Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Issues for Design Professionals

Published byCody Willis Modified over 7 years ago

Similar presentations

Presentation on theme: "Cyber Issues for Design Professionals"— Presentation transcript:

1 Cyber Issues for Design Professionals
Drew Seaman Straub, Seaman & Allen, PC

2 Cyber Issues Are Real 2015 – Symantech Internet Security Threat Report
Over Half a Billion Personal Records Were Stolen or Lost Spear-Phishing Campaigns Targeting Employees Increased 55% 43 percent of all attacks targeted at small businesses – 1 in 220 s - Phish Major Security Vulnerabilities in Three Quarters of Popular Websites Put Us All at Risk – 75% of sites have unpatched vunerabilities Ransomware Increased 35% per day – 350,000+ New Malware variations 431 Million

3 Targets Individual Computers Laptops Unsecured Networks
Remote connections to Networks Cloud Storage Cell Phones Tablets

4 How and What Tech Support Scams MalAdvertising Websites
SPAM – Construction Industry 54% of is SPAM 1 in 220 s has Malicious File Attachment Ransomware DDoS – Distributed Denial of Service

5 Risks Australian Secret Intelligence Service building plans stolen – 2013 Seehotel Jaegerwirt hotel in Austria – key card system hijacked Water treatment plant hacked, chemical mix changed for tap supplies - Kemuri Water Company Michigan State – information on 400,000 students, staff, etc. Princeton University – database wiped - ransomed San Francisco Mass Transit hacked – ride for free

6 What’s at Risk Project Files Destruction of Records
Loss of Confidential Information Disruption of Projects Safety of Systems after Completion Shut Down Pump Systems Control Traffic Lights Control Building Systems

7 Georgia Institute of Technology
Developed malware that can take over Water Plant Operation Poison the Water Takes over PLCs and SCADA Identified 1500 PLCs online susceptible to this approach Issue with routers used to send PLC info??

8 Considerations addressing modern cybersecurity challenges has as much to do with culture and organizational structures as with technology Create a Corporate Structure where everyone is responsible for Cyber Security Prohibit use of Public Wi-Fi Change passwords Be alert to s Encrypt remote systems

9 Additional Thoughts #1 Laptops and remote access #2 Control and Isolation #3 Network Isolation – personnel and client information #4 Project Isolation #5 Encryption #6 Data Replication and Back Up #7 Employee Negligence – Intentional Disruption

10 Laptops, Tablets, Cell Phones, etc.
These are point of contact and accessible Access to Office, Projects, General Network Often not encrypted Passwords bypassed for easy access Survey Equipment?

11 Project Sharing It’s not you it’s someone else
Dyn - Dyn offers Domain Name System (DNS) services, essentially acting as an address book for the Internet – DDoS attack October 2016 Took down Twitter, Spotify, Etsy, Pinterest, Netflix Target – Mechanical Contractor had access – came in through Same approach can take down project sites Who controls network Procore, BIM 360, Newforma, etc.

12 What’s it to You Theft of funds or unauthorized fund transfer
data loss or damage to your company or to a third-party cost to replicate any data that was lost and not properly backed up forensic investigation fees to determine the extent of the attack and whether a data breach occurred attorney or consultant fees to determine whether any notification requirements apply credit monitoring fees if personal information was compromised business interruption, lost productivity, and damage to reputation Claims, lawsuits, or regulatory complaints – project delay, etc.

13 What Can You Do Manage your IT Vendors
Conduct Due Diligence Analysis of Vendor Review Results of Security Assessment Review Written Security Policies of Vendor Written Agreement Require Cyber Insurance and Indemnification WATCH OUT – Standard Agreement is adverse to you

14 What Can You Do Limit Access to Data and Systems
Limit who has Remote Access and to what Level Access is Allowed Always Require Dual Factor Authentication Separate servers for off-site projects Require different passwords for different projects and access levels Consider requiring Encryption of all transmissions Back up and Replicate your information Off-Site Remote Backups through encrypted process

15 What Can You Do Educate Employees and Managers
Protocol – Majority of Ransomware and Phish Attacks from s Don’t automatically open an attachment Think about who it is from and circumstances of receipt Passwords Protocols Security Solution on Each Device Limit access through public Wi-Fi What is on Laptop, Tablet, or Cell Phone? Last years financials, project financials, employee contact info, etc.

16 National Institute of Standards and Technology
NIST FRAMEWORK National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity erframework/cybersecurity-framework pdf Or just type NIST Framework

17 Identify Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.

18 Protect Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.

19 Detect Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.

20 Respond Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements.

21 Recover Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.

22 Regular IT updates and reviews Cyber Insurance
Make Managers Responsible Listen to Your IT Professional Require updates on attacks and system status Cloud vs. On-Site Networks

23 Process Control System Security Guidance for the Water Sector
AWWA - guide.pdf Homeland Security Industrial Control Systems Emergency Response Team

24

Download ppt "Cyber Issues for Design Professionals"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
2 3 4 5 6 www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Big Data Bijan Barikbin Denisa Teme Matthew Joseph.

Big Data Bijan Barikbin Denisa Teme Matthew Joseph.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Friday, October 23, 2015. Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.

Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
New A.M. Best Cyber Questionnaire

New A.M. Best Cyber Questionnaire
FFIEC Cyber Security Assessment Tool

FFIEC Cyber Security Assessment Tool
Cybersecurity Risk, Remediation, Response Nathan Gibson, CCE, CEH.

Cybersecurity Risk, Remediation, Response Nathan Gibson, CCE, CEH.
Session 13 Cyber-security and cybercrime. Contents  What’s the issue?  Why should we care?  What are the risks?  How do they do it?  How do we protect.

Session 13 Cyber-security and cybercrime. Contents  What’s the issue?  Why should we care?  What are the risks?  How do they do it?  How do we protect.

Similar presentations

Ads by Google