cybersecurity - You Are Being Targeted Business executive with high-level management and hands-on analytical skill sets and over 27 years of professional experience in technical solutions and service offering development and implementation, organizational strategies for efficiency, cost controls, and bottom-line profitability, multi-million dollar enterprise-wide client engagements, compliance with schedule, budget, and quality requirements, hiring and leadership of high-performance IT employees. Keyven Lewis, CMIT SOLUTIONS- Cybersecurity - You Are Being Targeted. An overview to help SMB owners understand the dynamics (exp. the who, the why, and the how) of cybersecurity as it relates to their business.

1. Cybersecurity: You Are Being Targeted
https://cmitsolutions.com/security-quiz

2. People
What role does your staff, contractors,
consultants, freelancers, and business
partners play? What about bad actors
within your ecosystem?
Understanding CybersecurityProtecting all aspects of your business
Policies Procedures
Technology
Do you have security policies? Are
these policies integrated with your
business workflows and behaviors? Do
you meet any regulatory requirements?
Procedures are where the rubber
meets the road. Policies have no
impact without procedures to make the
best intentions reality.
At the core of every business is the
technology infrastructure. Does your
technology support and integrate with
your people, policies, and procedures?
Are your protections proactive,
automatic, and responsive?
https://cmitsolutions.com/security-quiz

3. 3
Who is the Target?
https://cmitsolutions.com/security-quiz

4. 4
Small Business Targets
❯ “43% of targeted
attacks hit companies
with fewer than 250
employees.”- Symantec Internet
Security Threat Report 2016
❯ 99% of computer
users are vulnerable to
software
vulnerabilities –Heimdal Security
❯ “30% of recipients
now open phishing
messages and 12%
click on
attachments”
- Verizon 2016 Data Breach Investigations Report
https://cmitsolutions.com/security-quiz

5. 5
Can you afford a breach?
❯ 44% of small businesses reported being the victim
of a cyber attack – average cost $36,000 - SBA 2016 Survey
❯ 60% of small businesses attacked go out of
business in 6 months – U.S. Nat’l Cyber Security Alliance
https://cmitsolutions.com/security-quiz

6. Râmnicu Vâlcea, Romania
6
Wired Magazine “How a remote town in Romania has become Cybercrime Central”
#1 Industry:
Hacking
© 2017 CMIT Solutions
Empower the Staff. Defend the Network. Protect the Data.

7. 7
Steal Your Data
https://cmitsolutions.com/security-quiz

8. THE
THREAT
LANDSCAPE
8
❯ Phishing
❯ Ransomware / Malware
© 2017 CMIT Solutions
Empower the Staff. Defend the Network. Protect the Data.

9. Phishing

10. Targeted Attacks Start with Email
74%

11. Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M
(KrebsonSecurity, July 18,2018)
LifeLock Bug Exposed Millions of
Customer Email Addresses
(KrebsonSecurity, July 18, 2018)

12. Phishing
• A skillfully crafted email
• Designed to give up information
• From a seemingly credible source
• An urgent call to action
Email arrives provoking you to update
account information
You click on the link and enter credit
card info on the scam page
Hacker collects your info
Hacker sells or uses your info
maliciously

13. Spear Phishing

14. Spear phishing
Clara Thornhill
Clara Thornhill
Accounts Payable, Universal Imports
1d

15. Spear phishing
• Highly targeted phishing
• Research targets over time
• Time is on their side
• Social Engineering – attacking the
soft tissues that make up your cyber
and life profile
Email arrives provoking you to update
account information
You click on the link and enter credit
card info on the scam page
Hacker collects your info
Hacker sells or uses your info
maliciously
Research high-value target

16. Ransomware / Malware

17. 17
Hijack Your Data
https://cmitsolutions.com/security-quiz

18. 18
Buy Your Data Back for $200
According to the survey’s
other findings
(representing more than
1,000 IT service providers),
the average ransom
demanded ranges between
$500 and $2,000
Datto (2016)
https://cmitsolutions.com/security-quiz

19. Malicious Software: Ransomware
Ransomware Freezes
Police Evidence
The police department in
Cockrell Hill, which is about
eight miles from downtown
Dallas, didn't pay the $4,000
ransom, which was requested
in the virtual currency bitcoin.
Los Angeles college pays
ransom demand
Los Angeles Valley College in
Valley Glen said it paid $28,000
in bitcoins to the hackers, who
had used malicious software to
commandeer a variety of
systems, including key
computers and emails.
19
© 2017 CMIT Solutions
Empower the Staff. Defend the Network. Protect the Data.

20. Appendix

21. Are SMBs Prepared to Mitigate Cybersecurity
Risks?
Today, many small- and medium-sized businesses (SMBs) are ill-prepared when it comes to cybersecurity, due to the
growing sophistication of cyber threats and lack of in-house expertise. The chart below shows the rated effectiveness of the
surveyed organizations' ability to mitigate risks, vulnerabilities and attacks against their businesses.
November 10, 2017

22. Are Outdated Browsers Leaving Businesses Vulnerable?
Running unpatched browsers leaves your network vulnerable to exploits and other malicious schemes that could expose or
compromise company data. The chart below breaks down commonly-used browsers by the percentage of users running outdated
versions of each.
November 4, 2016

23. Is the IT Security Gap a Threat to SMBs?
With lean IT staffs, many small- and medium-sized businesses (SMBs) lack the resources and expertise to manage complex
security infrastructures. While threats to security are proliferating, these organizations aren’t taking the proper precautions to
protect themselves and their networks. The data below shows the gap between the level of concern and the level of protection
for given IT security issues.
November 10, 2017

24. Which Vertical Has the Highest Cost of
Security?Not all data is created equal. While cyber criminals will go after any sensitive information they can get, some industries
come at a higher price tag. Below are the average costs of a data breach per stolen record in 2017, compared to the
four-year average for the respective vertical.

25. What Is the Cost of IT Downtime?
Downtime is an expected yet expensive risk of doing business today. Without the ability to maintain or restore business
operations, it could result in direct losses in productivity and revenue. Below is what businesses claim to be the cost of an
IT downtime incident.

26. The Financial Consequence of a Cyber Attack is
Worsening
The global average cost of cyber crime has seen a steady increase over the past five years, with a significant increase
in the last two years. This trend will likely continue, but businesses can look to invest in managed security services to
mitigate the risks of cyber attack and avoid the increasing financial consequences.
February 9, 2018

27. The Steep Cost of Poor IT Security
Without the proper security tools in place, businesses are at severe risk of falling victim to cyber attack. In fact, the average
total cost of a successful attack is $5,010,600. Below shows the breakdown of all the costs that factor into this high number.
$1,252,650
$1,503,180
$1,152,438$501,060
$400,848
$200,424
System Downtime
IT and End User Productivity Loss
Theft of Information Assets
Damage to Infrastructure
Reputational Damage
Lawsuits, Fines and Regulatory Actions
$5,010,600
Source: Ponemon Institute, The 2017 State of Endpoint Security Risk Report

28. How Dwell Time Can Impact Profitability
Without threat monitoring and detection capabilities, businesses are subject to dwell time that could result in a successful and
costly cyber attack. Below shows the relationship between mean time to identify (MTTI), mean time to contain (MTTC), and the
total average cost of a security incident measured in US$ (millions).