http://cinoltd.com/ Presented by Frederick J. Santarsiere CHFI, CISSP, CISM, CISA, CEH, CEI, CAP, SSCP Sec+, Net+, A+, MCSA, MCSE, MCITP, MCT CCENT, CCNA, CCNA Wireless, CCNA Voice CISCO SMBEN, SMBAM, CA Erwin SA
Club Director Written by: Frederick Santarsiere CTO CINO Ltd Companies
Cyber Security & Hacking Prevention Programs Risk Analysis - Vulnerability Scans to Full Penetration Testing Compliance Verification : PCI, HIPAA, SOX & ISO 27001 Security Consulting & Countermeasures Mitigation & Managed Security Services Documentation and Policy Review & Development Business Threat Intelligence Analysis & Reporting Physical Security Assessments & Countermeasure Installations Incident Response Plan (IRP) development and implementation Business Continuity Planning (BCP) & Disaster Recovery (DR) Development *Patented Key-Logger Protection Software*
Hacking vs. Ethical Hacking Hacking malicious attacker exploits vulnerabilities to compromise security controls and violate the Confidentiality, Integrity and availability of the system and the data. Ethical Hacking Simulating techniques used by Hackers to test the strength of controls to identify vulnerabilities which could be exploited. Ethical Hackers- Test the strength of the security controls
Why should you care? Reputation and the CLUB s name: CLUB s NAME TARNISHED LOSS of Membership (over security risk) Lawsuits : Prudent Man rule took precautionary measures vs. Negligence
Why should you care? Reputation and the CLUB s name: CLUB s NAME TARNISHED LOSS of Membership (over security risk) Lawsuits : Prudent Man rule took precautionary measures vs. Negligence You preserve the Great Historical past of your Club Hacker s don t live in the past!
New Battlefield Club s & Members data You are now on the radar of the attackers The world has evolved!!!
Lock Down Your World NOW!!! Take Preventive Measures SECURE YOUR BUSINESS ASSETS Lessons learned today can also help you protect your personal data as well
What are they looking for? Data that they can steal, use to extort and sell And you have Members Personal Data to protect!
How Do They Get Your Data? ATTACK VECTORS ATTACK VECTOR Pathways used to hack exploit vulnerability Attack Vectors = Vulnerability + Exploit
Constant VULNERABILITY Awareness Required!
IT products holes identified by the gov t: Cisco, Google, Microsoft
New Attack Vectors Constantly Identified
Security Functionality Triad qsecurity Functionality Security Triad Hardening removing unnecessary functionality Functionality Ease of Use Hospitality Industry There is usually NO Full-time Cyber Security Expert onsite constantly implementing Cyber-Security Best Practices
3 most common ATTACK Vectors!!! Vulnerabilities (we see in the hospitality industry repeatedly) How the VICTIM was EXPLOITED Countermeasures: How to not be the next VICTIM
3 most common Vulnerabilities we see in the hospitality industry repeatedly: Missing patches : Tuesday s Patch is Wednesday s Exploit End user awareness : phishing attacks,drive-by downloads Default settings & services : Swiss cheese network These Vulnerabilities increase your RISK of becoming the next VICTIM!!!
Typical Risk management Misconceptions Egg shell defense : "We already have a firewall already" vs. Defense in Depth Attackers now attack from inside out Operational Support vs. Security Support : "We have an IT administrator already"(no security specialist)
EXPLOITED: Recent Case study examples RANSOMWARE Extortion / Shutdown operations!!! (BYOD) DATA BREECH: PII (DOB,Social Security #s, charges) MALWARE distribution: club used as outward proxy Spamming blacklisted Website vandalized
Comprehensive Risk Management Work Effort - Hackers Look for the weakest link Report Card timeline now Current Threat Level Defensive Posture (POAM) Remediation List Desired State Best Practices
For More Info Contact Us: Cino Ltd Companies (516) 932-0317 ext. 312 safe@cinoltd.com