cyber-attacks best practices · 2019-06-14 · data breach plan for over 50% of respondents....

Cyber-Attacks Best PracticesHow DVPLT Members minimize their exposure toCyber-AttacksPresented by:Neil L McGarry, Sr.Director of Information TechnologyJune 20, 2019

DVPLT Conference Questionnaire Results

6/14/2019 ©2018 Delaware Valley Trusts. Proprietary and Confidential Information. 2

Yes12%

No44%

Not sure37%

No Response7%

Do you have a Cyber Breach Plan in Place?(Respondents = 41)

Yes No Not sure No Response

Data Breach Plan for over 50% of respondents

Perimeter SecurityFundamentalsPieces of the Puzzle


Pieces of the Puzzle• Firewalls

• A firewall is a chokepoint device that has a set of rules specifying what traffic it willallow or deny to pass through it. A firewall typically picks up where your Internetservice provider leaves off and makes a much more thorough pass at filteringtraffic.

• Intrusion Detection Systems (IDS)• An IDS is like a burglar alarm system for your network that is used to detect and

alert on malicious events. The system might comprise many different IDS sensorsplaced at strategic points in your network

• Intrusion Prevention Systems (IPS)• An IPS is a system that automatically detects and thwarts computer attacks

against protected resources. In contrast to a traditional IDS, which focuses onnotifying the administrator of anomalies, an IPS strives to automatically defend thetarget without the administrator's direct involvement.

Pieces of the Puzzle (Continued)• Virtual Private Networks (VPN)

• A VPN is a protected network session formed across an unprotected channelsuch as the Internet. Frequently, we reference a VPN in terms of the device on theperimeter that enables the encrypted session

• Advanced Malware Protection (AMP) Software architecture• AMP for Email Security

• AMP for Web Security

• De-Militarized Zones and Screened Subnets• We typically use the terms DMZ and screened subnet in reference to a small

network containing public services connected directly to and offered protection bythe firewall or other filtering device. A DMZ and a screened subnet are slightlydifferent, even though many people use the terms interchangeably.

Pieces of the Puzzle (Overview) Email / Remote Access Layer

AMP, Barracuda, etc. Remote Access Layer VPN Connections

Security Layer AMP Intrusion Detection Systems

Productivity Layer Firewall Rules AMP, Barracuda, etc. Web Content Control System

Privacy Layer AMP, Barracuda, etc. Email Encryption solutions



25

19

12

15

19

15

10

17

7 7

0

5

10

15

20

25

30

WebFiltering

AntivirusService

Antispam AdvancedMalware

Protection

IntrusionPrevention

Service

WebApplication

SecurityService

DomainReputation

Service

IPReputation

VirusOutbreakProtectionServices

MobileSecurity

Subscription Services used by our DVPLT Members (Respondents = 41)

Count DVPLT Members Using this Subscription Service



Cisco14%

Fortinet16%

SonicWall37%

WatchGuard12%

Other21%

Firewall Manufacturer

Cisco Fortinet SonicWallWatchGuard Other

No29%

Yes37%

Not sure22%

No Response12%

Has your entity ever formally tested itsnetwork for vulnerabilities or performed a

Risk Assessment?

No Yes Not sure No Response

Email Security, FundamentalsEmail - Types of Attack Types


Email - Types of Attack TypesThreat 1: Ransomware

Ransomware is a type of malware thatprevents or limits users from accessing theirsystem, either by locking the system's screenor by locking the users' files unless a ransom ispaid.

More modern ransomware families, collectivelycategorized as crypto-ransomware, encryptcertain file types on infected systems andforces users to pay the ransom through certainonline payment methods to get a decrypt key.

Email - Types of Attack TypesThreat 2: Phishing: Not Same As Fishing! ...

Phishing is a cybercrime in which a target or targets are contacted by email, byposing as a legitimate institution to lure individuals into providing sensitive data suchas personally identifiable information, banking and credit card details, andpasswords.

Threat 3: Spear Phishing: More Targeted Form of Phishing! ...The fraudulent practice of sending emails ostensibly from a known or trusted senderin order to induce targeted individuals to reveal confidential information.

Threat 4: Whaling (Phishing)Whaling attacks are online attacks aimed to acquire sensitive information. ... The keydifference between whaling and spear-phishing is that whaling attacks targetspecific, high ranking victims within a company, whereas a spear-phishing attackscan be used to target any individual.

Email - Types of Attack TypesHow Phishing Works:

Email - Types of Attack TypesThreat 5: Spoofing: Act of Tricking Someone! ...

Email spoofing is the forgery of anemail header so that the message appearsto have originated from someone orsomewhere other than the actual source.

Email spoofing is a popular tactic usedin phishing and spam campaigns becausepeople are more likely to open an emailwhen they think it has been sent by alegitimate or familiar source.

The goal of email spoofing is to getrecipients to open, and possibly evenrespond to, a solicitation.

Email – Solutions to protect Email Advanced Threat Protection

Cisco – AMP Microsoft - Advanced Threat Protection Barracuda - Advanced Threat Protection Fortinet - Advanced Threat Protection

IP Reputation & Anti-botnet Security Domain Reputation Service User Training

Think Before You Click! – It’s fine to click on links when you’re on trusted sites. Clicking on links that appear in randomemails and instant messages, however, isn’t such a smart move. Hover over links that you are unsure of before clickingon them. Do they lead where they are supposed to lead?

When in doubt, go directly to the source rather than clicking a potentially dangerous link.



Yes59%

No29%

No Response12%

Are your users / staff trained in how to identify unusual emails?

Yes No No Response

Email – Final Thoughts (Phishing Video)

Data Backups3-2-1 Data Backup Strategy


What is the 3-2-1 backup method ? 3 - copies of your data. 2 - different storage types 1 - copy of the data offsite

A Note about Flash DrivesFlash drives are very convenient places to store data. However, flash drives, like all storage media, degrade over time. They are also very small and easilylost or broken. For this second reason especially, it is not recommended that one of your 3 copies of your data be stored on a flash drive.

Storage Options• Desktop Computers

and Laptops• Networked Drives• External Hard Drives• Optical Storage• Cloud StorageNote: All backup jobsshould be encrypted witha high strength password

Examples of Weak and Strong PasswordsWeak : Dictionary hacking tools that use an English dictionary list easily find words thatare contained in that dictionary. If the simple word doesn't give access to an account, thetool modifies the submission and tries other iterations of the same word.

Strong : The best way to create a secure password is to start with a simple passwordand turn it into one that's much more complex.

OK Password Better Password Excellent Passwordkitty 1Kitty 1Ki77y

susan Susan53 .Susan53jellyfish jelly22fish jelly22fi$husher !usher !ush3r

deltagamma deltagamm@ d3ltagamm@ilovemypiano !LoveMyPiano !Lov3MyPiano

Sterling SterlingGmal2015 SterlingGmail20.15



3

1 1 1

2

1

7

1 1 1 1

2

1

11

1

6

0

2

4

6

8

10

12Question: What are you using for your Snapshot / backup solution?

Backup Solutions Deployed



12

23

6

Are your Backups Encrypted?(Respondents = 41)

No Yes No Response

Question:Do you know where the EncryptionKey is stored?How often do you test your BackupSets?

Backup – DVPLT Value-Added ServiceDVPLT Offsite Backup ProgramIn January 2018 DV Trusts was approved as a Veeam Cloud Connect Service Partner

New DVPLT Training SeminarSecurity Awareness Training ProgramThe target audience for this program will be DVPLT Member’s staff

Course Content includes, but is not limited to, the following:

E-mail practices Working remotely Browsing practices Mobile device practices

Social engineering attacks Password best practices Spotting adware and phishing Shoulder Surfing

Expected Rollout of program September of 2019

Thank you.

cyber-attacks best practices · 2019-06-14 · data breach plan for over 50% of respondents....

Documents