trends in cybersecurity risk - farmer co-ops conference · wealth advisory | outsourcing | audit,...
TRANSCRIPT
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor. | ©2016 CliftonLarsonAllen LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor. | ©2016 CliftonLarsonAllen LLP
Trends in Cybersecurity Risk
Farmer Cooperatives Conference November 2016
©20
16 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
Raise Your Hand If…
2
©20
16 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
Everything Can Talk to Everything….
3
• My product or system can talk to yours!• How do we manage that???
©20
16 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
Organized Crime• Cybercrime for Profit: Hackers have
“monetized” their activity– Theft of… PII / PFI /Credit Card Information– Account Take Overs– Interference with operations and availability
• Cybercrime as an Industry:– Markets, Suppliers and Service providers
(“cybercrime as a service”) – Financing and Trading systems– Proliferation of business models and
Specialization
4
©20
16 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
Phishing Is One Entry Point
5
©20
16 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
• CEO asks the CFO…• Common mistakes
1. Use of private email2. “Don’t tell anyone”
• Safeguards1. Never use email for sole method
of authorization2. Ensure recipient has VERBALLY
validated with “source” of email for financial transactions
• http://www.csoonline.com/article/2884339/malware-cybercrime/omahas-scoular-co-loses-17-million-after-spearphishing-attack.html
Persuasion Attack – CEO Impersonation
6
©20
16 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
Ransomware
http://www.engadget.com/2016/02/19/hospital-ransomware-a-chilling-wake-up-call/ 7
©20
16 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
Ransomware
8
©20
16 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
Ransomware
• Malware encrypts everything it can interact with
9
©20
16 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
Policies• SANS/CIS 20
Critical Controls
10
People Rules
`
Tools
©20
16 C
lifto
nLar
sonA
llen
LLP
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING
Defined Standards
11
• Secure Standard Builds• Disciplined Change
Management• Consistent Exception
Control and Documentation
• Documentation
twitter.com/CLAconnectfacebook.com/cliftonlarsonallen
linkedin.com/company/cliftonlarsonallen
©20
16 C
lifto
nLar
sonA
llen
LLP
CLAconnect.com
twitter.com/CLAconnectfacebook.com/cliftonlarsonallen
linkedin.com/company/cliftonlarsonallen
©20
16 C
lifto
nLar
sonA
llen
LLP
CLAconnect.com
Randy Romes, CISSP, CRISC, MCP, PCI-QSAPrincipalInformation Security [email protected]
12