1 / 27

Cyber Threats , Ransomware, Risks & Best Practices

Explore the evolution of ransomware, common IT exposures, and best practices to safeguard against cyber threats. Learn about current ransomware families, recent attacks, and future trends. Discover top threats, risks, and IT security vulnerabilities.

carolet
Download Presentation

Cyber Threats , Ransomware, Risks & Best Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ASHRM Ed. Program – Jeff Brewer, CIO NexsenPruet August 26, 2016 Cyber Threats , Ransomware, Risks & Best Practices

  2. Information Intelligence vs. Information Security CISSP, CISA 200+ IT Security Assessments

  3. Agenda • Cyber Threats, Ransomware & Related Risks • Common IT Exposures • Best Practices • Collaborating with the CIO • The Internet of Things (IoT)

  4. Who’s the biggest threat to security?

  5. Ransomware: What? – Recent Past • Reveton & variants (2012-2014) • CryptoLocker (2013) • CryptoLocker.F & TorrentLocker (2014) • CryptoWall (2014) • CryptoWall 3.0 & 4.0 (2014-2015) • TeslaCrypt, 2.0, 3.0 (2014-2015) • VaultCrypt (2015)

  6. Ransomware: What? – The Present • 2016: The Year of Online Extortion – 10 New ransomware families monthly • Jigsaw (April 2016) • Locky & Goliath variant & TrueCrypter (May 2016) • Stampado (July 2016) • CryptXXX (July 2016) • VariantscuteRansomware (July 2016) • CTB Faker, Alfa & Ranscam (July 2016) • Pokemon Go Ransomware (Aug 2016) • Venus Locker (Aug 2016)

  7. 2016 Hospital Targets • Feb: Hollywood Presbyterian Hospital in CA • Mar: Medstar Georgetown University Hospitals in MD/DC (10/250) • Mar: Methodist Hospital in KY • Mar: Prime Healthcare Management in Chino and Victorville, CA (2) • Mar: Norfolk General Hospital in Ontario • May: Kansas Heart Hospital • May: DeKalb Health in IN

  8. Ransomware: How?

  9. Ransomware: How? • Spam Mail or eFax plus malicious file attachments or links • Hackers using Exploit Kits (Crimeware) on web servers • Ransomware-as-a-Service (RaaS) for sale via the Dark Web • Stampado $39 • Locky $3,000 • Goliath $2,100 • Petya, Mischa & Cerber – Time-based RaaS “rentals” • Malvertising – Adobe Flash, Javascript, Silverlight based-ads

  10. Ransomware: Why? Targets Attackers Vast arsenal of attack tools & resources Expanded pool to include less tech-savvy attackers Anonymity via non-secure servers (mules) or Dark Web High volume of attacks in short time spans • Readily accessible remotely • Weak or gapped security protections & compliance • Culture that emphasizes speed & ease of use/access vs. safety • Limited security awareness

  11. The Real Reason… …or Litecoin, Peercoin or Namecoin or Amazon or iTunes gift cards…..

  12. The Future of Ransomware • Ransomware 2.0 • Self-propagating • Higher ransom • Additional file types beyond PDFs, MS Office, Images • Additional web server vulnerabilities

  13. Top Threats & Risks • Weak, unprotected or re-used passwords (e.g., LinkedIn) • Targeted spear phishing emails • Social engineering hacks via phone or in-person/on-premise • Physical security breaches • High risk websites with “drive by” AKA “no click” ads

  14. Top Threats & Risks • BYOD or lost/stolen endpoint devices • Unencrypted or insecure USBs, CDs • Non-sanctioned “Rogue Clouds” e.g., Google Drive, DropBox, etc. • Public Wi-Fi • Non-secure corporate, e-commerce or patient portal sites

  15. Common IT Exposures • Unpatched server & application vulnerabilities • Mis-used domain administrator accounts • Weak East-West firewalling within corp network- VLANs, vShield • Over-use of mapped drives • Unencrypted data at rest – SEDs, BitLocker • Data replication & back-up gaps • Untested or out of date BCDR plans

  16. Common IT Exposures • Single points of failure: network, systems & services • Server/Network device logging gaps & retention periods • Procedures & infrastructure documentation • Staff skill set redundancy & division of duty & responsibilities • Dedicated security staff with industry designations • Offensive Security Certified Professional • Certified Information Systems Security Professional • Certified Information Systems Auditor • Certified Ethical Hacker • Certified Intrusion Analyst

  17. Best Practices: Ransomware & Cyber Threats • Avoid paying ransom at all costs • Verify & test that 100% of data is replicated & backed up • Endpoint security for laptops, desktops – Bit9/Carbon Black • Email security solution – Proofpoint, Mimecast, ZixCorp • Anti-spam, anti-virus, malware prevention, attachment & link security • Enable TLS on Exchange & secure messaging encryption

  18. Best Practices: Ransomware & Cyber Threats • Internet content filtering, ad blockers - OpenDNS, Websense, Ghostery • Implement Next Gen Firewalls with SSL Decryption – Palo Alto • Outsource 24x7x365 network traffic monitoring – Dell SecureWorks • Implement data loss prevention solution – Symantec, McAfee, Splunk • Use a secure password manager – LastPass • Mobile device management solution – MobileIron, AirWatch

  19. Best Practices: Employees • Devise effective security awareness training programs • 16 Character passwords using passphrases (e.g., IT’s0n1ym0n3y!) • Phishing email testing tools such as PhishMe • Conduct social engineering tests via phone and at facilities • Implement Dual factor authentication for user logins/access – Duo • Secure file sharing service such as Box • Secure messaging service such as NetSfere

  20. Best Practices: Policies & Documentation • Vendor Management: • Conduct vendor security controls & practices surveys • Review technology supplier independent audit reports • Review & test BCDR plan – annually • Review & update - annually • IT Security Policy • Incident Response Plan • Secure cyber liability insurance coverage & renew - annually

  21. Best Practices: IT Security Assessments • Conduct regular policy monitoring & testing internally • Quarterly Vulnerability Testing & Penetration Testing • Semi-annual security assessment • Conduct third party IT security audit – annually • Progress & improve security over the long term – 3-5 yrs • Evolve annual security audit to: Red Team vs. BlueTeam Engagement - annually

  22. Collaborating with the CIO • CIOs have a tough job! • Integrating heterogeneous applications within a complex IT Infrastructure • Balancing end user experience, customer service, performance & security • Top-down guidance from organization leadership • “Were on the same team!” – Includes Compliance Officer • Regular & open communications • Necessary for proper division of duty & responsibility standard

  23. Healthcare’s IoT Dilemma: Connected Medical Devices • Threats: • Denial-of-Service • Patient Data Theft • Therapy Manipulation • Asset Destruction

  24. Risk Reduction of IoT • Search Shodan for Connected Devices on your Domain • Include Pen testing of devices as part of annual audit • Assign risk ratings based upon • Potential patient impact • Network connectivity • Data sensitivity • Likelihood of attack • Vendor security SLA • Demand security controls & updates from manufacturers • Apply a zero trust network architecture – East/West Firewalling

  25. Reference Sources & Documentation • The Medical Device Innovation Safety & Security Consortium • The National Cybersecurity Center of Excellence • The NIST Cybersecurity Practice Guide: • “Securing Electronic Health Records on Mobile Devices” • IEC Standard 80001-1 “Application of risk management for IT networks incorporating medical devices

  26. Despite all this Technology….. • It’s still all about PEOPLE • How do we – • educate, motivate, monitor, prepare, protect and serve – • employees, patients, boards, communities, markets, partners, etc? • Over the long haul? • Threats will persist & evolve when people are involved • Focus on progress vs. perfection

More Related