Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ransomware Readiness 101 - How prepared are you?

Presentation delivered to the Minnesota Counties Computer Cooperative (MNCCC) on February 5, 2020.

In this presentation, Evan Francen (CEO of SecurityStudio) outlines the current threat landscape for ransomware affecting state, county, and municipal government. He also takes the attendees through the free Ransomware Readiness Assessment, then closes with the key risk indicators.

  • Be the first to comment

Ransomware Readiness 101 - How prepared are you?

  1. 1. Ransomware Readiness 101 – How prepared are you? Preparing, detecting, and responding to ransomware in local government
  2. 2. Agenda - Format Solving our Information Security Language Problem
  3. 3. This is an interactive presentation. I want you to come away with something real, something tangible. Do THIS - Go download the Ransomware Readiness Assessment. https://wp.me/aaDXKz-xl We’re going to use this in a little bit… Housekeeping Item #1
  4. 4. IMPORTANT! Before I get started… • The World Health Organization states that over 800,000 people die every year due to suicide. Suicide is the second leading cause of death in 15-29-year-olds. • 5 percent of adults (18 or older) experience a mental illness in any one year • In the United States, almost half of adults (46.4 percent) will experience a mental illness during their lifetime. • In the United States, only 41 percent of the people who had a mental disorder in the past year received professional health care or other services. • https://www.mentalhealthhackers.org/resources-and-links/
  5. 5. ME: Evan Francen, CEO & Founder of FRSecure and SecurityStudio I do a lot of security stuff… • Co-inventor of SecurityStudio® (or S²), S²Score, S²Org, S²Vendor, S²Team, and S²Me • Made a little, simple, and free ransomware readiness assessment • 25+ years of “practical” information security experience (started as a Cisco Engineer in the early 90s) • Worked as CISO and vCISO for hundreds of companies. • Developed the FRSecure Mentor Program; six students in 2010, 532 last year, and more than 750 signed up already for this year. • Advised legal counsel in very public breaches (Target, Blue Cross/Blue Shield, etc.) How do we secure America? AKA: The “Truth” MANTRA: Information security isn’t about information or security as much as it is about people. Information security is ALWAYS about people.
  6. 6. UNSECURITY: Information Security Is Failing. Breaches Are Epidemic. How Can We Fix This Broken Industry? Published January, 2019 How do we secure America?
  7. 7. UNSECURITY: Information Security Is Failing. Breaches Are Epidemic. How Can We Fix This Broken Industry? Published January, 2019 How do we secure America? Russian friend. Chinese friend.
  8. 8. FREE STUFF #1 – Most relevant to today’s discussion. Go get your Ransomware Readiness Assessment - https://wp.me/aaDXKz-xl #2 – Go get your free S²Org information security risk assessment – https://securitystudio.com/ #3 – Go get your free S²Me personal information security risk assessment – https://s2me.io #4 – Sign up for the FRSecure CISSP Mentor Program – https://frsecure.com/cissp-mentor-program/ All free, in exchange for feedback and participation.
  9. 9. Ransomware – How Bad Is It?
  10. 10. Ransomware – How Bad Is It? It’s pretty bad.
  11. 11. Ransomware – How Bad Is It? It’s pretty bad. • Everybody knows about Baltimore right? ~$18MM
  12. 12. Ransomware – How Bad Is It? It’s pretty bad. • Everybody knows about Baltimore right? ~$18MM • Atlanta was almost as bad. ~$17MM
  13. 13. Ransomware – How Bad Is It? It’s pretty bad. • Everybody knows about Baltimore right? ~$18MM • Atlanta was almost as bad. ~$17MM • New Orleans? ~7MM
  14. 14. Ransomware – How Bad Is It? It’s pretty bad. • Everybody knows about Baltimore right? ~$18MM • Atlanta was almost as bad. ~$17MM • New Orleans? ~7MM • Riviera Beach (FL)? $600K (paid the ransom)
  15. 15. Ransomware – How Bad Is It? It’s pretty bad. • Everybody knows about Baltimore right? ~$18MM • Atlanta was almost as bad. ~$17MM • New Orleans? ~7MM • Riviera Beach (FL)? $600K (paid the ransom) • Lake City (FL)? $530K (paid the ransom)
  16. 16. Ransomware – How Bad Is It? It’s pretty bad. • Everybody knows about Baltimore right? ~$18MM • Atlanta was almost as bad. ~$17MM • New Orleans? ~7MM • Riviera Beach (FL)? $600K (paid the ransom) • Lake City (FL)? $530K (paid the ransom) • Tillamook County (OR)? Still down – attacked on 1/22
  17. 17. Ransomware – How Bad Is It? It’s pretty bad. • Everybody knows about Baltimore right? ~$18MM • Atlanta was almost as bad. ~$17MM • New Orleans? ~7MM • Riviera Beach (FL)? $600K (paid the ransom) • Lake City (FL)? $530K (paid the ransom) • Tillamook County (OR)? Still down – attacked on 1/22 • Duplin County (NC)? Still down – attacked 2/3
  18. 18. Ransomware – How Bad Is It? It’s pretty bad. • Everybody knows about Baltimore right? ~$18MM • Atlanta was almost as bad. ~$17MM • New Orleans? ~7MM • Riviera Beach (FL)? $600K (paid the ransom) • Lake City (FL)? $530K (paid the ransom) • Tillamook County (OR)? Still down – attacked on 1/22 • Duplin County (NC)? Still down – attacked 2/3 • Racine (WI)? Still down – attacked 1/31
  19. 19. Ransomware – How Bad Is It? It’s pretty bad. • Everybody knows about Baltimore right? ~$18MM • Atlanta was almost as bad. ~$17MM • New Orleans? ~7MM • Riviera Beach (FL)? $600K (paid the ransom) • Lake City (FL)? $530K (paid the ransom) • Tillamook County (OR)? Still down – attacked on 1/22 • Duplin County (NC)? Still down – attacked 2/3 • Racine (WI)? Still down – attacked 1/31 Most of them thought they were fine. Like you and me, I suppose.
  20. 20. Ransomware – How Bad Is It? It’s pretty bad. • Everybody knows about Baltimore right? ~$18MM • Atlanta was almost as bad. ~$17MM • New Orleans? ~7MM • Riviera Beach (FL)? $600K (paid the ransom) • Lake City (FL)? $530K (paid the ransom) • Tillamook County (OR)? Still down – attacked on 1/22 • Duplin County (NC)? Still down – attacked 2/3 • Racine (WI)? Still down – attacked 1/31 Most of them thought they were fine. Like you and me, I suppose. But, you’ve got “cyber” insurance right? So no big.
  21. 21. Ransomware – How Bad Is It? It’s pretty bad. • Everybody knows about Baltimore right? ~$18MM • Atlanta was almost as bad. ~$17MM • New Orleans? ~7MM • Riviera Beach (FL)? $600K (paid the ransom) • Lake City (FL)? $530K (paid the ransom) • Tillamook County (OR)? Still down – attacked on 1/22 • Duplin County (NC)? Still down – attacked 2/3 • Racine (WI)? Still down – attacked 1/31 Most of them thought they were fine. Like you and me, I suppose. But, you’ve got “cyber” insurance right? So no big.
  22. 22. Ransomware – How Bad Is It? It’s pretty bad.
  23. 23. Ransomware – How Bad Is It? It’s pretty bad. • In the 4th quarter of 2019, FRSecure responded to 19 incidents, and most of them were ransomware.
  24. 24. Ransomware – How Bad Is It? It’s pretty bad. • In the 4th quarter of 2019, FRSecure responded to 19 incidents, and most of them were ransomware. • And are you ready for the next thing?
  25. 25. Ransomware – How Bad Is It? It’s pretty bad. • In the 4th quarter of 2019, FRSecure responded to 19 incidents, and most of them were ransomware. • And are you ready for the next thing?
  26. 26. Ransomware – How Bad Is It? It’s pretty bad. • In the 4th quarter of 2019, FRSecure responded to 19 incidents, and most of them were ransomware. • And are you ready for the next thing? The next thing(s) are combination ransomware/extortion attacks.
  27. 27. Ransomware – How Bad Is It? It’s pretty bad. Source: https://www.coveware.com/blog/2020/1/2 2/ransomware-costs-double-in-q4-as-ryuk- sodinokibi-proliferate OK, great. Now what?! Simple (sort of). Get ready.
  28. 28. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. • Originally created in 2017 • Nothing has changed. • Same attack vectors • Same preventative controls. • Same detective controls. • Same responsive controls. • Same corrective controls. • No matter what you do, you will not be able to prevent all bad things from happening. This is NOT the goal anyway. • The name of the game is risk management (possible) and NOT risk elimination (impossible). • Assess the problem before trying to fix the problem. Free and open source. Released under the Creative Commons License.
  29. 29. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best.
  30. 30. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Keyword “simply”.
  31. 31. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Keyword “simply”. Can’t manage what you can’t measure.
  32. 32. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Keyword “simply”. Can’t manage what you can’t measure. INCOMPLETE (until it’s not)
  33. 33. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Keyword “simply”. Can’t manage what you can’t measure. INCOMPLETE (until it’s not) Need a translation for the “normal” people
  34. 34. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Six tabs containing sections that correlate here.
  35. 35. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Six tabs containing sections that correlate here. Six Sections: 1. Clients 2. Storage 3. Practices 4. Antivirus 5. Network 6. Servers
  36. 36. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Client Systems
  37. 37. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Client Systems Key Risk Indicators are red.
  38. 38. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Client Systems Key Risk Indicators are red. Just answer “Yes” or “No” (25 questions)
  39. 39. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. After all questions are answered, a score is calculated.
  40. 40. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. After all questions are answered, a score is calculated. If you don’t know the answers, then this is a great education tool. You should know.
  41. 41. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Back on the dashboard, scores have been updated.
  42. 42. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Storage
  43. 43. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. StorageOnly seven questions here!
  44. 44. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Same thing. Score after ?s are answered and an updated dashboard.
  45. 45. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. 10 questions about “Practices”.
  46. 46. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. 10 questions about “Antivirus”.
  47. 47. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. 13 questions about the “Network”.
  48. 48. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Finally, nine “Server” questions.
  49. 49. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. FINAL RESULTS?! Back to the Dashboard.
  50. 50. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. FINAL RESULTS?! Back to the Dashboard.
  51. 51. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. FINAL RESULTS?! Back to the Dashboard. I was sort of hoping for better than “Poor”. Give me hope and a dollar, and I’ve got a dollar. Need action too!
  52. 52. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Quick recap of KRIs. 1. Stay up to date with all software (OS, applications, etc.). 2. Do backups, protect your backups, and (PLEASE) test your backups often. 3. Establish solid incident response capabilities (policy, procedures, training, testing, etc.). 4. Default deny is your friend. 5. Restrict permissions/privileges everywhere. Someday, you’re going to have to get your hands around this.
  53. 53. WISDOM: Plan for the worst, hope for the best. Quick recap of KRIs. 1. Stay up to date with all software (OS, applications, etc.). 2. Do backups, protect your backups, and (PLEASE) test your backups often. 3. Establish solid incident response capabilities (policy, procedures, training, testing, etc.). 4. Default deny is your friend. 5. Restrict permissions/privileges everywhere. Someday, you’re going to have to get your hands around this. The Ransomware Readiness Assessment This won’t get your files or systems back.
  54. 54. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Quick recap of KRIs. 1. Stay up to date with all software (OS, applications, etc.). 2. Do backups, protect your backups, and (PLEASE) test your backups often. 3. Establish solid incident response capabilities (policy, procedures, training, testing, etc.). 4. Default deny is your friend. 5. Restrict permissions/privileges everywhere. Someday, you’re going to have to get your hands around this. This won’t get your files or systems back. But this will.
  55. 55. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Quick recap of KRIs. 1. Stay up to date with all software (OS, applications, etc.). 2. Do backups, protect your backups, and (PLEASE) test your backups often. 3. Establish solid incident response capabilities (policy, procedures, training, testing, etc.). 4. Default deny is your friend. 5. Restrict permissions/privileges everywhere. Someday, you’re going to have to get your hands around this. Multi-factor authentication, especially for (or starting with) externally accessible systems. There are ZERO acceptable reasons for not protecting external resources with MFA. ZERO as in NONE or NO or NADA or NIL or ZILCH.
  56. 56. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Takeaways… 1. Don’t just rely on experience or “gut” feel. 2. Plan for a ransomware attack. It’s more likely than you think. 3. The Ransomware Readiness Assessment is just a guide. 4. The Ransomware Readiness Assessment is a learning tool for you, your colleagues, and others. 5. Don’t assume anything. (empty spaces always get filled) That’s it.
  57. 57. The Ransomware Readiness Assessment WISDOM: Plan for the worst, hope for the best. Thank you! Where you can find me… Personal Website: https://evanfrancen.com UNSECURITY Podcast (weekly) Twitter: @evanfrancen LinkedIn: https://www.linkedin.com/in/evanfrancen/

×