Cyber Attack – Not a case of if, but when! Housing Technology 2016 Kevin Doran – Chief Technology Officer Tim Cowland – Principal Consultant

The current landscape Why are you at risk? Why worry about Ransomware? How can it get to me? How does it work? What will be the impact? How can I recover? 12 Point Plan Agenda

The Current Landscape 86% of UK adults have used the internet in the past 3 months Continued growth of cyber attacks 90% of large and 74% of small organisations suffered a breach in % increase in incidents since 2014 Wider hacking community and resources Some organisations failing to keep pace with new threats Greater reliance on IT to deliver services Self service Internet of Things Social Media 480m leaked records reported in 2015 Increase in use of mobile devices to access web (57% - 61%) Estimated that approx. 30,000 web sites are hacked each day

Examples of Incidents Examples of reported incidents in the last 12 months: Anthem Insurance Unauthorised access of 80 million records Hackers accessed DOB, addresses, social security numbers, correspondence Ashley Madison Accessed and subsequently released s and physical addresses of 37m users Followed up with larger release of corporate s Attack designed to extort money V-tech Gained access to parent and child records in ‘Learning Lodge’ 4m parent accounts and 6m ‘kids profiles’ affected (1.2m ‘kid connect’) Threat of customers boycotting use after new T’s and C’s issued Lincolnshire County Council Ransomware attack

What Threats Are Out There? Trojan HorseWormRansomwareSpam Phishing Watering Hole DDoS AttackScareware Virus Spear Phishing RootkitSpyware

Why are you at risk? Random attacks will reach your staff Often poor staff practices i.e. password controls Potential of targeted ‘spear phishing’ attacks Are you the weakest link in the chain? Could be seen as an easier target Growing volume of information held by organisations Previously cyber risks related to mischief making, now greater risk of financial loss Can the quality of your defence keep pace with growing sophistication of attacks ConfidentialityAvailabilityIntegrity

Staff Practices Some questions to ask yourself How aware are your staff of security risks? Do you have a staff guide on what they should look out for? Do you deliver briefing sessions / training? Do you have a tested plan for how to respond to an incident? How effective are your password controls? Use of random characters – not names / dictionary words Increase minimum length Stop the use of sequential passwords Use memorable sentence Consider using a password locker to store and generate secure passwords Approx. 90% of user passwords can be cracked within 1 day Password1 StarWars Andrew1 Qwerty

Focus on Ransomware What is it? A specific type of Malware or malicious code Usually overt in nature, most often advises the victim of infection Designed to elicit a financial ‘ransom’ from the victim Highly evolutionary software adapting in terms of encryption and attack vectors Code is widely available to anyone with intent Only a module in the arsenal of possible malicious code stacks Many ransomware packages are secondary infections of other malware, for example Cryptoware is known to be downloaded by TrojanDownloader:Win 32/Onkods and Upatre

Common methods that are used to deploy Ransomware Unsolicited s, with attachments or web links Compromised web site Part of a wider compromise from other malicious software Increased awareness of anyone using IT systems, that threats and risks are real and the implications of these, is key to any ongoing security strategy. How can it get to me?

There are lots of considerations once an incident has occurred: Data loss or even theft Business downtime due to loss of data and during investigation How did the breach occur? Has it affected any B2B systems? Should we pay the ransom? Who is/should be aware of the breach? What could be the impact?

There are lots of considerations before or after an incident has occurred: Incident response process in place? Identify the threat, invoke appropriate analysis, plan for systems outage Potential infection may be waiting in multiple mail systems Consider Incident Response Retainer Data recovery could be lengthy and complex Not all data will be affected Subject to access rights, execution time and data types - selective scripted data restores may be needed Is restore media to hand, catalogued, will large volumes need to be mounted to allow small selected restores to take place Ensure there is no re-infection from restored data? How can I Recover?

12 Practical Steps to Reduce Risk 1.User education and awareness program 2.Enlist the help of independent security experts to validate your approach 3.Effective and web content filtering 4.Firewall review and response process 5.Intrusion prevention systems 6.Application firewalls 7.Limitation of access rights, behavioural analysis tools 8.Effective AV deployment 9.Patch Management policy and schedule 10.Compliance, governance 11.Effective, efficient and proven backup and recovery 12.Have an agreed response plan ready

Thank you! Kevin Doran – Tim Cowland – plc.co.uk