In recent years, there has been a significant number of cyberattacks resulting in massive business disruptions. In this regard, many organizations are hiring ethical hacking groups to help prevent future attacks. Amongst others, the webinar covers: • 2021 Cyber-incidents • 2021 Black swans • Ransomware vNext • IoT - internet of things • Cyber security insurance evolution • Cyber best practices & frameworks • The 2022 black swans Presenter: Our first presenter for this webinar is Peter Geelen, director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Our second presenter is Erwin AM Geirnaert, Co-founder and Chief Application Security Architect at Shift Left Security, a Belgian cybersecurity start-up specialized in securing start-ups, scale ups and SMBs against malicious cybercriminals. Erwin is a specialist in mobile security, J2EE security .NET security, API Security and web services security. Erwin has more than 20 years’ experience in executing security tests aka penetration testing of web applications, mobile apps, APIs and thick client applications. He is also a recognized application security expert and speaker at international events like Javapolis, LSEC, OWASP, Eurostar, Infosecurity, etc. ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/ZHQQ1yJX2uU Website link: https://pecb.com/

1. Opening slide to
replace

2. • Rewatch 2021… and learn.
• Cyber agenda 2022: attention areas
• Ransomware vNext
• Geopolitics
• IoT
• Legislation
• What can you do?
• Q & A
Agenda

3. Where to start?
Check back on 2021…
to predict what 2022 will bring.

4. Major incidents & Zero Day bugs
• Solarwinds (jan 2021)
• Microsoft Exchange (mar 2021)
• Print Nightmare
• Kaseya Virtual System Admin (jul 2021)
• Log4J (dec 2021)
Global victims
• Colonial Pipeline, Florida water Utility, T-Mobile (jan), California DMV, JBS, California
state, Facebook Data leak, Bombardier, Channel 9 (AU), Kronos, …
• + other Supply chain attacks
Ransomware groups disappear, resurface and get caught…
• REvil (latest news 14/jan/2022)
2021 Cyber-incidents - What do you remember?

5. 2021 Black swans
Unpredicted, high impact

6. Major incidents & Zero Day bugs
• Solarwinds ( jan 2021)
• Microsoft Exchange (mar 2021)
• Log4J (dec 2021)
2021 Black swans

7. Cyberagenda 2022
What to expect?

8. Increasing maturity & impact
• Level 1: encryption to force payment
• Level 2: Steal data first and threat with data leakage
• Level 3: DDOS attack (to entirely block internet access of victim)
• Level 4: blackmail with extracted (sensitive) company data
How will Ransomware vNext evolve, some indications…
• Level 5: publish data samples, leak sample data and encrypt,
• Note more aggressive ransom
• Level vNext: data destruction, encryption with unrecoverable keys
Ransomware vNext

9. RaaS - Ransom as a service
• Faster
• More frequent (if not continuous)
• More targeted
Ransom & data leakages
• Data leakage = leverage of power to get the money
• Not always prime target
• Trend to more destructive attacks
Ransomware vNext

10. Whether presidents or prime-ministers stay or go…
Cyber precedes war, even in sports
• Past & upcoming Elections (US, FR, UK, EU, …)
• Eastern-Europe / Western-Russia
• Olympics in China
Cyberattacks precede war, even in sports
• Less visible
• Difficult to attribute
• Major destabilization helps physical war
Geopolitics - don't mention the war
Check the new
25/jan/2022
(DDOS, ...)

11. New malware
Background
• Destructive malware targeting Ukrainian organizations
• CVE-2021-32648
• octobercms in a CMS platform based on the Laravel PHP Framework
• Specific range of Ips
• Linked to NotPetya…
Attack
• MBR destruction (Master boot record)
• File corrupter malware
• Difficult to repair
Whispergate

12. New malware
How to protect (more on this later in presentation)
• Increase detection capability
• Protect critical assets
• Credential protection (MFA, …)
• Identification & authentication best practices
• Egress (outgoing traffic) restrictions
• Lateral movement protection
Whispergate

13. Everything connected to internet,.. but security has not been priority in design.
Increasing use of internet connected devices
• Smart watches
• Home devices
• Toys
• Industrial devices
• SCADA (Supervisory control and data acquisition)
• ICS (Industrial Control systems)
• IIoT (industrial Internet of things)
• Health care
Impact?
• Ask the hacked hospital, the pipeline company, or water supply companies…
IoT - internet of things

14. If you think that hackers keep out of this essential business… think again. Hackers kill people.
During Covid we have (had) attacks on
• Hospitals
• Health care facilities
• Heath data facilities
• Government, Red Cross, …
What about ethical guidelines?
• Ransomware is a money business
• Critical imbalance between hackers & defenders
Health care

15. Can you still buy insurance for your cyberthreats?
Increasing pressure on cybersecurity insurance
• Insurance principles do not apply to cybercrime
• High cost, no counter part to recover claims
• Doesn't work like liability, car insurance…
Insurance vs accountability
• Major issue with negligence (not implementing a management system)
• Insurance broker are closing down their
• acceptance conditions
• Claims conditions
Cyber security insurance evolution

16. Can you still buy insurance for your cyberthreats?
Increasing legal pressure on cybersecurity insurance
• Can you allow out-of-jail card for ransom?
• Pay or not to pay, that's the questions
• Paying ransom maintains the dirty business
• Not paying ransom kills the enterprises & social structure
Cyber security insurance evolution

17. Upcoming changes in legislations to help mitigating the cyber issues
Changing legislations
• EU NIS directive
• Cyberprotection of critical & public infrastructure
• EU NIS2 directive
• NIS vNext (on the drawing table)
• EU CyberAct
• Cybersecurity certification framework
• Products, services, people.
• But also
• Data protection & privacy
• Direct relation to cybersecurity
Legislation

18. Upcoming changes in frameworks to stay up to date with new trends
Updates in cybersecurity & info security frameworks
• ISO27002 (& ISO27001)
• ISO27100 series (Cybersecurity)
• NIST cybersecurity framework
• CIS controls updates
• …
Cyber best practices & frameworks

19. What about the 2022 Black swans?
(Just a rhetorical question…)

20. You never know what's coming…
Be prepared for the unexpected
• Be informed
• Have a plan for the worst case scenario
• Exercise recovery
• Keep talking… keep communications open.
The 2022 black swans

21. What can you do?
Some important hints & tips to stay secure

22. Keep your infrastructure up to date to the latest version
Make sure to update
• Operating systems
• Security patches
• Applications
• Networks, network devices & network zones
• Backend, middleware and front end
• Data
• Your accounts
• Your admin accounts
• … end users
(and anything else we forgot in the way of attack…)
Use the latest versions

23. Stay on top of your security vulnerabilities
Implement a patching & maintenance system
• Keep an eye on incident reports
• Keep an eye on vendors
• Keep an eye on ZeroDay bug reports
• Download patches asap
• Test asap
• Check feedback in community
• Patch immediately
Patch, patch, patch

24. Impact of (not) patching
Patching security patches is paramount
• The impact of not patching is worse than breaking your system with a security
patch
Patch, patch, patch

25. Layered Defense - Defense in depth
Credits: http://pboilandgasmagazine.com/the-shifting-dynamics-of-cyber-security/

26. … before someone else does, uninvited
Protection needs to cover everything
• Every layer
• From internet to internal data
• Incl. unpredictable human behaviour & curiosity (phishing)
A hacker only needs 1 hole
• Continuous probing
• ZeroDays
• Insider threats
• Curiosity kills the cat, you only need 1 click
Hack yourself

27. … keep up to speed with the current state of cybersecurity
Security awareness
• Keep track of current state of cybersecurity
• Track trends
Training
• All layers of your company
• Continuous training
Company culture
• Support people
• Lead by example
Awareness, training & security culture

30. Make sure you know it first
Policy
• how to report issues
• How to respond
• Communication plan
Audience
• Internal & external
• Employees, contractors, customers
• 3rd party
Processes & procedures
• Know how to respond
• Follow up
• Award proactive behavior
Responsible disclosure

31. Have a healthy backup & a validate the restore
Backup
• Make sure to have a backup of all your company data
• Think about your cloud data
• Have 3 versions
• Online, production data
• Backup data
• Offline backup data
Restore
• Test, test, test!
• Consider breached (plan recovery of infected backups)
Business continuity & disaster recovery

32. Keep talking, keep your audience informed (not too much, not too little)
Policy
• Keep track of current state of cybersecurity
• Track trends
Audience
• Internal & external
• Employees, contractors, customers
• 3rd party
Processes & procedures
• Know how to respond
• Follow up
• Award proactive behavior
Crisis communication

33. References
Interesting information sources

34. Reference material
See Linkedin page:
https://www.linkedin.com/pulse/pecb-event-collaterals-ethical-
hacking-cybersecurity-key-geelen
https://pecb.com/en/education-and-certification-for-
individuals/ethical-hacking/lead-ethical-hacker

35. Ramping up…
Relevant PECB Training courses

36. Relevant Training
Information Security
• PECB ISO 27001 LI
• PECB ISO 27001 LA
• PECB ISO 27002 LM
CyberSecurity
• PECB ISO 27032 LI
CyberSecurity
• PECB Lead Cloud security Manager

37. Relevant Training
Lead Ethical Hacker
• PECB Certified Lead Ethical Hacker
CMMC
• Cybersecurity Maturity Model Certification

38. Other Relevant Training
Incident Management
• PECB ISO 27035 LI
Risk Management
• PECB ISO 27005 LI

39. ISO/IEC 27701
Training Courses
• ISO/IEC 27701 Foundation
2 Day Course
• ISO/IEC 27701 Lead Implementer
5Days Course
Exam and certification fees are included in the training price.
https://pecb.com/en/education-and-certification-for-individuals/iso-
27701
www.pecb.com/events

40. THANK YOU
Q&A
info@cyberminute.com CyberMinute
erwin@shiftleftsecurity.eu Shift Left Security