Cybercriminals - One of the fastest growing threats for your business, they are well funded, organized and adapting quickly in effective and targeted attacks on small and med-sized businesses. This presentation from Cal Net Tech Talk’s Vulnerability Management 101 Webinar -: 10 Essential Rules to Help Prevent Cyberattacks covers 10 Golden rules that every business must consider in order to protect data assets, employees and brand from cybercriminals.

1. Protecting yournetwork, defending your
data.
Vulnerability Management 101:
10 Essential Rules to Help
Prevent Cyberattacks
Cal NetTechnology Group
Southern California’s Premier IT Service Provider

2. CYBERCRIME TRENDS & TARGETS
IT Security Budget & Level of Protection
ValueofExploitableAssets Enterprise
Small Business
Cybercriminal Sweet SpotMid-size Business

3. Data/Service Price Range
Credit Card # & CVV $4-$8 (US)
$7-$13 (UK/Australia/Canada)
$15-$18 (EU/Asia)
Credit Card including track data $12 (US)
$19-$20 (UK/Australia/Canada)
$28 (EU/Asia)
Fullz (identity and financial info) $25 (US)
$30-$40 (UK/Australia/Canada/EU/Asia)
Bank Account $70K-$150K < $300
Electronic Health Record (partial) $50
Infected Computers (1,000 – 15,000) $20 - $250
THE VALUE OF STOLEN DATA

4. 205 days is the average amount of time organizations
had been compromised before they knew it
– FireEye/Mandiant - 2015

5. The average cost for detection and escalation only subsequent
to a security breach is approximately $417,700*
- Ponemon Institute & IBM 2015 – Cost of Data Breach Report
* Cost does not include:Average Total Cost of Data Breach $3.8 Million
Loss of business
(Brand)
Remediation and
mitigation costs
Notification
Identity Protection

6. THE 10 GOLDEN RULES OF
CYBERSECURITY
Pardon me, but your vulnerability is showing.
Rule #1 Perform regular Internal and External
Vulnerability Scans.

7. 99.9%
OF THE EXPLOITED
VULNERABILITIES
WERE COMPROMISED
MORE THAN A YEAR
AFTER THE CVE
WAS PUBLISHED.
About half of the CVEs
exploited in 2014 went
from publish to pwn in
less than a month.
VERIZON 2015 DATA BREACH
INVESTIGATIONS REPORT
Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE
Identifiers) for publicly known cybersecurity vulnerabilities.

8. THE 10 GOLDEN RULES OF
CYBERSECURITY
“There are only two types of companies: those that have
been hacked and those that will be.”
-Robert Mueller, FBI Director
Rule #2 Have an Incident Response Plan tested and ready

9. INCIDENT RESPONSE PLAN
Defines Guidelines for Communications:
How to protect communications around
an incident to both employees and the
public.
Defines Regulatory Thresholds,
Notification Requirements and
Compliance Considerations.
Provides a clear path for categorization
and appropriate actions to mitigate
exposure.

10. THE 10 GOLDEN RULES OF
CYBERSECURITY
“The time to repair the roof is when the sun is shining”.
- JFK
Rule #3 Integrate a Vulnerability Management strategy
into your Enterprise Patch Management Program.

11. 1) Discover
2) Prioritize
3) Assess Risk
4) Report
5) Remediate
6) Rescan
7) Trending & Metrics
VULNERABILITY MANAGEMENT
LIFECYCLE

12. THE 10 GOLDEN RULES OF
CYBERSECURITY
Your Firewall alone is like bringing a knife to a gunfight.
Rule #4 Focus on a Defense-in-depth strategy.

13. DEFENSE IN DEPTH

14. THE 10 GOLDEN RULES OF
CYBERSECURITY
Ignorance is not bliss.
Rule #5 Use Security Information Event Management
(SIEM) tools to provide visibility into your enterprise.

15. SECURITY INFORMATION EVENT
MANAGEMENT (SIEM)
 Centralize Security
Logs
 Correlate Security
Events  Alerts
 Automate
Compliance
 Performance,
Change and
Availability
Monitoring
 Detect Botnets and
Malware
 Risk Prioritization
 Uncover your
attack surface
 Powerful
Dashboards,
Reporting and
Alerting

16. THE 10 GOLDEN RULES OF
CYBERSECURITY
The check is in the mail.
Rule #6 Cyber Liability Insurance is a must have, but
there are rules of engagement for it to be effective.

17. CYBER INSURANCE
1.Make sure your policy limits and sublimits are adequate
2.Request "retroactive" coverage for prior, unknown breaches
3.Watch out for "panel" and "prior consent" provisions that purport to tie your hands
in responding to a breach
4.Get coverage for claims resulting from your data vendors' errors and omissions,
not just your own
5.If you handle data for others, make sure your liability to them is covered too
6.Seek coverage for "loss" of data, not just data theft

18. THE 10 GOLDEN RULES OF
CYBERSECURITY
Fool me once, shame on unencrypted data.
Rule #7 Encryption, Encryption, Encryption and more
Encryption.

19. THE 10 GOLDEN RULES OF
CYBERSECURITY
One Ransomware incident with your data is worth 10 DNS
filters in your network.
Rule #8 Ensure you are using DNS Malware Protection in
your overall defense-in-depth strategy.

20. RANSOMWARE
Cisco’s analysis of malware
validated as “known bad”
found that the majority of
that malware—91.3
percent—use the Domain
Name Service in one of
these three ways:
- To gain command and
control
- To exfiltrate data
- To redirect traffic

21. THE 10 GOLDEN RULES OF
CYBERSECURITY
Mama always said “untrained is as untrained does”.
Rule #9 Leverage effective and ongoing Security
Education and Awareness Training.

22. THE 10 GOLDEN RULES OF
CYBERSECURITY
You don’t have to be a security expert to have a secure
network.
Rule #10 Ensure you have the right skillsets for your
Detective, Preventative and Response Security Strategy.
Outsource to an expert when appropriate.

23. OVERVIEW
Cal NetTechnology Group (CNTG)
 Headquartered in Los Angeles
 Full Spectrum of IT service capabilities
 Consistent IT competency and
loyalty through employee membership
 ITIL based servicing framework adoption
 SLA and run-book based management
20Years of IT Experience – Service First!
 Strategic, planning, IT to business alignment
and IT governance services
 Acquisition and disposition of physical and
virtual assets
 Transitioning services
 Unified communications,carrier management,
desktop, servers, storage, network and backup
expertise
 Hosting, virtualization, disaster recovery,
security and governance offerings
 Business process capabilities Including help
desk, ticket management and service
automation
Full Lifecycle of IT Requirements
01

24. C o n t a c t U s
( 8 6 6 ) 9 9 9 - 2 6 3 8
w w w . c a l n e t t e c h . c o m
Matt Lindley - Director of Security Services - Cal Net Technology
(e) mlindley@calnettech.com
(p) (818) 721-4474
Interested in scheduling a FREE
Security Assessment?

25. THANKYOU!
CAL NET
TECHNOLOGY GROUP