• No results found

How To Protect Yourself From A Hacker Attack

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "How To Protect Yourself From A Hacker Attack"

Copied!
26
0
0

Loading.... (view fulltext now)

Download now ( 26 Page )

Full text

(1)

Joe Oleksak, Plante Moran

(2)

Data Security Trends

Example Attacks

Industry Examples

An Answer

(3)

Targets - victims of opportunity:

Some will be a

target

regardless of what they do, but most

become a target

because

of

what they

don’t do

related to security.

Who Are The Victims?

2

(4)

Breaches – not rocket science:

Most

victims weren’t overpowered by unknowable and

unstoppable attacks.

we

know them well enough and we

Could This Be Prevented?

also

know how

(5)

Most Common Attack - Social:

Most

attacks began socially.

Employees

are your greatest asset, but often your weakest link to security.

How Are They Hacking?

4

Hackers

know

this, and have

developed social scams by the

thousands, hoping

but

one will

fall victim

.

(6)

Breaches in 2014 – went unnoticed:

Prevention is crucial, but we must accept the fact that no barrier is

impenetrable.

Detection/response

represents

an extremely critical

Why Can’t We Stop Them?

line of

defense

.

Ignorance is NOT bliss – what you don’t know

can hurt you!

(7)

6

9 7 % o f B r e a c h e s W e r e Av o i d a b l e

Most victims aren’t overpowered by unknowable and unstoppable attacks. For the most part, we

know them well enough and we also know how to stop them.

Verizon Data Breach Investigations Report

Weak Infrastructure

Weak design (firewalls, wireless routers)

Weak user authentication (users, passwords)

Encryption (VPN, secure portals)

Out-dated (patch management / anti-virus)

Lack of periodic testing

User Ignorance

Weak user passwords

Poor judgment

Social media

Phishing attacks

Third Party Vendors

Weak due diligence

Breach notification

Annual breach confirmation

Technology Advances

Mobile devices

(8)

9 7 % o f B r e a c h e s W e r e Av o i d a b l e

Most victims aren’t overpowered by unknowable and unstoppable attacks. For the most part, we

know them well enough and we also know how to stop them.

(9)

INFORMATION TECHNOLOGY SECURITY TRENDS, PLANTE MORAN

(10)
(11)
(12)
(13)

Not Always Hackers!

(14)
(15)

What Might it Cost?

(16)

Start with a Framework.

Different organizations view information security differently. Some of the differences are related to varied

risk and threat profiles impacting an organization — based on factors such as industry, location,

(17)

Assess Risk.

(18)

Secure the Network.

1. Data Classification – Public and Confidential (Sensitive/Private)

2. Perimeter Security - Firewalls, IDS/IPS

3. Wireless Security – SSID, Encryption, Default Password

4. Authentication – Users & Passwords

5. Encryption - Connectivity & Storage

6. Anti-virus

7. Patch Management

8. Remote Access

9. Network Monitoring

(19)

Secure the User.

18

Need to know basis/able to

perform job responsibilities

Segregation of duties

Administrative access

Super-user access

Internet vs. corporate system

access

Ad hoc vs. formal repeatable process

Single sign-on

User IDs/passwords

Use of technology (tokens, firewalls,

access points, encryption, etc.)

Full-time employees

Part-time employees and

contractors

Consultants and vendors

Customers

Visitors

Only when an issue is noted

User access logs

Annual review of access

Proactive review of user activity

Real-time monitoring of

(20)
(21)

Passwords Died in the 90s.

(22)

Secure the Vendor.

Due Diligence

Existence and corporate history, strategy, and reputation

References, qualifications, backgrounds, and reputations of company

principals, including criminal background checks

Financial status, including reviews of audited financial statements

Internal controls environment, security history, and audit coverage (SOC

Reports)

Policies vs. procedures

Legal complaints, litigation, or regulatory actions

Insurance coverage

(23)

Secure the Vendor.

22

Remote Access

Deploy a single central remote access solution for employees and vendors

to remotely access your network

Company should manage remote access tool and not the third-party vendor

Block access from any unapproved remote access tools used by third-party

vendors

Require each third-party vendor to use unique credentials to access your

network

Log and review third-party activities on your network

Breach Notification

Contract language should include breach notification requirement

(24)
(25)

In Summary… Simplified.

(26)

Joe Oleksak

Information Technology Security Trends

References

Download now ( PDF - 26 Page - 4.72 MB )

Related documents

Third-Party Access and Management Policy

Contracts with Service Providers are to contain terms and conditions, as well as an agreement to safeguard Chaminade’s cardholder data in all its formats

REGISTRATION AGREEMENT

Prior to providing third party bulk access to your Contact Information We will obtain an agreement in writing from such party by which it commits not to use the Contact

How To Protect Your Cloud From Attack

”Amazon Web Services Cloud Compliance enables customers to understand the robust controls in place at AWS to maintain security and data protection in the cloud. As you build

Bridge Abutment Pier Design as Per IRC

which will act at eccentricity ('CG of Load wrt center) -0.001 m Critical moment due to live load eccentricity -1.379375 kN-m Frictional force due to resistance of bearings

Improving Outcomes for Infants with Single Ventricle Physiology through Standardized Feeding during the Interstage

The purpose of this quality improvement project was to im- plement an evidence-based standardized feeding approach, as recommended by the JCCHD-NPCQIC, for infants with single

Unlocking cancer glycomes from histopathological formalin-fixed and paraffin-embedded (FFPE) tissue microdissections

PGC nanoLC-ESI MS/MS glycom- ics performed on mounted FFPE preserved hepatic tissue sec- tions (both, H&E stained and unstained) resulted in the detection of 77 N-glycan and

Collaborative relationships between logistics service providers and humanitarian organizations during disaster relief operations

Purpose – The purpose of this paper is to explore barriers and benefits of establishing relationships between humanitarian organizations (HOs) and logistics service providers (LSPs)

research highlight Water Penetration Resistance of Windows - Study of Codes, Standards,Testing, and Certification

 National Building Code of Canada (NBC 1995)  Canadian Window Standards (A440, A440.1, A440.4)  North American Fenestration Standard (NAFS)  CSA Windows and Doors