200 likes | 298 Views
# DataBoss. Reducing the Risks of Insider Threats. Presented by: Johnathan Ferrick Product Manager, Carbonite. # DataBoss. S ecurity vulnerabilities common for small and midsize businesses Simple human errors that any employee can make Spotlight on ransomware
E N D
#DataBoss Reducing the Risks ofInsider Threats Presented by: Johnathan Ferrick Product Manager, Carbonite
#DataBoss Security vulnerabilities common for small and midsize businesses Simple human errors that any employee can make Spotlight on ransomware The steps that all organizations should take to mitigate insider threats How cloud backup fits in Q&A Today’s Agenda
#DataBoss Common Security Vulnerabilities • Unlike large corporations that are using their deep pockets to strengthen their security measures, small businesses • lack the resources and expertise to defend against hackers. • Increasingly viewed as the easier target, small businesses continue to come under siege. • Common points of entry include: • Point of Sale (PoS) equipment • Rogue access points via mobile devices • Email phishing exploits • Downloadable malware • Outdated antivirus systems Be Warned: 60% of all online attacks in 2014 targeted small and midsize businesses Cost of data breach for small businesses averages $38,000 56% of customers lose trust and confidence in a hacked business
#DataBoss Turning Security Inside Out Hackers have changed their tactics. They’re targeting people as a way to get inside IT networks.
#DataBoss Beware your Unwitting Insider “An insider threat is generally defined as a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization's information or information systems.” – National Cybersecurity and Communications Integration Center • However, insiders do not have to be malicious to be a threat: well-intentioned employees who are negligent when it comes to security are just as dangerous. • Verizon’s 2015 Data Breach Investigations Report finds that errors made by internal staff represent a significant volume of breaches and records. Variety of miscellaneous errors include:
#DataBoss When Good Employees do Bad Things • Shadow IT • Social sharing • Rogue sites • Phishing schemes • Infections • Remote assistance scams • Secondhand devices • No training • … The list goes on & the rise of ransomware…
#DataBoss Ransomware: Definition, Facts and Statistics Ransomwareis a type of malware that prevents or limits users from accessing their data. No device is safe! Ransomware targets desktopcomputers, file servers, smartphones and tablets. Ransomware has been around since 1989, but has become much more prevalent in recent years. Anonymous payment methods, like Bitcoin and voucher payments, make it easier for cybercriminals to cover their tracks and evade law enforcement. An estimated $325 million in ransom payment due to CryptoWall was calculated during recent security analysis It forces its victims to pay a ransom in order to gain access to their systems, or to get their data back.
#DataBoss Common Security Vulnerabilities • CRYPTOWALL • First appeared in November 2013 • The latest version – CryptoWall3.0 – appeared in January 2015 • Incorporates data-theft malware • Virus can steal potentially valuable data from infected systems • Has been disguised as resumes, orders, passports and other communications common to businesses • More than 600,000 computers infected– and more than 250,000 in the U.S. alone • TORRENTLOCKER • First released in the summer of 2014 • Made up of components of CryptoLocker and CryptoWall • Typically distributed via emails disguised as shipping notifications, speeding violations or other corporate/government correspondence • Some forms of Torrentlocker self-destruct to prevent IT personnel from collecting samples • CRYPTOFORTRESS • First made headlines in February 2015 • Similar to TorrentLocker in appearance • PACMAN • Debuted in early 2015 • Uses very convincing Dropbox links to fool victims
#DataBoss Ransomware: Don’t be Duped!
#DataBoss Ransomware Recovery As soon as ransomware infection has been discovered in your environment,stop all network activity including file shares to limit the impact of the attack across systems. Follow 5 Simple Steps to Ransomware Recovery: 1 Use an antivirus (A/V) tool across all computers on your network to determinethe extent of the infection, and remove it from them. 2 3 Once the infection has been cleared, assess the extent of the file damage. 4 Remove the infected files from your systems by deleting them. Use your backup and recovery solution, such as Carbonite,to recover uninfected versions of the encrypted files. 5
#DataBoss Ransomware is just one attack vector.Taking these additional steps will increase your security against broader insider threats: Always encrypt your data: If you want to minimize the impact of an insider threat, always encrypt data. Not all employees need access to all data and encryption adds another layer of protection. Know the different types of insider threats: There are different types of insider threats – malicious and unwitting. With unknown actors becoming more of a threat, it’s crucial that employees are completely invested in avoiding risky behavior around company data. Do background checks before hiring: Before you hire a new employee, make sure you are doing background checks. Not only will this show any suspicious history, it can stop you from hiring any criminals or those associated with your competitors. Personality tests can also red flag the propensity for malicious behavior. Educate your staff: Educating your staff on best practices for network security is imperative. It is much easier for employees to use this information if they are aware of the consequences of negligent behavior. Use monitoring solutions: There are monitoring solutions that you can use, such as application, identity and device data, which can be an invaluable resource for tracking down the source of any insider attack. Mitigating Insider Threats – Part 1
#DataBoss Use proper termination practices: Just as you want to be careful when hiring new employees, when terminating employees, you also must use proper practices. This includes revoking access to networks and paying attention to employee actions on the network in the days before they leave. Go beyond the IT department: Though your IT department is a valuable resource, it cannot be your only defense against insider threats. Make sure you are using a number of programs and several departments to form a team against the possibility of threats. Consider access controls: Access controls may help to deter both malicious and negligent threats. This also makes it more difficult to access data. Have checks and balances for all staff and systems: It is also important to ensure there are checks and balances in place, i.e. having more than one person with access to a system, tracking that usage and banning shared usernames and passwords. Analyze network logs: You should collect, store and regularly analyze all of your network logs, and make sure it’s known that you do this. This will show the staff that you are watching what they are doing, making them less likely to attempt an insider attack. Mitigating Insider Threats – Part 2
#DataBoss Always back up your data: Employees may be malicious or more likely they make big mistakes. And when they do, you’d sleep better at night knowing you have redundant, secure cloud based backup to keep your business up and running. A backup solution with a versioning feature – like Carbonite’s backup and recovery solutions– allows you to roll back to a specific date before your business’ systems were infected. The more frequently your business backs up its data, the more recent your recovery point can be.Your recovery point is the date of your most recent backup prior to the infection. Depending on the nature of your business, it may be worth the peace of mind and risk reduction to have more frequent, continuous backups. A Backup Plan is Essential
#DataBoss A hybrid backup solution is one that backs up bothto a local device and to the cloud. It’s the optimal way to back up as it offers the speed of local storage and the security of cloud backup to protect business data under any conditions. Use local backup for the fastest possible backup and recovery, and prevent data loss from natural disasters, local failures, or ransomware attacks with cloud backup. What is Hybrid Backup?
#DataBoss The 3-2-1 Backup Rule for Protecting Critical Business Data Save at least 3 copies of data An old maxim says, “2 is 1 and 1 is none.” Make sure you have 3 copies of data. Even if the odds of losing both copies are slim, having 3 copies gives you significantly better chances of retaining at least one copy of your data. Store them on 2 different storage types The chances of having 2 failures of the same storage type are much betterthan for 2 completely different types of storage. So if you have data stored on an internal hard drive, make sure you have a secondarystorage type, such as external or removable storage, or the cloud. Keep 1 copy offsite Even if you have 2 copies on two separate storage types but both are stored onsite, a local disaster could wipe out both of them. Keep a third copy in an offsite location, like the cloud, to make sure you can still recovercritical data after a local disaster. 3 2 1
#DataBoss Q&A Ask us your security questions!
#DataBoss FOR MORE INFORMATION Visit www.beadataboss.com to download Carbonite’s new eBook, “Protecting your Business in the Digital Age” • Sources: • The New York Times, No Business too Small to be Hacked; January 13, 2016 • Kaspersky Lab Damage Control: The Cost of Security Breaches; October, 2015 • Ponemon Institute, 2012 Business Banking Trust; August, 2012 • Carbonite, Protecting your Business in the Digital Age; March, 2016 • Verizon, Verizon 2015 Data Breach Investigations Report; April, 2015 • Cyber Threat Alliance, Analysis of the CryptoWall Version 3 Threat; October, 2015