Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
© Aronson LLC | aronsonllc.com |
Non-Profit IT Threats in the New Normal
October 20, 2021
© Aronson LLC | aronsonllc.com
Agenda
• About Aronson / Introductions• Course Description & Learning Objectives• Cyber crime Financial Impacts• Attack Tactics & Techniques • Cybersecurity Program Basics
© Aronson LLC | aronsonllc.com 3
About Aronson
Aronson offers a diverse set of technical skills, industry knowledge, and resources in a responsive service model.
https://aronsonllc.com/service/cmmc-advisory/
4© Aronson LLC | aronsonllc.com
• Unique and diverse technical skillset with 20 years of experience in IT strategy, IT operations, cybersecurity, business process reengineering, agile methodologies, & more.
• Direct IT operations, cybersecurity, and digital business transformation activities for Aronson. • Previously served as the Director of IT at a Federal government contractor & 12+ years in
Big 4 Consulting.
Azunna leverages agile principles and practices to help businesses address:
Director of Technology Advisory & Information Technology, Aronson LLC
Azunna Anyanwu
IT OperationsImplement and execute ITIL based processes and procedures to deliver critical services in a standardized and repeatable manner with minimal downtime.
IT Strategy & ArchitectureDefine the technology vision, strategy and objectives based on current and planned business needs. Develop integrated processes and solutions to enable your business to operate optimally and reduce waste.
IT SecurityImplement security program and address gaps in IT security controls to achieve compliance with government, industry, or client requirements.
LinkedIn.com/in/Azunna/
© Aronson LLC | aronsonllc.com 5
Course Description & Learning Objectives
The pandemic and the abrupt shift to remote work has introduced additional risks for IT and cybersecurity professionals to protect against. During this discussion, we will talk about the different types of vulnerabilities and how to reduce your risks.
Learning Objectives
Understand cybersecurity risks in remote working
environments
Learn strategies to reduce risks
Learn the basics of a cyber security
program
© Aronson LLC | aronsonllc.com 6
Schools Under Attack
There have been 1,200 cyber incidents affecting K-12 public schools in all 50 states ~ K12 Security Information Exchange
Buffalo Public schools
• Shutdown by ransomware attack for one week (34,000 students affected)
Howard University
• Classes canceled, Wi-Fi shutdown on Howard U’s campus due to ransomware cyberattack
Biden Signs School Cybersecurity Bill (K-12
Cybersecurity Act of 2021)
• DHS CISA will study cyber risks affecting K-12 schools and develop recommendations to make them less vulnerable to attacks
Buffalo Public Schools: https://searchsecurity.techtarget.com/feature/The-biggest-ransomware-attacks-this-yearHoward University: https://www.wusa9.com/article/news/local/dc/howard-university-ransomware-cyberattack/65-15b329bf-f4f4-430a-aae7-4003df9cea89Biden School Bill: https://www.route-fifty.com/tech-data/2021/10/biden-signs-school-cybersecurity-bill/186022/
Cyber crime financial impacts
© Aronson LLC | aronsonllc.com 8
Hacking is a Lucrative BusinessRansomware and funds transfer fraud account for 50% of all insurance losses.
Ransomware
• Average Ransom demand is $1.2M (170% increase over 2020)
• Increase in ransom demands is due to: • Change in systems
necessary to go remote• Hackers have more insight
into what a company can “afford”, and the value of information stored
Funds Transfer Fraud
• Average funds transfer loss is $326K (180% increase over 2020)
• Often perpetrated through phishing and email compromise followed by social engineering • Modify payment instructions• Make fraudulent payments• Send doctored invoices,
spoofed emails
© Aronson LLC | aronsonllc.com 9
Should I Pay the Ransom if affected by Ransomware?
Do you have a viable backup?
YesSkip the payment and
try to recover from backup
Attackers may still attempt to extort you by
exposing stolen data (data exfiltration)
NoPay the ransom and hope the decryption
keys work.
US Government has put limits on ransom payments to known
terrorist organizations
You will typically want to/need to work through a 3rd party to negotiate
payment
© Aronson LLC | aronsonllc.com 10
How to Combat Ransomware
• Implement email security (spam filtering tools)• Train end users (cybersecurity awareness) • Implement a robust backup strategy (3-2-1 rule)
– Frequent backups– Offline storage of backups
• Patch software and address technical vulnerabilities
Create 3 copies of your data (1 primary copy and 2 backups)
Store your copies in at least 2 types of storage media (local drive, network share/NAS, tape drive, etc.)
Store 1 of these copies offsite (e.g., in the Cloud)
x2 x1x3
© Aronson LLC | aronsonllc.com 11
Funds Transfer Fraud Examples
Invoice Fraud• Spoofed email from vendor/supplier indicating a change in banking information • Spoofed email from CEO or leader authorizing a fraudulent payment • Hackers gain access to employee email and send invoices out to company
suppliers
Payroll Diversion• Spoofed email to employees from HR/Payroll asking for a change to direct
deposit accounts • Hackers gain access to employee’s direct deposit account and alters banking
information
© Aronson LLC | aronsonllc.com 12
Anatomy of a Funds Transfer Fraud Event
Victim Identification
Credential Theft (via phishing
email)Malicious logins Search for
transactions
Mailbox rules modified
Modification of payment requests
Criminal verification of instructions
Criminal receives fraudulent funds
transfer
How to Combat Funds Transfer Fraud• Define procedures for handling new payment requests or change in payment requests
– Call the requesting party on a known good number to confirm the request – Establish two-party approval for transfers or payment detail changes
Attack tactics & techniques
© Aronson LLC | aronsonllc.com 14
Business Email Compromise, Fraud, & Ransomware Attacks Are All on the Rise
Source: Cyber Insurance Coalition’s 1H 2021 Cyber Insurance Claims Reporthttps://info.coalitioninc.com/rs/566-KWJ-784/images/DLC-2021-07-Coalition-Cyber-Insurance-Claims-Report-2021-h1.pdf
© Aronson LLC | aronsonllc.com 15
Poll Question #1 – What was the most prevalent attack technique in 2021?
A. Phishing
B. External Remote Services
C. Public Facing Applications
© Aronson LLC | aronsonllc.com 16
Phishing Attacks
Phishing involves tricking a person via email into providing credentials or installing malware. Phishing can also occur via other means:• Smishing involves text or SMS messages• Vishing involves phone calls
Spear phishing targets specific, high value individuals with crafted attacks.
Attackers frequently email or call or text with a planned scenario, such as:• New Online Tool (Salesforce, Office365, Time and Expense Tracking, etc) • Annual HR benefits (“Log in to select new benefits package”)• Incident Response (“Enter credentials to confirm validity of account”)
Recommended Counter-Measures:• Append Disclaimer to External Email
• E.g. Messages received from outside the organization include a disclaimer highlighted in yellow• Security Awareness Training –
• Provides an overview of the most important issues.
© Aronson LLC | aronsonllc.com 17
Business Email Compromise (BEC)
• The FBI defines BEC as “a sophisticated scam targeting businesses working with suppliers and/or businesses that regularly perform wire transfer payments.
• The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”
$26BGlobal losses to
BEC scams
87%↑Phishing campaigns
targeting finance staff
75%Invoice Fraud
increase
© Aronson LLC | aronsonllc.com 18
Supply Chain Attack (Third-Party Vendors)
“A supply chain attack is a cyber-attack that seeks to damage an organization by targeting les-secure elements in the supply chain”. (Wikipedia)
SolarWinds Software compromised to infect thousands of clients
• https://www.sans.org/blog/what-you-need-to-know-about-the-solarwinds-supply-chain-attack/
Microsoft Exchange Server vulnerability affects US defense industrial base, think tanks and “hundreds of thousands” of organizations globally
• https://breakingdefense.com/2021/03/microsoft-updates-exchange-server-ioc-tool-emergency-alternative-mitigations-overnight/
200 businesses hit by ransomware after breach at Florida IT firm
• https://www.cnbc.com/2021/07/02/200-businesses-hit-by-ransomware-cybersecurity-company-says.html
© Aronson LLC | aronsonllc.com 19
Insider Threat Attack
Disgruntled HR executive trashed personnel files and deleted 17K resumes after being fired• Executive was fired over the phone
– Colleagues reported seeing her repeatedly hitting the delete key on her computer • Hours after she was escorted out of the office, she logged into an outside computer system
where she deleted the bulk of the files • The company spent $300K over 2 years to rebuild the system and spent another $100K to
get it working again. – Many files were unable to be retrieved.
https://www.marketwatch.com/story/ex-hr-exec-convicted-of-trashing-companys-personnel-records-and-deleting-17-000-resumes-after-being-fired-11629230357
Cybersecurity Program Basics
© Aronson LLC | aronsonllc.com 21
3 Keys To A Robust Cybersecurity Program
People
Process
Technology
Address Cybersecurity Holistically
© Aronson LLC | aronsonllc.com 22
Poll Question #2 – What Factors Should Be Addressed for Cybersecurity?
A. People
B. Process
C. Technology
D. All of the Above
© Aronson LLC | aronsonllc.com 23
Technology – Implement Tools that Address Common Risks
• Highly recommend implementing Endpoint Detection & Response (EDR) or Managed Detection & Response (MDR) tools
Deploy anti-virus tools to all endpoints (servers and computers)
• Consider implementing a central identity management system
Implement Multi-factor or Two-factor Authentication (MFA/TFA)
• Detect & block malware and non-malware email threats
Implement email security protection
© Aronson LLC | aronsonllc.com 24
Process – Develop a Security Program
Timely patch systems (servers, desktops,
applications, networking infrastructure, etc)
Actively monitor environment for vulnerabilities and anomalous events• Consider outsourcing to Managed
Security Services Provider (MSSP)
Enforce principle of least privilege across enterprise
(endpoints, servers, applications, etc)
Conduct 3rd party testing at least annually (e.g.,
penetration testing or cybersecurity assessments)
Develop & document policies, plans & procedures
Review and respond to threat intelligence feeds
(e.g., US-CERT)
© Aronson LLC | aronsonllc.com 25
People – Educate Staff on their Responsibility
Implement a security awareness training program for users
• Consider subscribing to a training platform or outsourcing to 3rd
party
Conduct phishing simulations (tests/campaigns)
Provide specialized cybersecurity training to IT personnel
© Aronson LLC | aronsonllc.com 26
What Should I Do Next (Cybersecurity Journey Map)?
• Identify scope & desired maturity level
• Perform independent security assessment
Security Assessment
• Develop / Update Security Plan, Policies, & Procedures
• Implement and/or enhance controls to address gaps
Gap Remediation • Review & document
objective evidence that demonstrates meeting recommended security controls
Sustain maturity
Minimum 12-18+ month process
© Aronson LLC | aronsonllc.com 27
Contact & Connect with Aronson
202.869.0995
https://aronsonllc.com/service/cmmc-advisory/
111 Rockville Pike, Suite 600Rockville, MD 20815
301.231.6200 | www.aronsonllc.com
© Aronson LLC | aronsonllc.com 28
Cybersecurity Best Practices (based on DOD CMMC ML1 Framework)
Access Control
• Use *strong* passwords to restrict log-on • Assign people “user” rights to their computer, not “Admin” rights • Limit connections to external information systems/networks • Limit and secure what’s posted or processed on publicly accessible
information systems
Identification & Authentication
• Don’t use shared logins (each person should have their own account) • Require authentication to access systems • Implement Multifactor Authentication (MFA/TFA)
System and Communications
Protection
• Continuously monitor information systems (servers, endpoints, and network infrastructure)
• Logically and physically separate public networks from internal networks
System and Information Integrity
• Install updates and patch systems in a timely manner • Use antivirus systems, update signatures regularly, and enable antivirus
scans
© Aronson LLC | aronsonllc.com 29
Additional Resources
• Protecting Against Ransomware – https://us-cert.cisa.gov/ncas/tips/ST19-001
• Avoiding Social Engineering and Phishing Attacks– https://us-cert.cisa.gov/ncas/tips/ST04-014
• Protecting Against Malicious Code– https://us-cert.cisa.gov/ncas/tips/ST18-271
• Internet Crime Complaint Center (IC3) – https://www.ic3.gov/default.aspx
• Cybersecurity for Nonprofits– https://www.councilofnonprofits.org/tools-resources/cybersecurity-nonprofits