cyber-attacks best practices · 2019-06-14 · data breach plan for over 50% of respondents....
TRANSCRIPT
Cyber-Attacks Best PracticesHow DVPLT Members minimize their exposure toCyber-AttacksPresented by:Neil L McGarry, Sr.Director of Information TechnologyJune 20, 2019
DVPLT Conference Questionnaire Results
6/14/2019 ©2018 Delaware Valley Trusts. Proprietary and Confidential Information. 2
Yes12%
No44%
Not sure37%
No Response7%
Do you have a Cyber Breach Plan in Place?(Respondents = 41)
Yes No Not sure No Response
Data Breach Plan for over 50% of respondents
Perimeter SecurityFundamentalsPieces of the Puzzle
6/14/2019 ©2018 Delaware Valley Trusts. Proprietary and Confidential Information. 3
Pieces of the Puzzle• Firewalls
• A firewall is a chokepoint device that has a set of rules specifying what traffic it willallow or deny to pass through it. A firewall typically picks up where your Internetservice provider leaves off and makes a much more thorough pass at filteringtraffic.
• Intrusion Detection Systems (IDS)• An IDS is like a burglar alarm system for your network that is used to detect and
alert on malicious events. The system might comprise many different IDS sensorsplaced at strategic points in your network
• Intrusion Prevention Systems (IPS)• An IPS is a system that automatically detects and thwarts computer attacks
against protected resources. In contrast to a traditional IDS, which focuses onnotifying the administrator of anomalies, an IPS strives to automatically defend thetarget without the administrator's direct involvement.
Pieces of the Puzzle (Continued)• Virtual Private Networks (VPN)
• A VPN is a protected network session formed across an unprotected channelsuch as the Internet. Frequently, we reference a VPN in terms of the device on theperimeter that enables the encrypted session
• Advanced Malware Protection (AMP) Software architecture• AMP for Email Security
• AMP for Web Security
• De-Militarized Zones and Screened Subnets• We typically use the terms DMZ and screened subnet in reference to a small
network containing public services connected directly to and offered protection bythe firewall or other filtering device. A DMZ and a screened subnet are slightlydifferent, even though many people use the terms interchangeably.
Pieces of the Puzzle (Overview) Email / Remote Access Layer
AMP, Barracuda, etc. Remote Access Layer VPN Connections
Security Layer AMP Intrusion Detection Systems
Productivity Layer Firewall Rules AMP, Barracuda, etc. Web Content Control System
Privacy Layer AMP, Barracuda, etc. Email Encryption solutions
DVPLT Conference Questionnaire Results
6/14/2019 ©2018 Delaware Valley Trusts. Proprietary and Confidential Information. 7
25
19
12
15
19
15
10
17
7 7
0
5
10
15
20
25
30
WebFiltering
AntivirusService
Antispam AdvancedMalware
Protection
IntrusionPrevention
Service
WebApplication
SecurityService
DomainReputation
Service
IPReputation
VirusOutbreakProtectionServices
MobileSecurity
Subscription Services used by our DVPLT Members (Respondents = 41)
Count DVPLT Members Using this Subscription Service
DVPLT Conference Questionnaire Results
6/14/2019 ©2018 Delaware Valley Trusts. Proprietary and Confidential Information. 8
Cisco14%
Fortinet16%
SonicWall37%
WatchGuard12%
Other21%
Firewall Manufacturer
Cisco Fortinet SonicWallWatchGuard Other
No29%
Yes37%
Not sure22%
No Response12%
Has your entity ever formally tested itsnetwork for vulnerabilities or performed a
Risk Assessment?
No Yes Not sure No Response
Email Security, FundamentalsEmail - Types of Attack Types
6/14/2019 ©2018 Delaware Valley Trusts. Proprietary and Confidential Information. 9
Email - Types of Attack TypesThreat 1: Ransomware
Ransomware is a type of malware thatprevents or limits users from accessing theirsystem, either by locking the system's screenor by locking the users' files unless a ransom ispaid.
More modern ransomware families, collectivelycategorized as crypto-ransomware, encryptcertain file types on infected systems andforces users to pay the ransom through certainonline payment methods to get a decrypt key.
Email - Types of Attack TypesThreat 2: Phishing: Not Same As Fishing! ...
Phishing is a cybercrime in which a target or targets are contacted by email, byposing as a legitimate institution to lure individuals into providing sensitive data suchas personally identifiable information, banking and credit card details, andpasswords.
Threat 3: Spear Phishing: More Targeted Form of Phishing! ...The fraudulent practice of sending emails ostensibly from a known or trusted senderin order to induce targeted individuals to reveal confidential information.
Threat 4: Whaling (Phishing)Whaling attacks are online attacks aimed to acquire sensitive information. ... The keydifference between whaling and spear-phishing is that whaling attacks targetspecific, high ranking victims within a company, whereas a spear-phishing attackscan be used to target any individual.
Email - Types of Attack TypesHow Phishing Works:
Email - Types of Attack TypesThreat 5: Spoofing: Act of Tricking Someone! ...
Email spoofing is the forgery of anemail header so that the message appearsto have originated from someone orsomewhere other than the actual source.
Email spoofing is a popular tactic usedin phishing and spam campaigns becausepeople are more likely to open an emailwhen they think it has been sent by alegitimate or familiar source.
The goal of email spoofing is to getrecipients to open, and possibly evenrespond to, a solicitation.
Email – Solutions to protect Email Advanced Threat Protection
Cisco – AMP Microsoft - Advanced Threat Protection Barracuda - Advanced Threat Protection Fortinet - Advanced Threat Protection
IP Reputation & Anti-botnet Security Domain Reputation Service User Training
Think Before You Click! – It’s fine to click on links when you’re on trusted sites. Clicking on links that appear in randomemails and instant messages, however, isn’t such a smart move. Hover over links that you are unsure of before clickingon them. Do they lead where they are supposed to lead?
When in doubt, go directly to the source rather than clicking a potentially dangerous link.
DVPLT Conference Questionnaire Results
6/14/2019 ©2018 Delaware Valley Trusts. Proprietary and Confidential Information. 15
Yes59%
No29%
No Response12%
Are your users / staff trained in how to identify unusual emails?
Yes No No Response
Email – Final Thoughts (Phishing Video)
Data Backups3-2-1 Data Backup Strategy
6/14/2019 ©2018 Delaware Valley Trusts. Proprietary and Confidential Information. 17
What is the 3-2-1 backup method ? 3 - copies of your data. 2 - different storage types 1 - copy of the data offsite
A Note about Flash DrivesFlash drives are very convenient places to store data. However, flash drives, like all storage media, degrade over time. They are also very small and easilylost or broken. For this second reason especially, it is not recommended that one of your 3 copies of your data be stored on a flash drive.
Storage Options• Desktop Computers
and Laptops• Networked Drives• External Hard Drives• Optical Storage• Cloud StorageNote: All backup jobsshould be encrypted witha high strength password
Examples of Weak and Strong PasswordsWeak : Dictionary hacking tools that use an English dictionary list easily find words thatare contained in that dictionary. If the simple word doesn't give access to an account, thetool modifies the submission and tries other iterations of the same word.
Strong : The best way to create a secure password is to start with a simple passwordand turn it into one that's much more complex.
OK Password Better Password Excellent Passwordkitty 1Kitty 1Ki77y
susan Susan53 .Susan53jellyfish jelly22fish jelly22fi$husher !usher !ush3r
deltagamma deltagamm@ d3ltagamm@ilovemypiano !LoveMyPiano !Lov3MyPiano
Sterling SterlingGmal2015 SterlingGmail20.15
DVPLT Conference Questionnaire Results
6/14/2019 ©2018 Delaware Valley Trusts. Proprietary and Confidential Information. 20
3
1 1 1
2
1
7
1 1 1 1
2
1
11
1
6
0
2
4
6
8
10
12Question: What are you using for your Snapshot / backup solution?
Backup Solutions Deployed
DVPLT Conference Questionnaire Results
6/14/2019 ©2018 Delaware Valley Trusts. Proprietary and Confidential Information. 21
12
23
6
Are your Backups Encrypted?(Respondents = 41)
No Yes No Response
Question:Do you know where the EncryptionKey is stored?How often do you test your BackupSets?
Backup – DVPLT Value-Added ServiceDVPLT Offsite Backup ProgramIn January 2018 DV Trusts was approved as a Veeam Cloud Connect Service Partner
New DVPLT Training SeminarSecurity Awareness Training ProgramThe target audience for this program will be DVPLT Member’s staff
Course Content includes, but is not limited to, the following:
E-mail practices Working remotely Browsing practices Mobile device practices
Social engineering attacks Password best practices Spotting adware and phishing Shoulder Surfing
Expected Rollout of program September of 2019
Thank you.