Make Every Spin Count: Putting the Security Odds in Your Favor
Download as PPTX, PDF0 likes445 views
The document discusses strategies to improve cybersecurity and reduce the risk of data breaches, emphasizing the importance of understanding security odds based on the 2017 Verizon report. Key recommendations include enforcing strong password policies, implementing multi-factor authentication, network segmentation, and employee training to mitigate the human factor in security incidents. The author encourages taking incremental steps to enhance security practices and highlights that no system is completely hack-proof, but appropriate measures can deter most attacks.
Make Every Spin Count: Putting the Security Odds in Your Favor
- 1. Make Every Spin Count: Putting The Security Odds In Your Favor
- 2. About Me: • Director of Engineering at Cerdant • 13 years • Avid Golfer, Runner and Outdoorsman • Nerf Gun Enthusiast • Twitter - @joshuaskeens • joshua.skeens@cerdant.co m
- 3. Make Every Spin Count: Putting The Security Odds In Your Favor How can I put the odds in my favor? We first need to know what our odds are 2017 Verizon Report statistics Best “bets” to increase your security odds
- 4. Verizon Report 2017 10th Annual DBIR Report 65 Sources Includes Breaches Incidents
- 7. Let’s stop gambling with our data. • It’s never going to happen to me! • I’ve got a firewall and Anti-virus I’m unhackable! • My users never click on links they shouldn’t
- 8. Verizon Report 2017 61% • of the data breach victims in this year’s report are businesses with under 1,000 employees
- 9. Verizon Report 2017 80% • of hacking-related breaches leveraged either stolen passwords and/or weak or guessable passwords. 95% • of phishing attacks that led to a breach were followed by some sort of software installation. • 1 in 14 people were tricked into opening a link or attachment they shouldn't • 25% of those people were tricked into doing it again
- 10. Top 25 Passwords of 2016 123456 123456789 qwerty 12345678 111111 123456789 0 1234567 password 123123 987654321 qwertyuiop mynoob 123321 666666 18atcskd2 w 7777777 1q2w3e4r 654321 555555 3rjs1la7qe google 1q2w3e4r5 t 123qwe zxcvbnm 1q2w3e
- 11. Was your password on that list??!!
- 12. What is a hacker?!
- 13. Let’s stop gambling and let’s starting WINNING! Nothing is hack proof But we don’t want to make anything easy Most hackers don’t want to work that hard What steps can we take to put the odds in our favor?
- 14. Stacking the Odds in your favor Passwords Enforce Password Complexity 8+ characters Require Upper Case, Lower Case, Special Characters and Numbers Password Rotation Teach password creation Yahoo & LinkedIn 2FA – use it EVERYWHERE!!! https://twofactorauth.org/ Minimize Privileges No Local Admin rights No Domain Admin rights Different Local Admin for each machine Microsoft LAPS
- 15. Stacking the Odds in your favor…. Command Line (cmd) Disable access Most users don’t need access to CMD PowerShell Disable access BUT…..some users do need PowerShell access Grant Privileges via AD Groups Enable it when needed – default should be disabled
- 16. Stacking the Odds in your favor…. Network Segmentation VLANs, VLANs, VLANs Isolate devices and departments DMZ for public facing servers Wireless Segmentation Multiple SSIDs Employees BYOD Guest
- 17. Stacking the Odds in your favor…. Protect the Gateway Next Generation Firewall SonicWALL!! Strong Access Lists Yes strict outbound port policies Audit your ruleset regularly DPI-SSL 60% to 70% of all traffic is encrypted now Scan for and block Applications Capture ATP Sandbox Malicious files before they even make it onto the network
- 18. Stacking the Odds in your favor…. Anti-virus Deploy Anti-virus at the End Point New Artificial Intelligence (AI) AV Cylance No database No patient-zero Doesn’t need Internet Access to pull updates 98% effective rate Cloud Management Signature-based AV solutions are less than 40% effective POC – ZERODay!
- 19. Stacking the Odds in your favor…. OS Patching Move to supported OS Schedule routine patching Application Patching Patch Applications Security Patches
- 20. Stacking the Odds in your favor…. Device Inventory Management Spiceworks WhatsUp ManageEngine Application Inventory Management Ninite Spiceworks ManageEngine
- 21. Stacking the Odds in your favor…. Attached Device Management Should employees be allowed to connect USB drives? Disable feature Provide company USBs Lock down USBs to specific OUIs *Cylance* Data Backup Backup critical data daily Do scheduled restores to test data backup validity
- 22. Stacking the Odds in your favor…. Application Whitelisting Only allow “Approved” Applications to run Cylance Windows has Application Whitelisting Built-in Lockdown DNS Access Enforce DNS access to Local Server(s) only Lockdown outbound DNS access to DNS Servers only Vulnerability/Network Assessments
- 23. Why the Hackers “house” normally win
- 24. Stacking the Odds in your favor…. Employees Single largest Security Risk At least 60% of all incidents can be contributed to employees Easiest attack angle What can be done? Train employees on proper Email and Web browsing etiquette KnowBe4 PhishMe Gauge employee computer & security knowledge Train employees on security awareness, and reward them for reporting suspicious activity
- 25. You might be feeling like this now…
- 26. But You can do this! • The 1st thing is to just get started • Don’t be paralyzed • Create your list and implement 1 new security practice each week • Schedule quarterly security reviews as soon as you get back to the office • There is no shame in doing the easiest 1st • Anything is better than nothing
- 27. THANK YOU!!!!!