Hillen Presentation 2017 MTASC AM

1 10/10/20171 :IOT,VENDORS, MTASC | September 28, 2017 Managed IT & Cybersecurity. Done Better. AGENDA Threat Landscape Internet of Things Threat Intelligence Third Party Vendors New trends in Ransomware Mobile Device Security 2 WHOWE ARE10/10/20172 Shortlisted Top20 IT Providers,2017 Top 25 Compliance ITProviders, 2017 Managed Security100 of MSP500, 2017 Top 25 CyberSecurity Companies,2017 Most OutstandingCloud Hosting Service,2017 2016, 2015, 2014 20 Most Promising ITService Companies, 2017 Top 20 Leading ITService Companies, 2017 London, UKClient Services Bangalore,IndiaSystems 4 SOC 1 TYPE 2 7 CONTROLS SOC 2 TYPE 1 9 CONTROLS OUR FOOTPRINT EMPLOYEES LOCATIONS 187+ 300+ CLIENTS 7 NORMAN,OK NOC RALEIGH,NC Security Ops Allentown,PADataCenter Corporate HQ NEWYORK,NY Stamford, CTClient Services WHY WE RE HERE THREAT LANDSCAPE 610/10/20173 WHY THE BAD ACTORS ARE WINNING 2017 Focus 7 of breaches involved organized crime 51% 61%of victims are from orgs < 1000 users of all breaches utilized social attacks of social engineering used phishing 43% 93% were duped more than once of targets fell for phishing 7% 25% of hacking-related breaches leveraged stolen and/or weak passwords of malware was installed via malicious email attachments 81% 66%2017 Verizon Data Breach Investigations Report #1 KILLER: PHISHING 8 Recent Breaches80 MILLION+$100,000,000+Spear PhishingPeople AffectedCost22 MILLION+$350,000,000 Phishing ScamPeople AffectedCost + $25,000 Cost 2 & 200 People Affected Whaling Scam INTERNET OF THINGS (IOT)10/10/20174 The Internet of Things (IoT) and Machine to Machine (M2M) technology will increase productivity in ways not seen since the Industrial and Digital Revolutions, but at what cost?

2 (Trustwave, ) 10 INTERNET OF THINGS 11 The Internet of things (IoT) is the network of physical devices, vehicles, wearables and other items embedded with electronics, software, sensors, actuators with network connectivity enabled to collect and exchange data and be controlled remotely across existing infrastructure. 2015 ~ billion connected devices 2020 ~ billion More than half of major new business processes and systems will include an IoT component by 2020 Gartner INTERNET OF THINGS: TOP VULNERABILITIES 12 Insecure Web Interface Insufficient Authentication/Authorization Insecure Network Services Privacy Concerns Physical Security10/10/20175 INTERNET OF THINGS Insecure Web Interface - Secure web interface to prevent XSS, SQLi or CSRF - Ensure credentials are not exposed in internal or external network traffic - Configure/confirm account lockout after 3 -5 failed login attempts 13 INTERNET OF THINGS Insufficient Authentication/Authorization - Change default passwords /default usernames during initial setup - Require strong passwords - Implement two factor authentication where possible 14 INTERNET OF THINGS Insecure Network Services - Confirm only necessary ports are exposed and available (vuln scan/penetration test)

3 1510/10/20176 INTERNET OF THINGS Data Privacy Concerns - Confirm only data critical to the functionality of the device is collected and transmitted Roomba - Mapping your house oLooking to monetize $$$? Pets, children 16 INTERNET OF THINGS Physical Security - Ensuring data storage medium can not be easily removed. - Restrict access to USB ports oFirmware extraction (usernames/PW) oUser CLI oA dm in C L I oPrivilege escalation oReset to insecure state 17 INTERNET OF THINGS What Do I Do? - Network segmentation - Monitoring of the environment oCurrent Devices oKnowing when a new one is connected - Configuration management - Firmware updates - Awareness of automate processes oAV software on cardiac tool during a proceedure 1810/10/20177 THREAT INTELLIGENCE Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject s response to that menace or hazard.

4 Gartner 20 THREAT INTELLIGENCE Using multiple sources to improve your security posture, detect events sooner, and potentially prevent incidents . - Internal - External 2110/10/20178 THREAT INTELLIGENCE 22 Internal Sources - SIEM - IPS/IDS - NetFlow - Endpoint oC y l a n c e oC a r bo n B la c k oCrowdStrike Falcon - Honeypots oC a n a r y THREAT INTELLIGENCE 23 - For your org oB l u e l i v oIn ts igh ts - For third parties oB i t S i g h t oSecurityScorecard External Sources - Data feeds/crowdsourced platforms oF i r e E y e oMalwareDoma ins .c om - S e r v i c e oCisco Umbrella OpenDNS - Multi-State Information Sharing and Analysis Center (MS-ISAC) - Have I been pwned? Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security THIRD PARTY VENDORS10/10/20179 THIRD PARTY VENDORS What happens once if there is an event? - Typically based on agreement/contract Due Diligence Questionnaire (DDQ) Review of other artifacts - Statement on Standards for Attestation Engagements No.

5 16 (SSAE 16) Technical evaluations - Frequency - Independent third party - Describe the pentest methodology (vuln scan, external only, internal) - Social engineering 25 THIRD PARTY VENDORS 26 - Tr a i n i n g oF o r m a l oD o c u m e n t e d oTailored by job function - Incident Response oPolicies and procedures oD a ta m a ppin g oDescribe last event Describe how your organization is addressing the following : - Governance and Risk Assessment - Access Rights and Controls oA c c e s s r e v ie w oRights review - Data Loss Prevention oMovement of data - Ve n do r M a n a ge m e n t oHow do they select their vendors oO v e r s i g h t THIRD PARTY VENDORS 27 Check on them: oBitSight oSecurityScorecard10/10/201710 NEW TRENDS IN RANSOMWARE NEW TRENDS IN RANSOMWARE Ransomware Reaches Peak With WannaCry and Petya - WannaCry infected >300,000 computers in 150 countries oExploited a vulnerability in Windows Server Message Block (SMB) protocol.

6 OWorm looks for open port 445; spreads w/o user interaction. Enterprises Still Trip Over Old Vulnerabilities 29 NEW TRENDS IN RANSOMWARE More evasion techniques: no executable A decline of ransomware will only come as a result of law enforcement action / cooperation Targets move from individuals to higher-value data, deeper pockets 3010/10/201711 RANSOMWARE PREVENTION Backups, backups, backups and test those backups regularly. Keep web browsers and plug-ins such as Adobe Flash and Microsoft Silverlight updated Uninstall any browser plug-ins that are not required for business purposes, and prevent re- instalation Disable Microsoft Office macros by default, and selectively enable them for those who need macros. Scan incoming emails for suspicious attachments, including examining all compressed attachments. Do not give all users in the organization local administrative access to their workstations. Use the analog solution: people (UAT) 31 MOBILE DEVICE SECURITY MOBILE DEVICE SECURITY Mobile Device Management (MDM) - Microsoft Intune - V M w a r e A ir w a tc h - Citrix XenMobile - IB M M a a S 3 6 0 Support for: - iOS, Android, Windows Phone - Remote Lock (should already have a PIN) - Re m o te W ipe - Enterprise Wipe (BYOD) 3310/10/201712 SMARTPHONES & OTHER MOBILE DEVICES Best Practices 34 SMARTPHONES & OTHER MOBILE DEVICES Additional Best Practices 35 WHAT TO DO 3610/10/201713 MOST OF US ARE GUILTY 37 AGIO PHISHINGINDICATORS 39 Verify your account.

7 Businesses should not ask you to send passwords, login names,SSNs or other personally identifiable information (PII) via e-mail. If you don t respond within 48hours, your account will beclosed. These messages convey a sense of urgency so you ll respondimmediately without thinking. Dear Valued Customer, Phishing e-mail messages are usually sent out in bulk and oftendo not contain your first or last name. Click the link belowto gain access to your account. HTML-formatted messages can contain links or forms you can fillout just as you would fill out a form on a communicationsE-mail messages asking the user to perform an action that werenot initiated by the user should be and spelling errorsPhishing is often conducted by individuals that are not nativeEnglish speakers, and the messages will have grammar andspelling RECENT EXAMPLE: 40 Sender email Hovering over buttondisplayed link not HOW TO SPOT A BAD URL IN YOUR BROWSER Find the last dot before the first slash.

8 Immediately to the left is myworksite so this address goes Although it says myworksite Find the last dot before the first slash. it s not near the first slash; Immediately to the left is fakesite so this therefore, it s irrelevant. address goes 41 PHYSICAL SECURITY Focus Areas 4210/10/201715 PASSWORD MANAGEMENT Elements of a Strong Password 43 PASSWORD MANAGEMENT Creating a Strong Password 44 MALWARE Types of Malware & How They Infect a Computer 4510/10/201716 MALWARE Best Practices 46BE CAUTIOUS ON SOCIALMEDIA47 FACEBOOK SECURITY RECOMMENDATIONS 48 Get Alerts & Use Two-Factor Authentication10/10/201717 FACEBOOK SECURITY RECOMMENDATIONS 49 Review Privacy Settings & Apps *Additional: Review Apps section and remove any apps and devices not in use. LINKEDIN SECURITY RECOMMENDATIONS Setup Two-Step Verification 50 LINKEDIN SECURITY RECOMMENDATIONS Review Privacy Settings 5110/10/201718 LINKEDIN SECURITY RECOMMENDATIONS Get an Archive of Your Data 52 TWITTER SECURITY RECOMMENDATIONS Setup Two-Factor Authentication & Password Reset Setting 53 TWITTER SECURITY RECOMMENDATIONS Review Privacy Settings 5410/10/201719 BRILLIANCE IN THE BASICS 55 Limit use of administrative accounts Keep your PC s, Mac s, iPhones, iPads, printers, and home routers updated Enable two-factor authentication/two-step Use a password manager to store different/complex passwords (LastPass, KeePass, or Password Safe) Install anti-virus on all computers(yes, even Mac OS X)THINK BEFOREYOU CLICK Know the Sender & Double Verify an Attachment Ray Hillen | Managed IT & Cybersecurity.

9 Done Better.