This presentation from Cal Net Tech Talk’s Vulnerability Management 101 Webinar -: 10 Essential Rules to Help Prevent Cyberattacks covers 10 Golden rules that every business must consider in order to protect data assets, employees and brand from cybercriminals.
Learn about current trends and the critical considerations to make when investing in your cybersecurity strategy. Cal Net Technology Group will highlight proven methodologies to help you detect, prevent and respond to cybersecurity events, in this must see presentation.
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent Cyberattacks
1. Protecting yournetwork, defending your
data.
Vulnerability Management 101:
10 Essential Rules to Help
Prevent Cyberattacks
Cal NetTechnology Group
Southern California’s Premier IT Service Provider
2. CYBERCRIME TRENDS & TARGETS
IT Security Budget & Level of Protection
ValueofExploitableAssets Enterprise
Small Business
Cybercriminal Sweet SpotMid-size Business
3. Data/Service Price Range
Credit Card # & CVV $4-$8 (US)
$7-$13 (UK/Australia/Canada)
$15-$18 (EU/Asia)
Credit Card including track data $12 (US)
$19-$20 (UK/Australia/Canada)
$28 (EU/Asia)
Fullz (identity and financial info) $25 (US)
$30-$40 (UK/Australia/Canada/EU/Asia)
Bank Account $70K-$150K < $300
Electronic Health Record (partial) $50
Infected Computers (1,000 – 15,000) $20 - $250
THE VALUE OF STOLEN DATA
4. 205 days is the average amount of time organizations
had been compromised before they knew it
– FireEye/Mandiant - 2015
5. The average cost for detection and escalation only subsequent
to a security breach is approximately $417,700*
- Ponemon Institute & IBM 2015 – Cost of Data Breach Report
* Cost does not include:Average Total Cost of Data Breach $3.8 Million
Loss of business
(Brand)
Remediation and
mitigation costs
Notification
Identity Protection
6. THE 10 GOLDEN RULES OF
CYBERSECURITY
Pardon me, but your vulnerability is showing.
Rule #1 Perform regular Internal and External
Vulnerability Scans.
7. 99.9%
OF THE EXPLOITED
VULNERABILITIES
WERE COMPROMISED
MORE THAN A YEAR
AFTER THE CVE
WAS PUBLISHED.
About half of the CVEs
exploited in 2014 went
from publish to pwn in
less than a month.
VERIZON 2015 DATA BREACH
INVESTIGATIONS REPORT
Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE
Identifiers) for publicly known cybersecurity vulnerabilities.
8. THE 10 GOLDEN RULES OF
CYBERSECURITY
“There are only two types of companies: those that have
been hacked and those that will be.”
-Robert Mueller, FBI Director
Rule #2 Have an Incident Response Plan tested and ready
9. INCIDENT RESPONSE PLAN
Defines Guidelines for Communications:
How to protect communications around
an incident to both employees and the
public.
Defines Regulatory Thresholds,
Notification Requirements and
Compliance Considerations.
Provides a clear path for categorization
and appropriate actions to mitigate
exposure.
10. THE 10 GOLDEN RULES OF
CYBERSECURITY
“The time to repair the roof is when the sun is shining”.
- JFK
Rule #3 Integrate a Vulnerability Management strategy
into your Enterprise Patch Management Program.
14. THE 10 GOLDEN RULES OF
CYBERSECURITY
Ignorance is not bliss.
Rule #5 Use Security Information Event Management
(SIEM) tools to provide visibility into your enterprise.
15. SECURITY INFORMATION EVENT
MANAGEMENT (SIEM)
Centralize Security
Logs
Correlate Security
Events Alerts
Automate
Compliance
Performance,
Change and
Availability
Monitoring
Detect Botnets and
Malware
Risk Prioritization
Uncover your
attack surface
Powerful
Dashboards,
Reporting and
Alerting
16. THE 10 GOLDEN RULES OF
CYBERSECURITY
The check is in the mail.
Rule #6 Cyber Liability Insurance is a must have, but
there are rules of engagement for it to be effective.
17. CYBER INSURANCE
1.Make sure your policy limits and sublimits are adequate
2.Request "retroactive" coverage for prior, unknown breaches
3.Watch out for "panel" and "prior consent" provisions that purport to tie your hands
in responding to a breach
4.Get coverage for claims resulting from your data vendors' errors and omissions,
not just your own
5.If you handle data for others, make sure your liability to them is covered too
6.Seek coverage for "loss" of data, not just data theft
18. THE 10 GOLDEN RULES OF
CYBERSECURITY
Fool me once, shame on unencrypted data.
Rule #7 Encryption, Encryption, Encryption and more
Encryption.
19. THE 10 GOLDEN RULES OF
CYBERSECURITY
One Ransomware incident with your data is worth 10 DNS
filters in your network.
Rule #8 Ensure you are using DNS Malware Protection in
your overall defense-in-depth strategy.
20. RANSOMWARE
Cisco’s analysis of malware
validated as “known bad”
found that the majority of
that malware—91.3
percent—use the Domain
Name Service in one of
these three ways:
- To gain command and
control
- To exfiltrate data
- To redirect traffic
21. THE 10 GOLDEN RULES OF
CYBERSECURITY
Mama always said “untrained is as untrained does”.
Rule #9 Leverage effective and ongoing Security
Education and Awareness Training.
22. THE 10 GOLDEN RULES OF
CYBERSECURITY
You don’t have to be a security expert to have a secure
network.
Rule #10 Ensure you have the right skillsets for your
Detective, Preventative and Response Security Strategy.
Outsource to an expert when appropriate.
23. OVERVIEW
Cal NetTechnology Group (CNTG)
Headquartered in Los Angeles
Full Spectrum of IT service capabilities
Consistent IT competency and
loyalty through employee membership
ITIL based servicing framework adoption
SLA and run-book based management
20Years of IT Experience – Service First!
Strategic, planning, IT to business alignment
and IT governance services
Acquisition and disposition of physical and
virtual assets
Transitioning services
Unified communications,carrier management,
desktop, servers, storage, network and backup
expertise
Hosting, virtualization, disaster recovery,
security and governance offerings
Business process capabilities Including help
desk, ticket management and service
automation
Full Lifecycle of IT Requirements
01
24. C o n t a c t U s
( 8 6 6 ) 9 9 9 - 2 6 3 8
w w w . c a l n e t t e c h . c o m
Matt Lindley - Director of Security Services - Cal Net Technology
(e) mlindley@calnettech.com
(p) (818) 721-4474
Interested in scheduling a FREE
Security Assessment?