The SMB Cyber Security Survival Guide

Similar documents
Cyber Security. John Leek Chief Strategist

10 Smart Ideas for. Keeping Data Safe. From Hackers

Good Bot, Bad Bot, Ugly Bot. Battle of the Bots!

Top 10 Tips to Keep Your Small Business Safe

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

Cybersecurity Policies and Best Practices: Protecting small firms, large firms, and professional services from malware and other cyber-threats

Are You A Sitting Duck?

I ve been breached! Now what?

NATIONAL CYBER SECURITY AWARENESS MONTH

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

How-To Guide: Cyber Security. Content Provided by

SMALL BUSINESS IT SECURITY PRACTICAL GUIDE

SMALL BUSINESS IT SECURITY PRACTICAL GUIDE

Internet threats: steps to security for your small business

SHS Annual Information Security Training

Presented By: Corporate Security Information Security Treasury Management

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT -BASED THREATS

Managing Web Security in an Increasingly Challenging Threat Landscape

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

National Cyber Security Month 2015: Daily Security Awareness Tips

Certified Secure Computer User

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

2012 Endpoint Security Best Practices Survey

IIABSC Spring Conference

Parent$Coffee$Presents:$ The$Security$Geek s$guide$to$your$personal$ Security$

Ibrahim Yusuf Presales Engineer at Sophos Smartphones and BYOD: what are the risks and how do you manage them?

Cyber Self Assessment

What are the common online dangers?

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

Almost 400 million people 1 fall victim to cybercrime every year.

TMCEC CYBER SECURITY TRAINING

Modern two-factor authentication: Easy. Affordable. Secure.

Property of Secure Network Technologies-Do Not Distribute or Post Without Written Permission-Copyrights and Trademark Apply

Malware & Botnets. Botnets

High Speed Internet - User Guide. Welcome to. your world.

AVG AntiVirus. How does this benefit you?

Computer Security Literacy

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Information Security for the Rest of Us

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

Information Security Addressing Your Advanced Threats

Security Challenges and Solutions for Higher Education. May 2011

The Evolution of Data Breaches

Senaca Shield Presents 10 Top Tip For Small Business Cyber Security

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

A practical guide to IT security

ecommercial SAT ecommercial Security Awareness Training Version 3.0

Roger s Cyber Security and Compliance Mini-Guide

10 Quick Tips to Mobile Security

Cyber Security Awareness. Internet Safety Intro.

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

GUIDE TO KEEPING YOUR SOCIAL MEDIA ACCOUNTS SECURE

Internet Malware Threats for School and Students

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference

STOP Cybercriminals and. security attacks ControlNow TM Whitepaper

Simplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

Medical Information Breaches: Are Your Records Safe?

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

Innovations in Network Security

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

FFIEC CONSUMER GUIDANCE

Don t Fall Victim to Cybercrime:

Cyber Security. Maintaining Your Identity on the Net

A brief on Two-Factor Authentication

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

Jim Bray, Cyber Security Adviser InfoSight, Inc.

Advanced Biometric Technology

Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015

overview Enterprise Security Solutions

Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager

Security & Compliance, Sikich LLP

DATA SECURITY HACKS, HIPAA AND HUMAN RISKS

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

Introduction to Security by Brandon, deliverability engineer

Win the Internet Security War. Keep Internet Criminals Out of Your Network and Protect Your Business

Preventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

Is your business secure in a hosted world?

How To Protect Yourself From A Hacker Attack

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

Everyone s online, but not everyone s secure. It s up to you to make sure that your family is.

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

2009 Antispyware Coalition Public Workshop

TRITON APX. Websense TRITON APX

Jort Kollerie SonicWALL

FORBIDDEN - Ethical Hacking Workshop Duration

Chapter 15: Computer and Network Security

Why is a strong password important?

Connect Smart for Business SME TOOLKIT

for businesses with more than 25 seats

Transcription:

The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist

The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today s hostile environment SMBs must Hold the line against older threats like physical theft and corrupt insiders, while addressing more recent concerns like spear-phishing, online scams, fraud and company data on mobile devices (which may not belong to the company)

The survival guide Build a road map and checklist Help SMBs navigate the current security landscape Stay one step ahead of the bad guys What do they want? How do they go after it?

What s the value of a hacked or stolen PC, Mac, smartphone, tablet or server? Phishing site Malware download site Warez piracy server Child porn server Spam site Web server Botnet activity Spam zombie DDoS extortion zombie Click fraud zombie Anonymization proxy CAPTCHA solving zombie Harvest email contacts Harvest associated accounts Access to corporate email Webmail spam Stranded abroad scams Email attacks Account credentials ebay/paypal fake auctions Online gaming credentials Website FTP credentials Skype/VoIP credentials Encryption certificates Online gaming characters Online gaming goods/$$$ PC game license keys OS license key Virtual goods Financial credentials Bank account data Credit card data Stock and 401K accounts Wire transfer data Facebook Twitter LinkedIn Google+ Reputation hijacking Hostage attacks Fake antivirus Ransomware Email account ransom Webcam image extortion Based on original work by Brian Krebs: krebsonsecurity.com

The face of cybercrime today Well-funded Organized Efficient Skilled Global Relentless Expanding www.fbi.gov/wanted/cyber

Tools of the trade

Sophisticated, profit-seeking, market-based economy

The SMB sweet spot for the cyber-criminally inclined Big enterprise Assets worth looting SMB sweet spot Consumers Level of protection

720 security breaches analyzed by size of organization (employees) Over 100,000 10,001 to 100,000 1,001 to 10,000 101 to 1,000 11 to 100 1 to 10 SMBs 0 200 400 600 Verizon 2012 Data Breach Investigations Report

The road map goes A B C D E F Assess your assets, risks, resources Build your policy Choose your controls Deploy controls Educate employees, execs, vendors Further assess, audit, test A B C D E F F E D C B A

Assess your assets, risks, resources Assets: digital, physical If you don t know what you ve got You can t protect it! Risks Who or what is the threat? Resources In house, hired, partners, trade groups, associations

Build your policy Security begins with policy Policy begins with C-level buy-in High-level commitment to protecting the privacy and security of data Then simple rules for how to control access

Choose the controls you will use to enforce your policies For example: Only authorized employees can access certain data Control: Require identification and authentication of all employees via unique user name and password Limit access through application(s) by requiring authentication Log all access

Deploy controls and make sure they work Put control in place; for example, antivirus (anti-malware, antiphishing, anti-spam) Test control Does it work technically? Does it work with your work? Can employees work it?

Educate employees, execs, vendors, partners Everyone needs to know What the security policies are, and How to comply with them through proper use of controls Pay attention to any information-sharing relationships Vendors, partners, even clients Clearly state consequences of failure to comply

Further assess, audit, test This is a process, not a project Lay out a plan to assess security on a periodic basis Plan to stay up-to-date on emerging threats Be vigilant around change New vendor relationships Employees departing Hiring practices

Checklist Do you know what data you are handling? Do your employees understand their duty to protect the data? Have you given them the tools to work with? Can you tie all data access to specific people, times and devices?

Checklist (continued) Have you off-loaded security to someone else? Managed service provider Privacy cloud provider Public cloud provider Be sure you understand the contract You can t off-load your liability Ask how security is handled, what assurances are given

Checklist (continued) Firewalls, AV scanners, encryption Not perfect, but they do the heavy lifting Physical security Premises Devices (password protected?) Services Beyond passwords Two-factor authentication (2FA) Soft or hard tokens, biometrics

If you could only check 2 things? How do data breaches occur? 1. Malware involved in 69% of breaches 2. Hacking* used in 81% of breaches Breaches combining malware and hacking: 61% *80% of hacking is passwords: default, missing, guessed, stolen, cracked Verizon 2012 Data Breach Investigations Report

The Top 2 Things? Two main attacks. and defenses Malware Scanning Hacking Authentication

Scanning requires proper implementation AV use at a sample of 80 healthcare facilities Require AV on mobile devices Scan devices prior to connection Scan devices while connected 0% 20% 40% Ponemon Institute Third Annual Benchmark Study on Patient Privacy & Data Security

Authentication requires more than passwords Passwords exposed in 2012: 75,000,000 And those are just the ones we know about Need to add a second factor to authentication

The Top 2 Things Malware SMART Scanning Hacking STRONG Authentication Plus policies and training to implement effectively

THANK YOU STEPHEN COBB stephen.cobb@eset.com WeLiveSecurity.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information