Ransomware Threat: Keeping Your Network Secure

Ransomware Threat: Keeping Your Network secure

Cyber Security Risks and Mitigation Strategies

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING •Today’s Cyberattacks • 312 • •Over WEALTH that organizations approximately

ADVISORY 2017

◊ ◊ ◊

data to

| 4 http://blogs.rsa.com/best https://www.scmagazine.com/report http://www.zdnet.com/article/over OUTSOURCING

billion steal

cyber

breaches

National | AUDIT,

dollars

cost

‐ TAX, data ten

criminals $86K

AND ‐

CONSULTING advice

times small

records as ‐

digital

per ‐

Cyber four ‐ of finds ‐ citizens ‐ billion

to ‐ that prefer March more incident ‐

‐ data

stop ‐ medium than were

‐ ‐ records amount think Security ‐ 312

‐ to ‐ data connect/ 14, ‐

were

stolen

‐ and breaches target ‐

stolen

2017 business

‐ ‐ larger in this ‐

2016

‐ Trends in year/article/644421/

data, /

2016

rather

Sports

ADVISORY Few

Hotels

& Central Century Shield

Red

Bradstreet

Inn

Blue OUTSOURCING restaurants Entertainment

Door BlueCross Company

Indiana

Oncology Cross

| Cancer AUDIT,

TAX,

BlueShield

AND

Services

CONSULTING Association

Breaches

of of

elaeHealth WellCare • •VTech •Verity•University •Verizon Radiology • •Quest Neiman • Health MedStar • •Madison •Yahoo Florida

reported

Diagnotics Health

Enterprise Marcus

Square

Regional of

Central

Garden Plans

Solutions Center

in Florida

Inc.

2017

your Threat

enemy

ADVISORY

do | OUTSOURCING

of of of access leakage corruption loss

computing network network

–Threat |

AUDIT, secure

Security

TAX,

AND

security privacy CONSULTING

equipment systems?

Landscape

ADVISORY

Simson secure

“Web

OUTSOURCING afne with Garfinkel

Security

system of

| we AUDIT,

and

a Gene

TAX,

Commerce” expect.”

AND Secure

Spafford

CONSULTING

one

we System

can

depend

ADVISORY

are

| OUTSOURCING

we | AUDIT,

attacked?

TAX,

AND

ADVISORY

| OUTSOURCING

providers systems |

AUDIT, Industry

of as

TAX,

AND

business a

CONSULTING

service”)

ADVISORY ◊

Verizon and OUTSOURCING

market

“hands sophisticated

have

is breaches

hacking

a 2016 AUDIT,

root

TAX, “monetized”

‐ economy on”

AND Data

CONSULTING

has cause

effort attacks

Breach

hacking

financial

behind

Investigations

including

their

the

espionage activity

Report

majority ransomware

(DBIR)

motive

cyber

ADVISORY

| OUTSOURCING |

AUDIT, Motivation

TAX,

AND

ADVISORY

Configuration |

OUTSOURCING Phishing Engineering

attackers

Phishing” | AUDIT,

TAX,

AND

CONSULTING

get

ADVISORY is

two

do important

| breaches OUTSOURCING

scenarios attackers

| to

AUDIT, the

TAX,

compromised/malicious

AND or website

CONSULTING

learn

malware

get

how

in are ‐

infections

to legitimate Protecting

identify

website

start

and if

the

Yourself

from safe

one

ADVISORY

| OUTSOURCING | AUDIT,

TAX,

AND

CONSULTING of 100,000 approximately Dataset were 2016 organization industry data Number incidents

which

breaches

Verizon confirmed

contained

incidents and of

3,141 by

security

victim size.

DBIR

ADVISORY

| OUTSOURCING | AUDIT,

TAX,

AND

CONSULTING of 100,000 approximately Dataset were confirmed data Number incidents and by 2016 size

which victim

organization

breaches

Verizon confirmed

contained

incidents of

3,141 industry with

data security

DBIR

loss

the

primary

PHISHING

ADVISORY the ◊

(Password, OUTSOURCING is attacker

a put: Email

that malicious

confidential

| someone

AUDIT, and

action?

TAX,

Account Phishing?

AND open

CONSULTING website

Number, information a

perform malicious

etc.)

file

action

that

will

benefit

ADVISORY

Phishing

OUTSOURCING amount

Phishing

target

–“C |

AUDIT, Attack targeted ‐

TAX,

level” of

AND Attack –A

CONSULTING users

(Spamming)

custom

executives

message

Attacker – or

management

built

targets

for

link WEALTH

ADVISORY requests

| OUTSOURCING

a the

Malicious |

user AUDIT,

TAX,

AND

CONSULTING visit

website

Link

perform

account

ADVISORY link

appears

| over OUTSOURCING

link

| to

AUDIT, a

go with

TAX, Malicious

AND

CONSULTING your Amazon

mouse

but

will is Link

actually

show

the

going

true

path

malicious

site.

ADVISORY

| OUTSOURCING

Example | AUDIT,

TAX,

AND

ADVISORY is

becoming

OUTSOURCING phishing

Internal are

to |

AUDIT,

appear becoming

TAX,

more attacks

AND

CONSULTING

Source

common

come more everyday.

from sophisticated

for

an a

trusted

phishing with

internal

their

great

ADVISORY 2017

FBI ‐ ups

| OUTSOURCING

says

last

| it

year, AUDIT, threat attacks spiked Damages

received

TAX, Impact

AND

costing

CONSULTING

on 752%

hit

Predicted the 2,453

over

the in

rise

new

700,000 complaints

victims

families 'almost

Reach

more users

about

40%

in $1

than in

2016

Billion

one of

ransomware

$24 businesses

year

Annually

million

ADVISORY

| OUTSOURCING | AUDIT, ‐

TAX,

AND Threat

CONSULTING

ADVISORY

| OUTSOURCING | AUDIT, ‐

TAX,

AND Threat

CONSULTING n/us/enterprise/media/security_r

type

ADVISORY

system

◊ ◊ ◊

of Grade |

OUTSOURCING computer demand Justice ransom Pop Law Fake Dangerous

Ransomware?

malicious Grade ‐

enforcement up

antivirus until

messages

AUDIT, messages money

payment

for

TAX,

a AND

which

tools

CONSULTING sum be

software

say

scams to paid

pretend claim you

fix

your of

by them.

need use

money

they've

a files

deadline

fake designed

detect are

pay

FBI detected

encrypted is

a or in

malware

fine. paid.

order U.S.

to illegal

Department

to and block

issues

return

activity demand

and

access

them.

of on

your

ADVISORY

◊ ◊ ◊

just is

are | OUTSOURCING Payments Data Well

strains variants

Ransomware? on

customized Windows

over on

all the | AUDIT,

local

data,

400

are

TAX, CryptoLocker, have

Availability

AND and

machine

often and

CONSULTING

hold

operating

custom counting constant

in to

Bitcoin and

“ransom” their

Mamba, of

ransomware

network

evolution victim network systems,

for

etc.

data also

web

Apple

pages

ADVISORY

has stated is

| credentials OUTSOURCING

criminals to is Ransomware?

told

from

not do

| they AUDIT,

victims than

provided

delivered

TAX, backups

AND

have attempt

CONSULTING are

exfiltration

used started

decryption

pay through

for

the

delete

seeing

of network

ransom

email the

key

host

data instances

phishing after

access

if and

they

paying network

cannot where

ADVISORY

| OUTSOURCING | AUDIT,

TAX, –Email

AND

CONSULTING

Phishing ‐ detecting

ADVISORY

| OUTSOURCING

with

encrypts

| it AUDIT,

can

TAX, Attack –

AND

CONSULTING

ADVISORY

OUTSOURCING 3,

2017 Pennsylvania news/2017/03/03/pennsylvania | AUDIT,

‐ –Case

TAX, working

AND

CONSULTING

Studies

with

Senate ‐ senate

Microsoft ‐ democrats

Democrats ‐ fall

‐ victim to

restore ‐ to ‐ ransomware

the ‐ attack/21873178

ADVISORY

| OUTSOURCING |

AUDIT,

Hackers –Case $28,000

TAX,

AND

CONSULTING

Blackmail

in Studies ‐

malware ransom ‐ attack.html

Los

was

Angeles

paid

Valley

Maine Ransom http://www.nbcnews.com/news/us

ADVISORY and

U.S. |

OUTSOURCING )

| AUDIT,

–Case

TAX,

AND ‐ news/ransomware

CONSULTING

department WEALTH

ADVISORY

OUTSOURCING was

able | AUDIT,

to –Case

TAX, recover

AND

CONSULTING

most

Studies

of ‐ cybercrime/

the

files

and

had

the

system

back

within

defense Defensive

Foundation • ADVISORY

OUTSOURCING Policies | AUDIT,

TAX,

for

AND –Define

CONSULTING

governance

what

expected

ADVISORY visiting

Security something

| OUTSOURCING

how is

browse trust trust

key you CHECK |

AUDIT, to

links attachments

are to

TAX,

looks

Awareness identify the

AND

protecting visiting

CONSULTING IT

web/check

odd… BEFORE

the phishing

website

yourself

YOU email

emails

CLICK you as

online: an

think

administrator and

IT!

you

malicious

are

ADVISORY

users OUTSOURCING

are user should

the

AUDIT, should minimum

access TAX,

backups include AND

CONSULTING

O have NOT

roles access

stored?

staff

and

and administrator

also

least permissions

privilege

rights

ADVISORY Endpoint Turn Passwords Application Hardening • •

| OUTSOURCING • Software FTP,

off

https://technet.microsoft.com/en internal

| Telnet, AUDIT,

unneeded

TAX,

Protection Restriction

AND

checklists –NO

CONSULTING controls

NetBIOS

systems

default,

Policies

services

– Anti

(end

‐ Use us/library/cc759648(v=ws.10).aspx ‐ Malware,

passphrases points)

ADVISORY

| OUTSOURCING

and

to |

AUDIT, address

validate

system

TAX, management

patch patches

AND

CONSULTING

the

management patches

exceptions effectiveness

ADVISORY

defined network

| workstations OUTSOURCING

integration

and

facing AND

segments | AUDIT,

traffic, “Web

perimeter TAX,

out

AND

hosts,

CONSULTING

for

security

ADVISORY

| OUTSOURCING

infrastructure

authentication

vs.

AUDIT, alerting audit

TAX, Reviewing

AND

CONSULTING

logging,

capabilities

include –

analysis,

remote

and

access

ADVISORY

emails Office

JAR)

filtering

potentially |

Modify ”whitelist” OUTSOURCING

your

rule

documents that

subject

AUDIT, organization’s to

evaluate TAX, approach originate

malicious capabilities

AND

line CONSULTING

that to

Envelope

–only

say from

file contain

domain ‘External’

allow

attachments the

and

specific

Internet Letter Macros

from

FROM

being types

as (e.g.

suspicious field

spoofed

ZIP,

RAR,

ADVISORY

combination

‐

Control implementation | OUTSOURCING

that | AUDIT,

Audits Testing

TAX,

Assessments

AND

of it

CONSULTING

all internal

and works

post

and

the ‐

implementation external

way

resources you

ADVISORY

managed |

OUTSOURCING own…

Management

vendor up

communication

audit response AUDIT,

TAX,

your

services,

AND management your

CONSULTING systems

contracts

capabilities

standards

require protocols

and

SLAs

least vendors

secure

agree

ADVISORY

–Not

| OUTSOURCING

incident

IF | Depth AUDIT,

protect

but

TAX,

AND

CONSULTING

response

WHEN response

your

“crown

policies

plan

wrong

with

these

ADVISORY

Injection of

| OUTSOURCING

tested

data

managed accessible

–It

| responded AUDIT, ‐

vulnerability is unknown TAX, for

AND

the

CONSULTING

vulnerabilities

website

vendor’s

that

access

responsibility,

was

read ‐ only

ADVISORY

local of

OUTSOURCING

access monitoring

data

rules

admin

| –CFO AUDIT,

unknown –

personal

TAX, allowed

AND

access

CONSULTING

on is

not

internal

any email

to (possibly

immune

work outbound

from

network

computer

PII, work

traffic PHI)

not

computer

ADVISORY

| OUTSOURCING | AUDIT, Questions?

TAX,

AND

CliftonLarsonAllen CliftonLarsonAllen

Jim Barton, CISA, PCI‐QSA, CCSFP Manager Information Security Services [email protected] 888‐529‐2648

CLAconnect.com

linkedin.com/company/ facebook.com/ twitter.com/CLAconnect cliftonlarsonallen cliftonlarsonallen • • • • • • Resources WEALTH users/ 40 id/1326960?_mc=sm_dr&hootPostID=ae3132b2e7b0a6b042f8fd08d2a9df55 ransomware utm_campaign=blogpost 2016/?utm_source=twitter&utm_medium=social&utm_content=ransomware%20damages& http://money.cnn.com/2016/04/04/technology/ransomware https://www.helpnetsecurity.com/2016/09/15/cyberattacks https://www.helpnetsecurity.com/2016/06/24/crypto https://www.theguardian.com/technology/2016/aug/03/ransomware http://www.darkreading.com/attacks https://www.herjavecgroup.com/ransomware ‐

of ADVISORY ‐ businesses

| OUTSOURCING ‐ attacks ‐ ‐ attacked | AUDIT, ‐ Impact /d/d

TAX, ‐

AND

CONSULTING ‐ breaches/education ‐ damages ‐ ransomware ‐ predicted ‐ now ‐ ‐ cost cybercrime/ ‐ suffers ‐ smbs ‐ 1 ‐ attacks ‐ billion ‐ threat ‐ ‐ the 86500/ ‐ ‐ ‐ most annually hit ‐ on ‐ 700000 ‐ ‐ the ‐ ‐ rise ‐ ‐ as ‐ 53 ©2016 CliftonLarsonAllen LLP Resources WEALTH Holiday – Blue – Health WellCare – University – Highmark – –Verizon Dun –

ADVISORY breach es_affect_nj_residents.html so 336m https://www.identityforce.com/blog/recent http://www.nj.com/news/index.ssf/2017/02/emails_credit_cards_biggest_data_breach Hotels https://www.identityforce.com/blog/recent Cellebrite, http://www.careersinfosecurity.com/sizing https://www.identityforce.com/blog/recent ‐ far

| & Shield, OUTSOURCING ‐ ‐

‐ files a Bradstreet ‐

at ‐ Inn Enterprise 9673 ‐

BlueCross

nearly ‐ of Little vulnerable/article/644419/ ‐

Quest

http://bankingjournal.aba.com/2017/04/holiday Central Breached – | AUDIT,

Red ‐ Plans 1200 ‐

Diagnotics,

Solutions, TAX, https://www.scmagazine.com/dun

BlueShield Door Florida,

AND

‐ Inc. hotels/

CONSULTING

Cancer of

Radiology Florida, eSa Health, MedStar

Madison

Services Delaware,

Verity Companies

Regional Square

of ‐

up Health ‐ ‐ ‐

data data data E East

‐ 21st

‐ Sports Garden, health

Center,

‐ ‐ ‐ Central breach breach breach ‐

Century

‐ Entertainment ‐ data bradstreet

Landry's

Neiman ‐ ‐ ‐

Indiana roundup roundup roundup ‐

breaches Oncology, ‐ inn

restaurants, Marcus, ‐ ‐ ‐ parent database ‐ ‐ ‐ january february march

‐ Association reported

Law ‐

‐ VTech confirms 2016

‐ Firms 2017 ‐ ‐ breached 2016

Yahoo, ‐ in ‐

‐

(ESEA), ‐ 2017 ‐ data

HEI ‐ ‐ ‐

ADVISORY

Kill | OUTSOURCING

Chain | AUDIT,

TAX,

AND ‐

CONSULTING Attack

ADVISORY

| OUTSOURCING

Critical | AUDIT,

TAX,

AND

CONSULTING