Presentation is loading. Please wait.

Presentation is loading. Please wait.

Washington State Auditor’s Office Cybersecurity Preparing for the Inevitable Washington State Auditor’s Office Peg Bodin, CISA, Local IS Audit Manager.

Published byErica Briggs Modified over 8 years ago

Similar presentations

Presentation on theme: "Washington State Auditor’s Office Cybersecurity Preparing for the Inevitable Washington State Auditor’s Office Peg Bodin, CISA, Local IS Audit Manager."— Presentation transcript:

1 Washington State Auditor’s Office Cybersecurity Preparing for the Inevitable Washington State Auditor’s Office Peg Bodin, CISA, Local IS Audit Manager

2 Washington State Auditor’s Office 2 Presentation objectives  Risk: Why do we need a plan?  Threat: What are we protecting ourselves from?  Action: What’s in an Incident Response Plan?

3 Washington State Auditor’s Office 3 What are you worried about?

4 Washington State Auditor’s Office 4 Plan for different types of risk:  Compromised computer devices  Exploited weaknesses in websites  Stolen or disclosed confidential information  Financial theft  Blackmail  Systems and services affected Cybersecurity risks

5 Washington State Auditor’s Office 5 Five malware events occur every second (Verizon DBIR 2015) Malware

6 Washington State Auditor’s Office 6 BYOM (Bring your own malware) Malware (continued) Link to article on Verizon report: http://www.csoonline.com/article/3041042/security/ verizon-provides-a-behind-the-scenes-look-at-data-breaches.html#slide10

7 Washington State Auditor’s Office 7 Ransomware

8 Washington State Auditor’s Office 8 Data breaches http://www.govtech.com/pcio/articles/49-Million-Californians-Records-Compromised-in-Past-4-Years-AG-Says.html?utm_medium=email&utm_source=Act- On+Software&utm_content=email&utm_campaign=5%20Advantages%20to%20Choosing%20Open%20Source%2C%20Boston%20Seeks%20Inaugural%20Da ta%20Czar&utm_term=49%20Million%20Californians%5Cu2019%20Records%20Compromised%20in%20Past%204%20Years%2C%20AG%20Sayshttp://www.govtech.com/pcio/articles/49-Million-Californians-Records-Compromised-in-Past-4-Years-AG-Says.html?utm_medium=email&utm_source=Act- On+Software&utm_content=email&utm_campaign=5%20Advantages%20to%20Choosing%20Open%20Source%2C%20Boston%20Seeks%20Inaugural%20Da ta%20Czar&utm_term=49%20Million%20Californians%5Cu2019%20Records%20Compromised%20in%20Past%204%20Years%2C%20AG%20Says

9 Washington State Auditor’s Office Known vulnerabilities CVE: Common Vulnerabilities and Exposures

10 Washington State Auditor’s Office Administrative credentials Verizon http://www.csoonline.com/article/3 041042/security/verizon-provides-a- behind-the-scenes-look-at-data- breaches.html#slide9 Failure to address known vulnerabilities can lead to loss of administrative credentials

11 Washington State Auditor’s Office Email scams

12 Washington State Auditor’s Office Phishing http://www.eenews.net/stories/1060025871 " And break in they did, in 22 minutes….” “Some employees of the state's largest PUD opened an email cleverly disguised as work-related, and unsuspectingly downloaded an attack payload.”

13 Washington State Auditor’s Office Just don’t click The numbers also show that a campaign of just 10 e-mails yields a greater than 90% chance that at least one person will become the criminal’s prey Verizon DBIR 2015 How long do you suppose you have until the first message in a Phishing campaign is clicked? Not long at all, based on the Verizon 2015 DBIR report, with the median time to first click coming in at one minute, 22 seconds across all campaigns

14 Washington State Auditor’s Office 14 Sophisticated phishing

15 Washington State Auditor’s Office 15 Insider error

16 Washington State Auditor’s Office Confidential information disclosure http://www.hca.wa.gov/medicaid/Pages/breach.aspx

17 Washington State Auditor’s Office Web access compromise Verizon http://www.csoonline.com/article/30 41042/security/verizon-provides-a- behind-the-scenes-look-at-data- breaches.html#slide12 Users’ web access to HR-type systems presents another risk

18 Washington State Auditor’s Office Security incidents Verizon DBIR 2015

19 Washington State Auditor’s Office Government and cyber-risks Verizon DBIR 2015

20 Washington State Auditor’s Office Ransomware 101 Free Encryption, Whether You Want It or Not Free encryption, whether you want it or not Ransomware 101

21 Washington State Auditor’s Office A brief history of yesterday’s ransomware  First confirmed use: 1989  Malicious code written by a PhD from Harvard: Dr. Joseph L. Popp  Mailed out infected floppies around the world  Send check with $189 to PO Box in Panama or else

22 Washington State Auditor’s Office And today’s ransomware Look familiar? Hopefully not!

23 Washington State Auditor’s Office Now, meet the “Kam Chancellor” of ransomware Chimera … “The Game Changer”

24 Washington State Auditor’s Office Ransomware http://www.theregister.co.uk/2016/02/18/la_hospital_bitcoins/

25 Washington State Auditor’s Office I have a firewall … I’m good … right? Malvertising Evil email attachmentsPhishing emailCompromised website http://about-threats.trendmicro.com

26 Washington State Auditor’s Office Help! My files are encrypted and I can’t pay bills, now what?  Call someone — help desk perhaps  Disconnect computer from the network  Restore from backup (got one?)  Activate alternate means to pay bills (got one?)  Last resort, victims may have no other option and pay the “coin”

27 Washington State Auditor’s Office Prevent or reduce ransomware damages  Maintain up-to-date anti-virus or anti-malware programs  Keep computer up-to-date with the latest security patches  Do not open or click unsolicited website links in email messages  Educate yourself and other employees about good cyber-hygiene  Test your backup and restore procedure  Have an incident response plan

28 Washington State Auditor’s Office Incident response program Key elements to include in your plan

29 Washington State Auditor’s Office Secure your networks, systems and applications  Preventing an incident is less costly and more effective than responding to one after it occurs  Have an incident response plan in case an incident occurs!

30 Washington State Auditor’s Office Incident response policies and procedures What to include  Define the purpose of the policy  Define an “incident”  Create plans and define responsibility for all 5 key elements of incident response  Develop rules for communicating internally and externally  Train, educate and raise awareness  Test the plans

31 Washington State Auditor’s Office Define the purpose of the policy For example, the purpose of the policy might be to: 1.Ensure incidents are detected timely 2.Minimize the loss and damage associated with an incident 3.Fix the issue that caused the incident 4.Restore operations

32 Washington State Auditor’s Office Define an “incident” For example: "Security incident" means an accidental or deliberative event that results in or constitutes an imminent threat of the unauthorized access, loss, disclosure, modification, disruption, or destruction of communication and information resources.

33 Washington State Auditor’s Office Develop plans and assign responsibility Incidents can occur in many ways, so it is not possible to plan for every incident. Instead, create a step-by-step plan that would apply to the most likely or common types of attacks.  Breach of personal information  An attack caused by clicking on something on a website  Virus outbreak  Denial of service

34 Washington State Auditor’s Office Key elements to a plan 1.Identification 2.Containment 3.Eradication 4.Recovery 5.Lessons learned

35 Washington State Auditor’s Office Key Element No. 1: Identification Identify:  The source of compromise (how?)  Timeframe: When it started and ended, or is it ongoing (when?)  The type of data and number of files affected (what?)  The impact to the organization’s mission Identify who is responsible: Most of this is typically handled by the IT Department; will this be contracted out? Management determines the business impact and next steps.

36 Washington State Auditor’s Office Key Element No. 2: Containment  Change all passwords  Ensure no one access or alters the compromised system  Ensure no one turns off the compromised machine  Isolate the system from the network (unplug cable)  Preserve all audit logs for law enforcement evidence Identify who is responsible: This is typically handled by IT Department; will this be contracted out?

37 Washington State Auditor’s Office Key Element No. 3: Eradication  Clean out the malicious code or malware  Verify and double check cleaning was successful  Improve defenses Identify who is responsible: This is typically handled by IT. Who in management will IT provide status updates to?

38 Washington State Auditor’s Office Key Element No. 4: Recovery  Get your systems fully restored and running as normal  Follow technical procedures for system recovery  Restore corrupted information from a trusted backup Identify who is responsible: Some of this is typically handled by IT; end users will also play a role.

39 Washington State Auditor’s Office Key Element No. 5: Lessons learned Update policies and procedures based on what went well what can be done better next time Identify who is responsible: IT team, contractors, management, legal, communications and end users

40 Washington State Auditor’s Office Develop rules for communicating internally and externally  Internally  Human resources, legal, end users  Externally  Law enforcement  Other affected organizations (vendors, organizations, does your agency use the IGN?)

41 Washington State Auditor’s Office Train, educate and raise awareness  Implement specific training for those who implement the incident response plan, IT specialists and executive management  Implement more general training for others

42 Washington State Auditor’s Office Test the plan  Test to ensure effectiveness (simulated events or tabletop exercises.)  Coordinate the testing with all the organizational elements involved in the incident response plan.

43 Washington State Auditor’s Office 43 Questions? Website: www.sao.wa.govwww.sao.wa.gov Twitter: www.twitter.com/WAStateAuditorwww.twitter.com/WAStateAuditor Peg Bodin Local IS Audit Manager (360) 464-0114 bodinp@sao.wa.gov

Download ppt "Washington State Auditor’s Office Cybersecurity Preparing for the Inevitable Washington State Auditor’s Office Peg Bodin, CISA, Local IS Audit Manager."

Similar presentations

Identifying and Responding to Security Incidents in the Law Firm

Identifying and Responding to Security Incidents in the Law Firm
1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
TRACs Security Awareness FY2009 Office of Information Technology Security 1.

TRACs Security Awareness FY2009 Office of Information Technology Security 1.
APA of Isfahan University of Technology In the name of God.

APA of Isfahan University of Technology In the name of God.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Similar presentations

Ads by Google