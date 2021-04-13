Successfully reported this slideshow.
UNDER ATTACK: Preparing your Company in the Age of the Hacker! April 8, 2021 | C-Suite Snacks Webinar Series
Welcome & Introduction MICHAEL CAMACHO, CPA, CIA Partner, Technology, Risk Advisory & Cybersecurity (TRAC) Practice Citrin...
AGENDA B r each Stats an d F acts 01 FAQs an d R eal -L i fe Exam pl es 02 B e Pr ep ar ed . B e Ver y Pr ep ar ed ! 03 Qu...
On the Brink: Age of the Hackers! “Cybercrime is the greatest threat to every company in the world.” -Ginni Rometty, IBM C...
Breach Stats – The Facts Global Average Cost per Breach: $3.86M Average Cost per Record Compromised: $146 43% of Cyber Att...
And the Threat Continues… Since COVID-19, the FBI reported a 300% increase in Cybercrimes (IMC Grupo) Remote workers have ...
Remote Workforce Stats 78% of CEOs agree remote collaboration is here to stay 86% of users have never updated their home r...
Once More into the Breach • Hackers are industry agnostic • COVID-19increased the likelihood of a data breach at a time wh...
Incidents/Breaches TRAC has been involved with by year: • Compared to 3 in 2017 and 2018 combined • 17 in 2019 • 19 in 202...
FAQ: Why Now? IMPACT OF COVID-19 • Focus switchedto remote workforce and ensuring connectivity and sustained operations ▪ ...
FAQ: How? •Accounts for morethan 80% of all reported incidents •Primarily driven by malwaredelivered by email •Increased s...
TRAC Experience - Cyber Threat Landscape Office 365 Exploit Morphs into an Internal Control Deficiency The Quiet Observer ...
STEP 1: UNDERSTAND THE DIFFERENCE BETWEEN A SECURITY INCIDENT AND A BREACH: • SECURITY INCIDENT: An event that leads to a ...
in the Hacker’s Playground Preparing Your Company STEP 2: PREPARE A PLAN FOR RESPONDING TO ALL SECURITY INCIDENTS: • Incid...
in the Hacker’s Playground STEP 3: PERIODICALLY TEST AND RE-EVALUATE YOUR PLAN • Ensure all team members understand the pl...
UNDERSTAND YOUR RISK BE PROACTIVE Where Do I Start?
UNDERSTAND YOUR RISK BE PROACTIVE Where Do I Start?
6 Vulnerability Management Services • Simulated “Bad-guy” • Testyour network and system controls beforethe Hackers do • Se...
CyberSecure EASE YOUR MIND WITH CYBERSECURE: • No cost incident response engagement letter with terms, conditions and rate...
Questions? MICHAEL CAMACHO, CPA, CIA Partner, Technology, Risk Advisory & Cybersecurity (TRAC) Practice Citrin Cooperman m...
Business
Apr. 13, 2021

It’s no secret that companies around the world are under attack. Prior to COVID-19, breach rates were on the rise, but now hackers have only become more aggressive in their attempt to steal or hijack your data to try to extort money and do irreparable harm to your company’s reputation.

In this C-Suite Snacks webinar, we covered how to combat these attacks by understanding the risks and preparing to respond.

Key Takeaways:
- An overview of the latest breach statistics and trends
- Knowledge on the methods hackers are using to infiltrate organizations
- Methods to prepare your organization for attack and response

  1. 1. UNDER ATTACK: Preparing your Company in the Age of the Hacker! April 8, 2021 | C-Suite Snacks Webinar Series
  2. 2. Welcome & Introduction MICHAEL CAMACHO, CPA, CIA Partner, Technology, Risk Advisory & Cybersecurity (TRAC) Practice Citrin Cooperman mcamacho@citrincooperman.com 401-742-0478
  3. 3. AGENDA B r each Stats an d F acts 01 FAQs an d R eal -L i fe Exam pl es 02 B e Pr ep ar ed . B e Ver y Pr ep ar ed ! 03 Qu esti o ns? 04
  4. 4. On the Brink: Age of the Hackers! “Cybercrime is the greatest threat to every company in the world.” -Ginni Rometty, IBM Chairman,President& CEO “77% of organizations do not have an incident response plan.” -Cybint
  5. 5. Breach Stats – The Facts Global Average Cost per Breach: $3.86M Average Cost per Record Compromised: $146 43% of Cyber Attacks Target Small Businesses 91% of Breaches are the Result of Phishing Attacks Average cost of a breach is 39.6% higher if a company is not prepared Average Days to Detect a Breach: 207 Average Days to Contain a Breach: 73 Sources: Ponemon Institute/IBM Cost of a Data Breach Report -2020 & Verizon 2020 Data Breach Investigation Report
  6. 6. And the Threat Continues… Since COVID-19, the FBI reported a 300% increase in Cybercrimes (IMC Grupo) Remote workers have caused a security breach in 20% of organizations (Malwarebytes) 9.7 Million healthcare records were compromised in September 2020 alone Data breaches in healthcare industry up 58% in 2020 Approximately $6 trillion is expected to be spent globally on cybersecurity by 2021 (Cybersecurity Ventures) Average ransomware payment rose 33% in 2020 over 2019, to $111,605 (Fintech News)
  7. 7. Remote Workforce Stats 78% of CEOs agree remote collaboration is here to stay 86% of users have never updated their home router’s firmware 20% of organizations have experienced a breach as a result of remote work 92% of all businesses store data in the cloud Average cost of downtime is $11,600 per minute
  8. 8. Once More into the Breach • Hackers are industry agnostic • COVID-19increased the likelihood of a data breach at a time when companies are ill- equipped to deal with the repercussions • WFH distractions combined with 18,000,000 spear-phishing emails per day is creating a perfectstorm • The recessioncreated by COVID-19makes it more difficultfor companies to recoverfrom an attack
  9. 9. Incidents/Breaches TRAC has been involved with by year: • Compared to 3 in 2017 and 2018 combined • 17 in 2019 • 19 in 2020 • 4 to date in 2021 Breaches are more sophisticated, on a large scale, and have greater impact Average business downtime during a breach: • One to two weeks (longest just over a month) Average cost of breach response: • Incident/breach response for small business range from $10,000 - $100,000+ • Exponentially higher for downtime, legal fees, tech expenditures, etc. TRAC Experience
  10. 10. FAQ: Why Now? IMPACT OF COVID-19 • Focus switchedto remote workforce and ensuring connectivity and sustained operations ▪ VPN networks setup “in a rush” to allow employeesto work from home – little enhancement since ▪ Vulnerabilities from the usage of unsecured personal computers and home networks ▪ A remote workforce can make it more difficultfor IT staff to monitor and contain threats ▪ Potential distractions increase likelihood of successfulspear-phishing and malware attacks ▪ Pandemic fatigue setting in with blurred lines between work and home • IT Departments Trading Security for Convenience ▪ Free pass on password security ▪ Increased use of mobile devices and IoT ▪ Privacy concerns (e.g., Family, Amazon Echo, Unsecured video conferencing,Ad hoc remote access) ▪ More focus on remote employeesreducing time for monitoring
  11. 11. FAQ: How? •Accounts for morethan 80% of all reported incidents •Primarily driven by malwaredelivered by email •Increased sophistication of attacks making them harder to identify •Employees aren’t sufficiently trained to identify Phishing •95% of all breaches aredue to human error •Increased useof mobile devices for business use, plus •1 in 36 mobile devices havehigh risk apps installed Human Error • Deficient security policies • Over 60% of companies have over 500 accounts with non-expiring password • Lack of log monitoring / detection controls Lack of Effective IT Policies and Monitoring
  12. 12. TRAC Experience - Cyber Threat Landscape Office 365 Exploit Morphs into an Internal Control Deficiency The Quiet Observer A Phishing Tale Seek and Destroy “I Can’t Believe I Clicked It …Again” The Weakest Link COMMON THEMES: • Almost all of the breaches were avoidable ▪ Log Reviews ▪ Automated Tools ▪ Employee Education
  13. 13. STEP 1: UNDERSTAND THE DIFFERENCE BETWEEN A SECURITY INCIDENT AND A BREACH: • SECURITY INCIDENT: An event that leads to a violation of an organization’s security policies and puts sensitive data at risk of exposure. • Examples: Malware infection, destructive attacks, loss or theft of equipment • DATA BREACH: A security incident that results in unauthorized access to data. in the Hacker’s Playground Preparing Your Company • Each event has differentrequirements • Important to understanddifferent definitions by industry and state
  14. 14. in the Hacker’s Playground Preparing Your Company STEP 2: PREPARE A PLAN FOR RESPONDING TO ALL SECURITY INCIDENTS: • Incident Identification & Response: ▪ Resources - Who do you contact first? ▪ Roles and Responsibilities ▪ Don’t forget third-party providers • Detection and Analysis • Containment, Eradication and Recovery • Incident/ Breach Communications • Remediation & Post Incident Activities • Plan should be comprehensive& inclusive • Plan should be tested
  15. 15. in the Hacker’s Playground STEP 3: PERIODICALLY TEST AND RE-EVALUATE YOUR PLAN • Ensure all team members understand the plan ▪ Approach and timing can make the difference between a successful and unsuccessful response • Perform table-top test of Incident Response Plan: ▪ An Untested Plan Can Lead to Unidentified Risks • Review plan annually ▪ Solutions that were good a year ago may no longer be viable Preparing Your Company
  16. 16. UNDERSTAND YOUR RISK BE PROACTIVE Where Do I Start?
  17. 17. UNDERSTAND YOUR RISK BE PROACTIVE Where Do I Start?
  18. 18. 6 Vulnerability Management Services • Simulated “Bad-guy” • Testyour network and system controls beforethe Hackers do • Search for vulnerabilities which can allow forpotential attack vectors (penetration testing and vulnerability assessments) • Average rate per hour: $150 - $300 • Incidentor breach response: ▪ Detection,forensics and analysis ▪ Containment, eradication and recovery ▪ Postincident remediation ▪ Average rate per hour: $350 - $500+
  19. 19. CyberSecure EASE YOUR MIND WITH CYBERSECURE: • No cost incident response engagement letter with terms, conditions and rates to expedite incident response times • 24/7/365 incident response team at your service • Discount on standard rates if paired with a SCORE Report, Penetration/Phishing Tests, or vCISO Services ▪ Being aware of your environment pre-incident will reduce response time
  20. 20. Questions? MICHAEL CAMACHO, CPA, CIA Partner, Technology, Risk Advisory & Cybersecurity (TRAC) Practice Citrin Cooperman mcamacho@citrincooperman.com 401-742-0478
  21. 21. Thank You F or W at c hi ng & Li s t eni ng UPCOMING C-SUITE SNACKS WEBINARS: CONTAINING COSTS AND WINNING THE TALENT WAR: BEST PRACTICES ON MANAGING EMPLOYEE BENEFITS April 15, 2021 | 12:00 PM ET/9:00 AM PT Featuring: Shaun Gagnon, Partner at Camlife REDUCING RISK AND COST IN THE GLOBAL SUPPLYCHAIN April 22, 2021 | 12:00 PM ET/9:00 AM PT Featuring: John Giordano, Partner, and Tom Cook, CEO of Blue Tiger International

