The Threats? Cheap Wireless Routers: ● Installed Randomly for Convenience ● Can be an Easy Gateway into your company data from hundreds of feet away ● Most are never monitored for illegal access
What Are The Threats? False Security: ● Passwords Don’t Work – Malware Doesn’t Care ● Insider Threats are Huge – Employees Steal Data ● The FBI says it takes an average of 14 months for companies to detect an intruder. Most won’t know until it’s too late.
What Are The Threats? Internal: “90% of I.T. employees indicate that if they lost their jobs, they’d take sensitive company data with them... 59% of employees who leave an organization voluntarily or involuntarily, say they take sensitive data with them.” Deloitte via WSJ – 05/02/16
Who Are The Targets? “...SMB’s make much more attractive targets for cyber- thieves” “...a data breach involving an SMB can be far more devastating for the company than a similar type breach at a larger company.” csattorneys.com Nov 5, 2014
Ransomware “The FBI said the number of so-called ransomware attacks is on the rise. Hackers break into a corporate network, encrypt data and hold it ransom until the victim agrees to pay...” - WSJ 05/04/16
Ransomware “More small businesses are falling victim to “ransomware…” “...Bitcoin is a preferred method of payment, partly because the use of bitcoin makes payments difficult to track.” WSJ – April 15, 2015
Ransomware “...About 30% of ransomware victims pay to regain their data, estimates Tom Kellermann, chief cybersecurity officer for Trend Micro Inc., an Irving, Texas, cybersecurity firm.” WSJ – April 15, 2015
How Can You Be Safe? Start with 3 important questions: 1) What are you Protecting? 2) What are the Threats? 3) What is happening right now?
What Are You Trying To Protect? ● Company Secrets, Intellectual Property ● Customer Emails, Credit Card Details, Purchases ● Company Accounting System ● Patient Health Records ● What’s Important?
What Are Your Threats To That? ● Contractors? ● Service Providers? ● Employees? ● Hackers? ● Ransomware?
What Is Happening – Right Now? ● Do you know – right now – what is happening to that data? ● How will you respond to a breach? ● You are liable for it, Not the I.T. dept.
What Can Be Done? Think about home security: What secures a home? Locks – Alarms – Dogs – What Else?
What Can Be Done? Home Security Protect Detect Respond Doors Windows Locks Fence Alarms Motion Sensors Crime Watch Monitoring Dog Gun Police Insurance Which column is most important?
What Can Be Done? Protect Detect Respond Doors Windows Locks Fence Alarms Motion Sensors Crime Watch Monitoring Dog Gun Police Insurance Must Have – But They ALL Break Must Be Able To Detect The Break Must Be Able To Respond Quickly You Cannot keep people out – But you can detect them
A System Security is not Firewalls, Passwords Or Encryption Security Is A System The System is a combination of People, Policies, Training and Technology all working together
(When) Will It Happen To You? ● That is the question. ● Everyday I work with small business who have Malware of all sorts on their business and personal computers. ● Much of it is designed to be a back door into the computer – bypassing firewalls and anti-virus. ● And some... the evil Ransomware ● Most SMB’s have no system to Detect and Respond in time
Compliance Do Industry Compliance Standards = Security? PCI-DSS, HIPAA, Etc If Compliance = Security how do Hospitals, Financial Institutions and Retailers get hacked every day? Compliance <> Security!
Cost and Liability The Ponemon Institute and Symantec estimates that it costs businesses $188 per record lost. Just 1000 records = $188,000 in one breach! Businesses also suffer potentially priceless damage to their reputation and trust.
Cyber Insurance “...Cyber liability insurance coverage (CLIC) has been available for more than 12 years… The average cost of a data breach to the affected business is $3.8 million...a 23 percent increase since 2013...” CNN.com June 30, 2015
Attitude? “Security is also a Frame of Mind... It’s about Culture, Structure and Strategy... Every aspect of doing business requires looking at it through a security lens...” Paraphrased from TheGuardian.com Mar 11, 2014
How Do You Answer... ● Do you have Policies in place for proper handling of company data? ● Do you have a system to provide Security Intelligence? ● Do you have an Employee Cyber Security Training Program? Remember – Cybercrime is the fastest growing industry!
Key Points ● Biggest Threat = Ransomware - Easy Money For Hackers ● Malware is SMART – Typical Anti-Virus is almost useless ● Most Big co’s have been hacked. SMB’s are even Easier ● Targeted Social Engineering attacks are growing fast ● Employee Security Awareness Training is a Must!
Key Points ● Compliance is NOT security ● Security is a State of Mind ● Liability for exposing customer data is Real & Expensive ● A Complete System is required for modern security
What Is Your Risk? Is your customer data leaking right now? How do you know? We can help you find out – right now Thank You!

More Related Content

PPTX
Lessons v on fraud awareness (digital forensics) [autosaved]
Kolluru N Rao
 
PDF
[Webinar Slides] The Simplest Route to Security and Compliance
AIIM International
 
PDF
What retailers want you to know about data security
National Retail Federation
 
PDF
140707_Cyber-Security
Tara Gravel
 
PPTX
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
 
PDF
Modern Adversaries (Amplify Partners)
Andrew Manoske
 
PDF
Cybersecurity and The Board
Paul Melson
 
PDF
Cyber Security 101: What Your Agency Needs to Know
Sandra Fathi
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Kolluru N Rao
 
[Webinar Slides] The Simplest Route to Security and Compliance
AIIM International
 
What retailers want you to know about data security
National Retail Federation
 
140707_Cyber-Security
Tara Gravel
 
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
 
Modern Adversaries (Amplify Partners)
Andrew Manoske
 
Cybersecurity and The Board
Paul Melson
 
Cyber Security 101: What Your Agency Needs to Know
Sandra Fathi
 

What's hot (20)

PPTX
When a Data Breach Happens, What's Your Plan?
Edge Pereira
 
PPT
The Security Director's Practical Guide to Cyber Security
Kevin Duffey
 
PDF
Top 10 leading fraud detection and prevention solution providers
Merry D'souza
 
PDF
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Knowledge Group
 
PPTX
SCIONETIX PRESENTATIONaarevised(1)
Tom Anderegg
 
PDF
Must Know Cyber Security Stats of 2016
DWP Information Architects Inc.
 
PDF
Data Security and MPS
PrintFleet
 
PDF
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 
PDF
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Shawn Tuma
 
PDF
The Anatomy of a Data Breach
David Hunt
 
PDF
Reasons to be secure
Meg Weber
 
PDF
Secure Wall - how should companies protect themselves from cyber crime?
Browne Jacobson LLP
 
PDF
The 2016 Ponemon Cost of a Data Breach Study
IBM Security
 
PDF
2017 in Review: Infosec Pros Look Back on the Year
Tripwire
 
PPTX
See How You Measure Up With MaaS360 Mobile Metrics
IBM Security
 
PDF
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
WPICPE
 
PPTX
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Ulf Mattsson
 
PDF
Close the Loop on Incident Response
IBM Security
 
DOCX
Possible cyber security threats of 2016
James_08
 
PPTX
Ethics and technologies - Cybersecurity landscape
Roman Trukhin
 
When a Data Breach Happens, What's Your Plan?
Edge Pereira
 
The Security Director's Practical Guide to Cyber Security
Kevin Duffey
 
Top 10 leading fraud detection and prevention solution providers
Merry D'souza
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Knowledge Group
 
SCIONETIX PRESENTATIONaarevised(1)
Tom Anderegg
 
Must Know Cyber Security Stats of 2016
DWP Information Architects Inc.
 
Data Security and MPS
PrintFleet
 
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Shawn Tuma
 
The Anatomy of a Data Breach
David Hunt
 
Reasons to be secure
Meg Weber
 
Secure Wall - how should companies protect themselves from cyber crime?
Browne Jacobson LLP
 
The 2016 Ponemon Cost of a Data Breach Study
IBM Security
 
2017 in Review: Infosec Pros Look Back on the Year
Tripwire
 
See How You Measure Up With MaaS360 Mobile Metrics
IBM Security
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
WPICPE
 
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Ulf Mattsson
 
Close the Loop on Incident Response
IBM Security
 
Possible cyber security threats of 2016
James_08
 
Ethics and technologies - Cybersecurity landscape
Roman Trukhin
 
Ad

Viewers also liked (11)

PPTX
Dr Roohullah Shabon International Work
Dr Roohullah Shabon
 
PDF
How to Effectively Manage a Data Breach
SecurityMetrics
 
PDF
Customize it.
Edmund Turbin
 
ODT
Renacimiento
Esperanza Barba Chacón
 
PPTX
Using Simulations for Instruction
FCT at LSSU
 
DOCX
Materi PAI KELAS VII
zahmier
 
PPTX
Top Baseball Pitching Program in the World
Shelby Mitchell
 
DOCX
Silabus pai smp, 21 22 januari 2016
zahmier
 
PDF
MANUAL DE UTILIZACION DE PROGRAMA PSPP
Santy Acurio
 
PPTX
Thesis Presentation
Emily Gerlach, MS, RDN, LD
 
PDF
超強力レーザーポインターオンラインショップを購入専門店おすすめ
goodlaser pen
 
Dr Roohullah Shabon International Work
Dr Roohullah Shabon
 
How to Effectively Manage a Data Breach
SecurityMetrics
 
Customize it.
Edmund Turbin
 
Renacimiento
Esperanza Barba Chacón
 
Using Simulations for Instruction
FCT at LSSU
 
Materi PAI KELAS VII
zahmier
 
Top Baseball Pitching Program in the World
Shelby Mitchell
 
Silabus pai smp, 21 22 januari 2016
zahmier
 
MANUAL DE UTILIZACION DE PROGRAMA PSPP
Santy Acurio
 
Thesis Presentation
Emily Gerlach, MS, RDN, LD
 
超強力レーザーポインターオンラインショップを購入専門店おすすめ
goodlaser pen
 
Ad

Similar to Forthright Security Lunch and Learn - Ransomware Focus 2 (20)

PDF
IESBGA 2014 Cybercrime Seminar by John Bambenek
John Bambenek
 
PPTX
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
PPTX
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
PDF
The Rise of Data Breaches in Small Businesses
First American Payment Systems
 
PDF
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
PDF
Cybersecurity and liability your david willson
David Willson, Attorney, CISSP, Security +
 
PPTX
Common sense security by Fortium Partners
DAVID BERGH
 
PDF
How Cyber-Secure is your Family Enterprise? A special report for clients of P...
Declan Winston Ramsaran
 
PPTX
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
PDF
Cyber Defense For SMB's
Guise Bule
 
PPTX
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
PPTX
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Randall Chase
 
PDF
We are living in a world where cyber security is a top priority for .pdf
galagirishp
 
PPT
Merit Event - Closing the Back Door in Your Systems
meritnorthwest
 
PPTX
Data Security for Nonprofits
NPowerCR
 
PDF
Kaspersky: Global IT Security Risks
Constantin Cocioaba
 
PDF
The 10 Secret Codes of Security
Karina Elise
 
PPTX
The CPAs Guide to Buying Cyber Insurance
Joseph Brunsman
 
PPTX
CPA firm Cyber Insurance Specifics
Joseph Brunsman
 
PPTX
Security Minded - Ransomware Awareness
Greg Wartes, MCP
 
IESBGA 2014 Cybercrime Seminar by John Bambenek
John Bambenek
 
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
The Rise of Data Breaches in Small Businesses
First American Payment Systems
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
Cybersecurity and liability your david willson
David Willson, Attorney, CISSP, Security +
 
Common sense security by Fortium Partners
DAVID BERGH
 
How Cyber-Secure is your Family Enterprise? A special report for clients of P...
Declan Winston Ramsaran
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
Cyber Defense For SMB's
Guise Bule
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Randall Chase
 
We are living in a world where cyber security is a top priority for .pdf
galagirishp
 
Merit Event - Closing the Back Door in Your Systems
meritnorthwest
 
Data Security for Nonprofits
NPowerCR
 
Kaspersky: Global IT Security Risks
Constantin Cocioaba
 
The 10 Secret Codes of Security
Karina Elise
 
The CPAs Guide to Buying Cyber Insurance
Joseph Brunsman
 
CPA firm Cyber Insurance Specifics
Joseph Brunsman
 
Security Minded - Ransomware Awareness
Greg Wartes, MCP
 

Forthright Security Lunch and Learn - Ransomware Focus 2

  • 1. Don't Be The Next Target! Protecting Your Business From The Latest Threats Welcome! Today’s subject: Protecting Your Company from Ransomware
  • 2. Trends SMB’s Are More And More Digital Small and Medium business has to compete more and more with Mega-stores. Most have: ● Web Sites ● eCommerce Orders ● Paypal ● Square ● Multiple Email Accounts ● Social Media Accounts ● Etc...
  • 3. Trends Big Data – Your Data Facebook leverages big data in it’s marketing Most businesses use Facebook in their marketing Every social media platform uses big data
  • 4. Trends Most SMB’s will be in the cloud soon Cloud services are lowering: ● Costs ● Complexities ● I.T. Staff
  • 5. Trends Bring Your Own Device(BYOD) is happening So what is happening to Security? Where is Business going to be exposed?
  • 6. Around the World ● Daily Cyber Attacks Against US Gov ● Dams, Water Treatment, Power Grids ● ISIS Paying Big Money to Hackers
  • 7. In The News ● Hollywood Hospital - $17,000 in Ransom ● Apple – 600,000 Incidents of Ransomware so far ● iPhone Encryption – FBI hacked it
  • 8. In The News “The New York State Attorney General’s office said that the number of breach notifications issued by his office had risen 40% during 2016 compared with the same period a year earlier.” - WSJ 05/05/16
  • 9. What Are The Threats? Bots, Phishing, Social Engineering, Malware of all sorts Who Has Been Affected? Millions spent to respond and Millions in lost revenue The Heritage Foundation Issue Brief #4487 on Cyber Security November 18, 2015 ● Morgan Stanley – 350,000 Client Records Stolen ● Anthem – 80 Million Client Records Stolen ● Penn State – 18,000 Student Records Stolen ● All Had Passwords - Firewalls - AntiVirus
  • 10. What Are The Threats? BYOD (Bring Your Own Device): ● 20 Years Ago Software was Expensive ● Now iPhone Apps are Free or 99 cents ● Just Search for what you need and install it What Could Go Wrong?
  • 11. What Are The Threats? Social Media: ● People used to keep things private ● Now everyone’s life is public ● So our exposure to risk is at new levels ● Now it’s Easy for Hackers to find personal info to use in a Social Engineering or Phishing Attack
  • 12. What Are The Threats? Cheap Wireless Routers: ● Installed Randomly for Convenience ● Can be an Easy Gateway into your company data from hundreds of feet away ● Most are never monitored for illegal access
  • 13. What Are The Threats? False Security: ● Passwords Don’t Work – Malware Doesn’t Care ● Insider Threats are Huge – Employees Steal Data ● The FBI says it takes an average of 14 months for companies to detect an intruder. Most won’t know until it’s too late.
  • 14. What Are The Threats? Internal: “90% of I.T. employees indicate that if they lost their jobs, they’d take sensitive company data with them... 59% of employees who leave an organization voluntarily or involuntarily, say they take sensitive data with them.” Deloitte via WSJ – 05/02/16
  • 15. Who Are The Targets? “...SMB’s make much more attractive targets for cyber- thieves” “...a data breach involving an SMB can be far more devastating for the company than a similar type breach at a larger company.” csattorneys.com Nov 5, 2014
  • 16. Ransomware “The FBI said the number of so-called ransomware attacks is on the rise. Hackers break into a corporate network, encrypt data and hold it ransom until the victim agrees to pay...” - WSJ 05/04/16
  • 17. Ransomware “More small businesses are falling victim to “ransomware…” “...Bitcoin is a preferred method of payment, partly because the use of bitcoin makes payments difficult to track.” WSJ – April 15, 2015
  • 18. Ransomware “...About 30% of ransomware victims pay to regain their data, estimates Tom Kellermann, chief cybersecurity officer for Trend Micro Inc., an Irving, Texas, cybersecurity firm.” WSJ – April 15, 2015
  • 19. How Can You Be Safe? Start with 3 important questions: 1) What are you Protecting? 2) What are the Threats? 3) What is happening right now?
  • 20. What Are You Trying To Protect? ● Company Secrets, Intellectual Property ● Customer Emails, Credit Card Details, Purchases ● Company Accounting System ● Patient Health Records ● What’s Important?
  • 21. What Are Your Threats To That? ● Contractors? ● Service Providers? ● Employees? ● Hackers? ● Ransomware?
  • 22. What Is Happening – Right Now? ● Do you know – right now – what is happening to that data? ● How will you respond to a breach? ● You are liable for it, Not the I.T. dept.
  • 23. What Can Be Done? Think about home security: What secures a home? Locks – Alarms – Dogs – What Else?
  • 24. What Can Be Done? Home Security Protect Detect Respond Doors Windows Locks Fence Alarms Motion Sensors Crime Watch Monitoring Dog Gun Police Insurance Which column is most important?
  • 25. What Can Be Done? Protect Detect Respond Doors Windows Locks Fence Alarms Motion Sensors Crime Watch Monitoring Dog Gun Police Insurance Must Have – But They ALL Break Must Be Able To Detect The Break Must Be Able To Respond Quickly You Cannot keep people out – But you can detect them
  • 26. A System Security is not Firewalls, Passwords Or Encryption Security Is A System The System is a combination of People, Policies, Training and Technology all working together
  • 27. (When) Will It Happen To You? ● That is the question. ● Everyday I work with small business who have Malware of all sorts on their business and personal computers. ● Much of it is designed to be a back door into the computer – bypassing firewalls and anti-virus. ● And some... the evil Ransomware ● Most SMB’s have no system to Detect and Respond in time
  • 28. Compliance Do Industry Compliance Standards = Security? PCI-DSS, HIPAA, Etc If Compliance = Security how do Hospitals, Financial Institutions and Retailers get hacked every day? Compliance <> Security!
  • 29. Cost and Liability The Ponemon Institute and Symantec estimates that it costs businesses $188 per record lost. Just 1000 records = $188,000 in one breach! Businesses also suffer potentially priceless damage to their reputation and trust.
  • 30. Cyber Insurance “...Cyber liability insurance coverage (CLIC) has been available for more than 12 years… The average cost of a data breach to the affected business is $3.8 million...a 23 percent increase since 2013...” CNN.com June 30, 2015
  • 31. Attitude? “Security is also a Frame of Mind... It’s about Culture, Structure and Strategy... Every aspect of doing business requires looking at it through a security lens...” Paraphrased from TheGuardian.com Mar 11, 2014
  • 32. How Do You Answer... ● Do you have Policies in place for proper handling of company data? ● Do you have a system to provide Security Intelligence? ● Do you have an Employee Cyber Security Training Program? Remember – Cybercrime is the fastest growing industry!
  • 33. Key Points ● Biggest Threat = Ransomware - Easy Money For Hackers ● Malware is SMART – Typical Anti-Virus is almost useless ● Most Big co’s have been hacked. SMB’s are even Easier ● Targeted Social Engineering attacks are growing fast ● Employee Security Awareness Training is a Must!
  • 34. Key Points ● Compliance is NOT security ● Security is a State of Mind ● Liability for exposing customer data is Real & Expensive ● A Complete System is required for modern security
  • 35. What Is Your Risk? Is your customer data leaking right now? How do you know? We can help you find out – right now Thank You!