Presentation is loading. Please wait.

Presentation is loading. Please wait.

(Email Compromise).

Published byPiers McCoy Modified over 6 years ago

Similar presentations

Presentation on theme: "(Email Compromise)."— Presentation transcript:

1 ( Compromise)

2 Panelists Luke Emrich, EnCE, CEH, GCFA Director - Security, Privacy,
and Risk Services Michael Waters, Esq., CIPP/US Shareholder Lauren Winchester, Esq., CIPP/US Breach Response Services

3 Overview How and why email compromises occur
Best practices for responding to compromises Response Costs How to prevent compromises

4 Email compromises on the rise across industries
Data from BBR Services

5 How and why email compromises occur
From: To: Sent: September 10, 9:30 a.m. Subject: Secure Message This is a secured message for you and its confidential with password protection you have access to it with your working . Jane Smith Director of Finance ABC Company 123 Washington St., Chicago, Illinois (312)

6 Motivation for Threat Actors - $$
Four common ways to leverage an inbox: Reconnaissance/Targeted spam Wire transfers Payroll redirect Sensitive information in the inbox

7 Best practices for responding to email compromises
Do we know the nature/type of the incident? Do we know the incident timeline? Identify the population of affected accounts Were Phishing/Spam messages sent internally? – purge them! Pull message trace logs for affected accounts Change passwords for affected accounts Check affected accounts for unauthorized rules - forwarding/move

8 Best practices for responding to email compromises
Do compromised creds provide access to additional systems? Change passwords to potentially affected systems Review logs for unauthorized access Review Unified Audit logs for evidence of unauthorized access to affected accounts, including cloud apps like OneDrive and SharePoint. Review Admin Audit logs for evidence of privilege escalation Block any malicious addresses or domains

9 Potential Legal Implications
Unauthorized Access of Information Statutory data breach notification obligations to individuals, regulators and business partners This may include notification to investors, key customers, unfriendly parties (e.g., litigation adversaries) Contractual obligations to third parties Wire fraud Recent lawsuits in which companies are sued due to wire and other fraud perpetrated from compromised account If someone suffers a monetary loss because your account was compromised, you may be sued

10 Response Costs Legal Fees Potential for regulatory fines and penalties
Forensics Programmatic and manual review of inboxes Third party demands and/or lawsuits Lost funds from fraudulent wire transfers Notification and call center Credit monitoring Lost payroll funds

11

12 How to prevent email compromises
Harden your Environment (some suggestions below are specific to O365) Require multi-factor authentication for all users Limit or disable remote access (OWA) Review Microsoft’s Secure Score and make suggested changes Disable/Manage message forwarding Turn on Unified Audit logging and Mailbox Auditing Enable Advanced Threat Protection Enabling Safe Links and Safe attachments Security and Awareness Training / Social Engineering Testing

13 Questions?

Download ppt "(Email Compromise)."

Similar presentations

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
2 3 4 5 6 www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
OSP214. SECURITY PRIVACY RELIABILITY & SERVICE CONTINUITY COMPLIANCE.

OSP214. SECURITY PRIVACY RELIABILITY & SERVICE CONTINUITY COMPLIANCE.
What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.

What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.
Welcome to the Exchange 2013 Webcast Archiving, eDiscovery, & Data Loss Prevention.

Welcome to the Exchange 2013 Webcast Archiving, eDiscovery, & Data Loss Prevention.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent emails.

Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent s.
PHISHING AND SPAM EMAIL INTRODUCTION There’s a good chance that in the past week you have received at least one email that pretends to be from your bank,

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
PCI COMPLIANCE Compliance is mandatory for all organizations that accept credit cards.

PCI COMPLIANCE Compliance is mandatory for all organizations that accept credit cards.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.

Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.

Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Email Basics www.mcpld.org. What is Email? Email is short for electronic mail. Email is a method for sending messages electronically from one computer.

Basics What is ? is short for electronic mail. is a method for sending messages electronically from one computer.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Information Security January 2016. What is Information Security?  Information Security is about the physical security of our equipment and networks as.

Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.

Similar presentations

Ads by Google