David Brown, MBA Certified Information Systems Security Professional (CISSP) Security Expert (GSE) Critical [Security] Controls Certification (GCCC) Exploit Researcher and Advanced Penetration Tester (GXPN) Penetration Tester (GPEN) Network Forensic Analyst (GNFA) Certified Intrusion Analyst (GCIA) Certified Incident Handler (GCIH) Security Essentials (GSEC) CompTIA Security+

What’s the Big Deal? FBI warns of dramatic increase in e-mail scams [that has already cost corporations billions] Hospitals Held Hostage [by ransomware] New York Times, BBC, and others inadvertently serve up dangerous [ransomware] ads Hackers Have a Savvy [New] Business Plan

Ransomware Ransomware is malware that encrypts your files so that you cannot access them, then demands that you pay a ransom for the decryption key. “Ransomware crimes on all U.S. targets are soaring. In just the first three months of 2016, attacks increased tenfold over the total entire previous year, costing victims more than $200 million.” – NBCNews.com Vast majority is unreported

What’s Changed? They no longer just want to steal data to sell on the black market… It’s now more profitable to lock you out of your data and hold it for ransom… Sometimes it is a crime of opportunity, settling for anyone who will click a link. Sometimes it is a persistent pursuit of a single target. Do you think your organization could be the next target?

Effective Cyber Security https://c1.staticflickr.com/7/6224/6231947572_a73a44b6b5_b.jpg Effective Cyber Security

Security@Work Leveraging the Critical Security Controls for Effective Cyber Security

Background Critical Security Controls SANS Center for Internet Security Maps to NIST, PCI, HIPPA, COBIT, etc. “Controls 1 through 5 are essential to success and should be considered among the very first things to be done.” - CIS

#1 Inventory Control: What’s On Your Network? Have a Separate Guest Network Know What’s On Your Network SpiceWorks, PRTG Keep It Patched Tip: Only let your equipment connect to your network

#2 Software Control: Lock It Down Know What Software is on Your Network SpiceWorks, DesktopCentral Keep It Patched Prevent Unauthorized Software with Application Whitelisting Tip: You can start with Directory Whitelisting (Windows Enterprise) Don’t just patch your OS Hackers like easy targets

#3 Secure Configurations: Defaults Don’t Cut It Change all default passwords Use vendor recommended or industry recommended security configurations Center For Internet Security Tip: Run credentialed policy audits with Nessus (free for non-profits) Hardware, OS, 3rd Party

#4 Know Your Vulnerabilities The bad guys are looking for your vulnerabilities, you should be too Rank your vulnerabilities based on (1) ease of attack + (2) severity of vulnerability + (3) value of asset Tip: Make sure your public assets are free of SQL Injection, XSS, Directory Traversal, Remote File Inclusion, etc. Can be overwhelming

All users should login as a regular user #5 Control Your Admins All users should login as a regular user Monitor all admin account activity Use Dual Factor Authentication for Admins and VPN Duo Security Tip: Log collection is the first step towards watching your admin accounts Would you know if someone was trying to use an admin account? Splunk Free Addition

Security@Home Nine steps to move you closer towards a secure cloud nine Talk through some things you can do to increase your security at home and give some insight into some of the things we do for security here at the Fund.

1) Enable Automatic Updates New vulnerabilities are discovered daily and exploited just as quickly as they are discovered. What we’ve seen…

Chances are your user account is set up as an admin account. 2) Don’t Be an Admin Chances are your user account is set up as an admin account. It is estimated that this one step alone could disrupt up to 85% of attacks. Admin + malware = complete control

3) Anti-Virus Isn’t Dead Traditional viruses are still widely circulated. We block emails on an almost daily basis that contain traditional viruses… Restaurant menu

4) Disable Macros Microsoft Office macros are a common way that ransomware is being spread. Open an infected Word Document, it could be game over…

5) Remove Plugins Silverlight, Java, and Flash are three of the most widely exploited plugins. Have a vulnerable plugin, visit a website with a malicious ad, it could be game over…

6) Offline Backups Backups should be stored somewhere other than your home in case of a fire or other disaster. Online backups are good, but they could be compromised…

7) Put a Shield Around Your Apps Surrounding your apps with an extra layer of protection can often stop attacks in their tracks. EMET MalwareBytes Malwarebytes, EMIT

8) Filter Your Internet Filtering your internet is kinda like filtering your water, it can block known bad.

9) If it ain't supported by a vendor… …It ain’t worth a dime Unpatched technology that is connected to the internet is a bad day waiting to happen Windows XP, Server 2003, Android

Questions? Read through the critical security controls Just get started