September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business
Simple Checklist
Who Handles Your IT and Cyber Security? 2
3 Who Manages Your Cybersecurity? Source: The Talent Shortage in Cybersecurity [INFOGRAPHIC] Steve Bova January 11, 2016
5 Acceptable Use
7 What You May Use ….
8... What Your IT Lead Would Love
9 Admin Access
10 What You Don’t Want
11
12 Way Back When …
13 Not So Long Ago … Legacy Operating Systems Operating Systems & Applications: The Older They Are, The Harder They Are to Secure
14 Security Updates
15 In the Past…..
16 …Today: Firewalls
What To Buy & Why? 17
18 Healthcare Virus Checking …
19 …Cyber Malware & Virus Scanners
20 In The Recent Past…
21 …Today: System Logs How Many Days are System and Applications Logs Maintained? Who Checks Them? How Often? Do They Use Automated Tools? Do They Know What Information Logs Reveal?
22 Data Backups
23 Use The Cloud?
24Encryption
25Wireless
26 In the Recent Past …
27 … Today: Finding Advanced Persistent Threats (APT)
28 Dealing With Computer Peripherals
29 Today’s Electronic Medical World
30 Incident Response Plan
0715Q007b31 Our Cyber Services Solutions DETERPROTECT DETECT RESPOND RECOVER QNET Platform REVIEW & REPEAT Policy Development Phishing Awareness Assessments Cyber Security Training Network Architecture Mapping Logical Device Location Malicious Traffic Detection Patch Verification PCI Audit Vulnerability Assessment Penetration Test Incident Response Forensics Analysis COOP Execution Implement Disaster Recovery Scheduled or Continuous 16+ Years Cyber Security Services Support for the Largest and Most Sensitive Networks in the World Example: Assessed over 25 US Army hospitals and health clinics for overall security of devices and sensitive data supporting HIPAA compliance
32 Internal Assessment Life Cycle Device and Port Interrogation Vulnerability Assessment Network Penetration Testing Remediation Passive Network Traffic Analysis Using port scanning utilities, identify devices and ports to determine the protocol and services utilized Monitoring the network traffic to determine the topology, identify critical systems, and discover rouge devices Using vulnerability assessment tools, analyze network devices to identify weaknesses which could lead to system compromise Utilizing real-world attack methods, attempt to gain access to network systems and devices (external & internal (insider threat). CyberDx Analysts will analyze the data and provide a comprehensive vulnerability report including specific remediation recommendations. Our report provides a context based assessment of the actual risk. Using CyberDx’s VA, perform remediation steps to better secure the network; Quantum can assist as requested with additional services In-Progress Reports (as required) Out-Brief Written Report & CD In-Brief Social Engineering Tests (aka: Phishing) (Optional) Data Analysis and Reporting
Are security updates researched and applied weekly? Is an anti-virus product installed on all systems and is it configured to update regularly? Are any systems using an Operating system that is past the vendors End of Life? Do all systems log security events for a minimum of 30 days? Have all systems been secured so that default configurations are not in use? (Vendor passwords, insecure login portals, etc.) Do all accounts require a password of at least 8 characters and does complexity require a combination of: upper and lower case letters, numbers, and special characters? Are passwords required to be changed at least every sixty (60) days? Is each system configured to display a warning banner notifying users that the system is restricted to authorized use only? Is sensitive customer data encrypted? Have all non-secure/unneeded protocols/services been disabled? Are all system clocks synchronized to allow logs to be easily compared? Has a firewall been installed and configured to only allow required traffic? Is critical data backed-up daily and protected from physical damage? 33 Executive Spot-Check List
Are administrative level accounts only issued to employees that require elevated privileges to perform their duties? Is electronic access to sensitive data restricted to authorized personnel? Has two-factor authentication been implemented? Do wireless devices use current encryption (WPA2) standards to protect network traffic? Are cyber security assessments (vulnerability scans, penetration test) performed against internal systems at least monthly? Are external cyber security assessments (vulnerability scans, penetration test) performed against all internet facing systems at least quarterly Is Cyber Security training presented to employees at least annually? Has an emergency contact list for Cyber Security personnel been created? Has a contact list for all 3rd party service providers been created? Are hardcopies above contact lists available? (Printed copies are critical if the network or systems are down) Has a Cyber Incident Response Plan been created and have all employees read it? Has an Acceptable Use Policy been created, and have all users read it? 34 Executive Spot-Check List (Cont.)
BOTTOMLINE WE STRIVE TO HELP OUR CUSTOMERS AVOID THIS!
Contact Us Tim Bloechl Director, Cyber Security Business Skype: bloechlt /