Executive Director, Education Technology Services William (Bill) Brown is the Executive Director of Education Technology Services at Greenville County Schools. Greenville County Schools is the 44th largest school district in the nation with over 76,000 students and 9,800 employees and is the largest school district in South Carolina. Mr. Brown’s position provides vision and leadership for all technology initiatives in the school district, coordinating and directing the integration of administrative and instructional technology applications. This includes establishment of district technology strategies, organization, and structure to support effective integration of technology into the classroom instructional program and to maximize service delivery to administrative offices. Mr. Brown previously served as Chief Technology Officer and co-founder of Digital-DNS, Inc., a Greenville based Managed Services Provider. Mr. Brown has over 38 years of information technology experience within the manufacturing, healthcare, engineering, financial, education, and service related industries. Mr. Brown is a member of the FBI’s InfraGard program, a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Mr. Brown is also a member of the South Carolina State Guard and is assigned as a Project NCO, Cybersecurity Section, Headquarters Division in Columbia. Bill Brown Executive Director, Education Technology Services Cybersecurity Briefing SCASBO 2017 Spring Conference

Data Breach - It Won’t Happen IT CAN , IT WILL , IT HAS! Source: Identity Theft Resource Center “In 93% of breaches, attackers take minutes or less to compromise systems.” Source: 2016 Data Breach Investigations Report from Verizon Data breaches can destroy an organization, many small businesses that have a data breach don’t recover from the event. All organizations will experience a data breach which may result in the following tasks to mitigate the breach: A mandatory forensic examination ($20,000-$100,000+) Notification ($80,000+) Credit monitoring for affected individuals PCI compliance fines Liability for fraud charges Card replacement costs External audits Security system upgrades Data breaches can happen to anyone and probably has, even the most protected system with 24x7 monitoring can experience a data breach (example: Federal Office of Personal Management data breach impacts 21.5 million people). Sub-slide #1: On average it takes 13 minutes for an unprotected system to receive its first attack (port scan) and 93% of breaches takes minutes or less to compromise a protected system. Sub-slide #2: As we can see in this chart the type of attack that is the most successful is Hacking/Skimming/Phishing as the number one type of attack. As long as people continue to respond to phishing attacks this type of attack will trend! “There is no castle so strong that it cannot be overthrown by money.” – Cicero The people hacking our systems have deep pockets, work around the clock, and have the skills need to compromise a system or person.

Saturday and Sunday attacks, over 3,000+ Sleep much? 1,400 attacks at 5:00AM Cyber attacks happen at all times of the day and night. Many times they happen when skilled cyber analysts are not available. Saturday and Sunday attacks, over 3,000+ Who do you have that can respond and mitigate an attack that occurs say on Sunday morning at 3:00AM? Attacks come at all times and by different methods and some are connected to high email volume events like Valentines Day or the anniversary of 911. Even a famous person’s death can generate phishing attacks. There is no calendar when it comes to the day an attack will occur. Having 24/7 monitoring is also not a guarantee that you can stop an event, these events happen in seconds/minutes and are usually over by the time you notice them.

Attacks in the K12 sector Attacks in the K-12 sector and delivery of malicious software is a common occurrence which happens 24x7. Greenville County has the ability to acquire data from multiple school districts which utilize the same firewall technology as we do. This is a graph of malicious software attacks across the K-12 sector since August of 2015. Sub-slide #1: As you can see in this graph there were a high number of attacks in December of 2016, over 40,000. February’s attack level was in the 16,000 range across the K-12 sector. Sub-slide #2: Malicious software is being delivered to systems in K-12 using a variety of methods, the most common are SMTP or Email and Web Browsing. Phishing, Spear Phishing (directed attacks), and Whaling (directed attacks at senior officials) is the largest problem we face today followed by hijacked web sites. One other method that is gaining traction is phone calls. You may get a call from the IRS, FBI, DHS or even vendors like Microsoft and Apple. The calls look legit because they are using area codes within the US generally from the cities where the organization resides. Sub-slide #3: And the source of these attacks, just about every country in the world. And tracking the foreign actor is nearly impossible because they can bounce Internet traffic to any country and use that country as a conduit. Multiple hops are pretty common with the professionals. An actor in China could route their attack through Russia and attack you in the U.S. Initial investigation would indicate the attack is coming from Russia, as an example. Many countries are known for not working together and a trace of an attack would be impossible. Say as an example, routing traffic through Iran, then through Israel before it comes to the U.S. Instructions for routing your traffic is available on the Internet with a step-by-step video on YouTube. “The first step in solving a problem is recognizing there is one” – Will Mcavoy

Trends Spora: Malware researchers are keeping close tabs on a new ransomware strain called Spora that offers victims unique payment options and comes with top-notch encryption. Ransomware! Sources: Palo Alto Unit 42, Trend Micro “Ransomware growth will plateau in 2017, but attack methods and targets will diversify”

What can we do? Consider implementing an Information Security Management System either NIST 800 or ISO:27001 with top-down management support Consider providing Identity Theft coverage as a standard benefit Encrypt everything; laptops, flash drives, portable storage, cell phones, mobile devices, etc. Change passwords frequently and use complex passwords (never the same for different sites) Awareness, Awareness, Awareness!!!

(Video removed because of size) An example of top-down support for an Information Security Management System. Greenville County Schools has adopted the International standard ISO:27001