Presented by Frederick J. Santarsiere

Transcription

1

2 Presented by Frederick J. Santarsiere CHFI, CISSP, CISM, CISA, CEH, CEI, CAP, SSCP Sec+, Net+, A+, MCSA, MCSE, MCITP, MCT CCENT, CCNA, CCNA Wireless, CCNA Voice CISCO SMBEN, SMBAM, CA Erwin SA

3 Club Director Written by: Frederick Santarsiere CTO CINO Ltd Companies

4 Cyber Security & Hacking Prevention Programs Risk Analysis - Vulnerability Scans to Full Penetration Testing Compliance Verification : PCI, HIPAA, SOX & ISO Security Consulting & Countermeasures Mitigation & Managed Security Services Documentation and Policy Review & Development Business Threat Intelligence Analysis & Reporting Physical Security Assessments & Countermeasure Installations Incident Response Plan (IRP) development and implementation Business Continuity Planning (BCP) & Disaster Recovery (DR) Development *Patented Key-Logger Protection Software*

5 Hacking vs. Ethical Hacking Hacking malicious attacker exploits vulnerabilities to compromise security controls and violate the Confidentiality, Integrity and availability of the system and the data. Ethical Hacking Simulating techniques used by Hackers to test the strength of controls to identify vulnerabilities which could be exploited. Ethical Hackers- Test the strength of the security controls

6 Why should you care? Reputation and the CLUB s name: CLUB s NAME TARNISHED LOSS of Membership (over security risk) Lawsuits : Prudent Man rule took precautionary measures vs. Negligence

7 Why should you care? Reputation and the CLUB s name: CLUB s NAME TARNISHED LOSS of Membership (over security risk) Lawsuits : Prudent Man rule took precautionary measures vs. Negligence You preserve the Great Historical past of your Club Hacker s don t live in the past!

8 New Battlefield Club s & Members data You are now on the radar of the attackers The world has evolved!!!

9 Lock Down Your World NOW!!! Take Preventive Measures SECURE YOUR BUSINESS ASSETS Lessons learned today can also help you protect your personal data as well

10 What are they looking for? Data that they can steal, use to extort and sell And you have Members Personal Data to protect!

11 How Do They Get Your Data? ATTACK VECTORS ATTACK VECTOR Pathways used to hack exploit vulnerability Attack Vectors = Vulnerability + Exploit

12 Constant VULNERABILITY Awareness Required!

13

14 IT products holes identified by the gov t: Cisco, Google, Microsoft

15 New Attack Vectors Constantly Identified

16 Security Functionality Triad qsecurity Functionality Security Triad Hardening removing unnecessary functionality Functionality Ease of Use Hospitality Industry There is usually NO Full-time Cyber Security Expert onsite constantly implementing Cyber-Security Best Practices

17 3 most common ATTACK Vectors!!! Vulnerabilities (we see in the hospitality industry repeatedly) How the VICTIM was EXPLOITED Countermeasures: How to not be the next VICTIM

18 3 most common Vulnerabilities we see in the hospitality industry repeatedly: Missing patches : Tuesday s Patch is Wednesday s Exploit End user awareness : phishing attacks,drive-by downloads Default settings & services : Swiss cheese network These Vulnerabilities increase your RISK of becoming the next VICTIM!!!

19 Typical Risk management Misconceptions Egg shell defense : "We already have a firewall already" vs. Defense in Depth Attackers now attack from inside out Operational Support vs. Security Support : "We have an IT administrator already"(no security specialist)

20 EXPLOITED: Recent Case study examples RANSOMWARE Extortion / Shutdown operations!!! (BYOD) DATA BREECH: PII (DOB,Social Security #s, charges) MALWARE distribution: club used as outward proxy Spamming blacklisted Website vandalized

21 Comprehensive Risk Management Work Effort - Hackers Look for the weakest link Report Card timeline now Current Threat Level Defensive Posture (POAM) Remediation List Desired State Best Practices

22 For More Info Contact Us: Cino Ltd Companies (516) ext. 312