Cyber Security and Government Contracts Florida SBDC at FGCU Helping Businesses Grow & Succeed State Designated as Florida’s Principal Provider of Business Assistance [§ , Fla. Stat.]
Helping Businesses Grow & Succeed Mission Statement We are a customer-driven organization of business professionals, dedicated to helping small businesses succeed, by enthusiastically providing creative solutions which exceed customer, employee, and stakeholder’s expectations.
Helping Businesses Grow & Succeed Statewide Infrastructure Our Network S tatewide network of 43 centers involving: State Universities Colleges Chambers of Commerce Economic Development Councils Federal, State & Local Government Agencies Additional outreach is provided at more than 50 outreach locations, utilizing resource partners such as chambers of commerce, economic development organizations, business incubators and lending institutions. Locations
Helping Businesses Grow & Succeed Accelerating Florida’s Economy Only statewide provider of entrepreneurial and emerging growth company services, playing a vital role in Florida’s economic development: Assisting entrepreneurs in every stage of the business cycle, from prospective entrepreneurs to mature businesses looking for growth opportunities and more; Working with firms in all industry sectors; Utilizing the expertise and resources of some of the best universities in Florida (Florida Gulf Coast University)and a professional staff of eleven business consultants; Accessing the resources of a national network of more than 5,000 SBDC professionals; and The FSBDCN is nationally accredited through the Association of SBDCs by Congressional mandate.
Helping Businesses Grow & Succeed FSBDC Services Consulting Personalized, confidential and provided at no cost Training Value-added from the basics to advanced topics Business Data & Information Current and expansive information for better decision-making
Helping Businesses Grow & Succeed 6 OBEJECTIVES Identify –References –Cyber Attacker (Operator, Groups) –Techniques (Methods) –Facts –Solutions
Helping Businesses Grow & Succeed 7 REFERENCES Federal Information Security Management Act 2002 (FISMA) Safety Act 2002 NIST Guidance under FISMA – Security Controls and Standards – Control of Unclassified Information
Helping Businesses Grow & Succeed 8 REFERENCES continued Federal IT Acquisition Reform Act (FITARA) Computer Fraud and Abuse Act DOD Instruction DFAR Unclassified Controls, Technical Information DFAR Clause Safeguarding of Unclassified Controlled Technical Information
Helping Businesses Grow & Succeed 9 REFERENCES continued GAO Report T Cyber Threats and Data Base Breaches Electronic Stored Communications Act
Helping Businesses Grow & Succeed 10 CYBER Operator Definition Cyber operator (attacker) who uses various methods to penetrate a computer or multiple computer systems without authorization –Uses a combination of methods –Actions are undiscovered for a long period of time
Helping Businesses Grow & Succeed 11 Techniques-Methods 1-BOT-Network Operators –Attacker (Operator) uses a network of compromised remotely controlled computers for various attacks aimed at overwhelming your computer system –Distributes phishing, malware, spam
Helping Businesses Grow & Succeed 12 Techniques continued 2-Criminal Groups –Operator uses a network for monetary gain and sells-buys compromised information at the underground market –Credit Cards, Personal Information
Helping Businesses Grow & Succeed 13 Techniques continued 3-Insiders –Operator may be a disgruntled person within an organization, or untrained employee whose position allows them access to the computer systems that can result in significant damage to the company or organization –NSA-Edward Snowdon
Helping Businesses Grow & Succeed 14 Techniques continued 4-Nations –Operator engages in a cyber-attacks for espionage or economic gain –North Korea- Sony –Taliban-Flash Drives
Helping Businesses Grow & Succeed 15 Techniques continued 5-Terrorists –Operator attacks critical infrastructure with the aim of incapacitating the facility –Iran National-NY Dam
Helping Businesses Grow & Succeed 16 Techniques continued 6-Ransomware –Operator attacks and immobilizes the computer system, requests payment to restore the system to normal operations –2016 Hospital network-Washington DC
Helping Businesses Grow & Succeed 17 Techniques continued 7-Cross-Site Scripting –Operator utilizes third party resources to run scrip’s in a victim’s web browser –Take screen shots of the user activity
Helping Businesses Grow & Succeed 18 Techniques continued 8-Malware –Operator utilizes viruses and worms to infect the user’s computer –Get your information!
Helping Businesses Grow & Succeed 19 Techniques continued 9-Phishing and Spear Phishing –Operator uses social engineering techniques that create realistic looking s, to entice the user to click on a link or visit a web site where the user enters confidential information –Your credit card was compromised!
Helping Businesses Grow & Succeed 20 Techniques continued 10-Spamming –Operator sends advertising products – contains malware
Helping Businesses Grow & Succeed 21 Techniques continued 11-Spoofing –Operator creates a fake web site that mimics a real well-know web site, with the intention of enticing the computer user to enter confidential information –Adobe (Computer pop-up)
Helping Businesses Grow & Succeed 22 Techniques continued 12-SQL Injection –Operator obtains unauthorized access to a database for the purpose of capturing sensitive information within the database –Target (customer credit cards numbers)
Helping Businesses Grow & Succeed 23 Techniques continued 13-War Driving –Operator physically searches (drives through the neighborhood) for unsecured networks to exploit information –Hotels, Starbucks
Helping Businesses Grow & Succeed 24 Techniques continued 14-Zero Day –Operator utilizes a security hole previously unknown and creates code exploiting the vulnerability of the software –Microsoft
Helping Businesses Grow & Succeed 25 Facts Cyber attacks on companies and government have increased 48% globally over the past year
Helping Businesses Grow & Succeed 26 Facts continued Cyber Attacks in the US (Reported) –64% current and former employees (insiders), business competition –11% Oil and Gas –9% Aerospace and Defense –8% Technology –8% Telecommunications 100% Total
Helping Businesses Grow & Succeed 27 Facts continued Federal Government –67,000 Cyber incidents (2014) –27,624 involved personal identification –VA had 1.2 Million malware attacks (2015) –OPM 22.1 Million Government employees and contractors –GAO identified Healthcare.gov lacks cyber protection
Helping Businesses Grow & Succeed 28 Facts continued Cyber breach SC Department of Revenue –8.2 GB of data (not encrypted) –3.5 Million SC tax payers –1.9 Million depends –700,000 businesses –3.3 Million bank accounts –5,000 expired credit cards
Helping Businesses Grow & Succeed 29 Facts continued Phishing –23% of recipients open the –11% of recipients open the attachment
Helping Businesses Grow & Succeed 30 Solutions Cyber Solutions –Meet with your ISP (Internet Service Provider), discuss Cyber Security –Change passwords every 30 days –Back up files, (Hard Drive, Cloud) –Encrypt Data –Company Cyber Security Policy –Company Cyber Response Plan
Helping Businesses Grow & Succeed 31 Solutions Continued Cyber Solutions –Cyber Security Training-Employees –2 Level Digital Authorization and Access –On board and Off board employees (Change, Deny Password Access) – and Internet Etiquette –Digital Assets (Where, Who, How) –Mobile Security-Notebooks, Cell phones –Cyber Insurance
Helping Businesses Grow & Succeed 32 Solutions Continued Cyber Solutions –Physical Security (office access and computer access, remove passwords next to the computer-laptop) –Backup/Disaster Recovery/Business Continuity Plan –Software Patch updates –Malware updates
Helping Businesses Grow & Succeed Q & A Daniel Telep Jr. Procurement Analyst Florida Gulf Coast University College of Business fsbdcswfl.org