Don't Be The Next Target!Protecting Your Business From The Latest Threats

Welcome!

Today’s subject:

Protecting Your Company from Ransomware

Trends

SMB’s Are More And More Digital

Small and Medium business has to compete more and more with Mega-stores. Most have:

● Web Sites● eCommerce Orders● Paypal● Square● Multiple Email Accounts● Social Media Accounts● Etc...

Trends

Big Data – Your Data

Facebook leverages big data in it’s marketing

Most businesses use Facebook in their marketing

Every social media platform uses big data

Trends

Most SMB’s will be in the cloud soon

Cloud services are lowering:

● Costs

● Complexities

● I.T. Staff

Trends

Bring Your Own Device(BYOD) is happening

So what is happening to Security?

Where is Business going to be exposed?

Around the World

● Daily Cyber Attacks Against US Gov

● Dams, Water Treatment, Power Grids

● ISIS Paying Big Money to Hackers

In The News

● Hollywood Hospital - $17,000 in Ransom

● Apple – 600,000 Incidents of Ransomware so far

● iPhone Encryption – FBI hacked it

In The News

“The New York State Attorney General’s office said that the number of breach notifications

issued by his office had risen 40% during 2016 compared with the same period a year earlier.”

- WSJ 05/05/16

What Are The Threats?Bots, Phishing, Social Engineering, Malware of all sorts

Who Has Been Affected?

Millions spent to respond and Millions in lost revenue

The Heritage FoundationIssue Brief #4487 on Cyber Security November 18, 2015

● Morgan Stanley – 350,000 Client Records Stolen● Anthem – 80 Million Client Records Stolen● Penn State – 18,000 Student Records Stolen● All Had Passwords - Firewalls - AntiVirus

What Are The Threats?BYOD (Bring Your Own Device):

● 20 Years Ago Software was Expensive

● Now iPhone Apps are Free or 99 cents

● Just Search for what you need and install it

What Could Go Wrong?

What Are The Threats?Social Media:

● People used to keep things private

● Now everyone’s life is public

● So our exposure to risk is at new levels

● Now it’s Easy for Hackers to find personal info to use in a Social Engineering or Phishing Attack

What Are The Threats?

Cheap Wireless Routers:

● Installed Randomly for Convenience

● Can be an Easy Gateway into your company data from hundreds of feet away

● Most are never monitored for illegal access

What Are The Threats?

False Security:

● Passwords Don’t Work – Malware Doesn’t Care

● Insider Threats are Huge – Employees Steal Data

● The FBI says it takes an average of 14 months for companies to detect an intruder. Most won’t know until it’s too late.

What Are The Threats?

Internal:

“90% of I.T. employees indicate that if they lost their jobs, they’d take sensitive company data with them...

59% of employees who leave an organization voluntarily or involuntarily, say they take sensitive data with them.”

Deloitte via WSJ – 05/02/16

Who Are The Targets?

“...SMB’s make much more attractive targets for cyber-thieves”

“...a data breach involving an SMB can be far more devastating for the company than a similar type breach at a larger company.”

csattorneys.com Nov 5, 2014

Ransomware

“The FBI said the number of so-called ransomware attacks is on the rise. Hackers break into a corporate network, encrypt data and hold it ransom until the victim agrees to pay...”

- WSJ 05/04/16

Ransomware

“More small businesses are falling victim to “ransomware…”

“...Bitcoin is a preferred method of payment, partly because the use of bitcoin makes payments difficult to track.”

WSJ – April 15, 2015

Ransomware

“...About 30% of ransomware victims pay to regain their data, estimates Tom Kellermann, chief cybersecurity officer for Trend Micro Inc., an Irving, Texas, cybersecurity firm.”

WSJ – April 15, 2015

How Can You Be Safe?

Start with 3 important questions:

1) What are you Protecting?

2) What are the Threats?

3) What is happening right now?

What Are You Trying To Protect?

● Company Secrets, Intellectual Property

● Customer Emails, Credit Card Details, Purchases

● Company Accounting System

● Patient Health Records

● What’s Important?

What Are Your Threats To That?

● Contractors?

● Service Providers?

● Employees?

● Hackers?

● Ransomware?

What Is Happening – Right Now?

● Do you know – right now – what is happening to that data?

● How will you respond to a breach?

● You are liable for it, Not the I.T. dept.

What Can Be Done?

Think about home security:

What secures a home?

Locks – Alarms – Dogs – What Else?

What Can Be Done?

Home Security

Protect Detect Respond

DoorsWindowsLocksFence

AlarmsMotion SensorsCrime WatchMonitoring

DogGunPoliceInsurance

Which column is most important?

What Can Be Done?

Protect Detect Respond

DoorsWindowsLocksFence

AlarmsMotion SensorsCrime WatchMonitoring

DogGunPoliceInsurance

Must Have – But They ALL Break

Must Be Able To Detect The Break

Must Be Able To Respond Quickly

You Cannot keep people out – But you can detect them

A System

Security is not Firewalls, Passwords Or Encryption

Security Is A System

The System is a combination of People, Policies, Training and Technology all working together

(When) Will It Happen To You?

● That is the question.

● Everyday I work with small business who have Malware of all sorts on their business and personal computers.

● Much of it is designed to be a back door into the computer – bypassing firewalls and anti-virus.

● And some... the evil Ransomware

● Most SMB’s have no system to Detect and Respond in time

Compliance

Do Industry Compliance Standards = Security?

PCI-DSS, HIPAA, Etc

If Compliance = Security how do Hospitals, Financial Institutions and Retailers get hacked every day?

Compliance <> Security!

Cost and Liability

The Ponemon Institute and Symantec estimates that it costs businesses $188 per record lost.

Just 1000 records = $188,000 in one breach!

Businesses also suffer potentially priceless damage to their reputation and trust.

Cyber Insurance

“...Cyber liability insurance coverage (CLIC) has been available for more than 12 years…

The average cost of a data breach to the affected business is $3.8 million...a 23 percent increase since 2013...”

CNN.com June 30, 2015

Attitude?

“Security is also a Frame of Mind...

It’s about Culture, Structure and Strategy...

Every aspect of doing business requires looking at it through a security lens...”

Paraphrased from TheGuardian.com Mar 11, 2014

How Do You Answer...● Do you have Policies in place for proper handling of

company data?

● Do you have a system to provide Security Intelligence?

● Do you have an Employee Cyber Security Training Program?

Remember – Cybercrime is the fastest growing industry!

Key Points

● Biggest Threat = Ransomware - Easy Money For Hackers

● Malware is SMART – Typical Anti-Virus is almost useless

● Most Big co’s have been hacked. SMB’s are even Easier

● Targeted Social Engineering attacks are growing fast

● Employee Security Awareness Training is a Must!

Key Points

● Compliance is NOT security

● Security is a State of Mind

● Liability for exposing customer data is Real & Expensive

● A Complete System is required for modern security

What Is Your Risk?

Is your customer data leaking right now?

How do you know?

We can help you find out – right now

Thank You!