95% of cybersecurity breaches are due to human error. That’s what Cybint’s facts and stats article shows.
Seeing this high percentage of risk that might lead to greater loss, organizations should be well aware of their processes and procedures in place. Decisive for avoiding breaches is that everyone in the organization is able to understand and detect potential threats beforehand and react in a quick and effective way.
The webinar will cover:
• The most recent attacks such as the supply chain attacks
• Trends, and statistics
• The impacts of the pandemic on cybersecurity landscapes, closing the gaps on remote workforce security,
• How to improve your organization’s cybersecurity posture by asking the right questions and implementing a tiered approach
Recorded Webinar: https://youtu.be/Q5_2rYjAE8E
2. All Rights Reserved | Page 2
Presenters
Hardeep Mehrotara
Manager of IT Security DevSecOps
Coast Capital Federal Credit Union
Director, Security and Privacy Risk
RSM Canada
Seyed Hejazi
3. All Rights Reserved | Page 3
Presentation agenda
1. What is happening in the wild?
⁻ Notable events
⁻ Demystifying SolarWinds attack
2. Growing attack trends in the Financial Industry
⁻ Attack types
⁻ Attack sophistication
3. Cybersecurity in the pandemic era
4. Where to start
⁻ A tiered approach
⁻ Board’s role
⁻ What to ask
4. All Rights Reserved | Page 4
All Rights Reserved | Page 4
WHAT IS HAPPENING
IN THE WILD?
Cyber through statistics
5. All Rights Reserved | Page 5
Statistics on the state of cybersecurity and incidents
of workload will be processed by
cloud data centers in 2021
94%
of Global Office Workers Want to
Continue Working from Home
post-COVID-19
76%
98%
of claims ($589M in total) from Small
to Medium Enterprises (SMEs) with
less than $2 billion in annual revenue
of global IT leaders delayed security
priorities when the world stayed at
home
93%
Tanium
RSM / NetDiligence CISCO
Global Workplace Analytics
!
18% of middle market C-suite
executives claimed that their company
experienced a data breach last year
2000% increase in attacks targeting
industrial control systems (ICS) and
operational technology since 2018
23% of middle market executives
claimed a ransomware attack or demand
during the past 12 months
6. All Rights Reserved | Page 6
Notable events
SolarWinds Supply Chain Attack Microsoft Exchange
Vulnerability
Colonial Pipeline Ransomware
Attack
US Executive Order on
Improving the Nation’s
Cybersecurity
7. All Rights Reserved | Page 7
Demystifying the SolarWinds attack - Overview
What happened?
SolarWinds is a software that monitors the status
and health of IT systems. Threat actors created a
backdoor into the SolarWinds Orion software. Not all
versions of the software were impacted; however,
those that were impacted have the potential to
expose an environment to the threat actor.
Who is impacted?
More than 18,000 SolarWinds customers
downloaded the affected versions of SolarWinds
Orion software. Early reports stated that victims
were primarily state and federal governments;
according to Microsoft, 40+ victims as of December
18, 2020.
• CrowdStrike
• Fidelis
• FireEye
• Malwarebytes
• Palo Alto Networks
• Qualys
• Mimecast
• Microsoft
8. All Rights Reserved | Page 8
Demystifying the SolarWinds attack – Have I been compromised?
8
9. All Rights Reserved | Page 9
All Rights Reserved | Page 9
GROWING ATTACK
TRENDS IN THE
FINANCIAL INDUSTRY
10. All Rights Reserved | Page 10
Attacks in the Financial Industry – Attack types
10
Ransomware as
a Service
Ransom-based
DDoS attacks
Remote
infrastructure
attacks
Supply chain
attacks
11. All Rights Reserved | Page 11
Attacks are growing in sophistication
11
Targeting both Windows and
Linux environments
Encrypting files using strong
encryption
Access to malware admin
panels via TOR to manage
builds, payments,
documentation and maintain
anonymity
Automated test decryption from
the process from encryption to
withdraw of money.
DDoS options Layer 3 and
Layer 7
A partner to provide network
access or a person or team with
pen testing skills.
12. All Rights Reserved | Page 12
All Rights Reserved | Page 12
CYBERSECURITY IN
THE PANDEMIC ERA
13. All Rights Reserved | Page 13
Recent trends
13
The effects of a divided
workforce, now only
connected via technology,
allows potential attacks to
exploit the trust of employees
and flaws in technology to
gain access to company
resources.
The COVID-19 pandemic has
increased the complexity of
cybersecurity challenges for
the middle market due to
reliance on less secure
networks (e.g. home offices)
to remain productive, as well
as increased reliance of third-
parties.
Adversaries are unleashing a
variety of attacks that only
larger organizations may be
equipped to identify and
defend against.
Ransomware attacks Attacks against healthcare
providers
Abuse of unsecure remote
working infrastructure and
culture
14. All Rights Reserved | Page 14
Recent trends – Pandemic related attacks
14
Phishing Process Technical Regulatory
15. All Rights Reserved | Page 15
What has changed with remote workforce?
15
Where is our data being stored? On cloud services?
Employees’ personal computers? Mobile devices?
How is our data being transmitted?
Are there any weaknesses that could allow attackers to
compromise our employees’ remote networks or
personal systems, potentially granting VPN access to
the internal network?
Have our business processes been updated to account
for remote operations (e.g., accounts
payable/receivable, payroll, use of devices, etc.)
17. All Rights Reserved | Page 17
A tiered approach to improving security posture
17
Basic cyber
hygiene; e.g. top 5
critical controls
from CIS
Gap assessment,
and roadmap
Closing the gaps
and implementing
continuous
improvement
1
2
3
18. All Rights Reserved | Page 18
Board oversight principles
18
- NACD: Cyber-Risk Oversight 2020
Cyber
Risk
Oversight
Cybersecurity as a Strategic Risk
Directors need to understand and approach cybersecurity as a strategic, enterprise risk—not just as
an IT risk.
Legal and Disclosure Implications
Directors should understand the legal implications of cyber risks as they relate to their company’s
specific circumstances.
Board Oversight Structure and Access to Expertise
Boards should have adequate access to cybersecurity expertise, and discussions about cyber-risk
management should be given regular and adequate time on board meeting agendas.
An Enterprise Framework for Managing Cyber Risk
Directors should set the expectation that management will establish an enterprise-wide, cyber-risk
management framework with adequate staffing and budget.
Cybersecurity Measurement and Reporting
Board-management discussions about cyber risk should include identification and quantification of
financial exposure to cyber risks and which risks to accept, mitigate, or transfer, such as through
insurance, as well as specific plans associated with each approach.
19. All Rights Reserved | Page 19
What to ask from owners of cybersecurity / risk function
19
? What is the trend in our cybersecurity incidents?
?
?
What do we need to know about our next partner, acquisition
target, or product line? Are you able to help us answer those
questions?
?
? How to you plan to engage and inform the Board in case of a
major cybersecurity incident?
?
?
How do you explain the changes in your report compared to
the previous round? ?
If you are approved for 20% additional budget, what is the
first thing you will spend that money on?
Board members can ask the following questions from the individuals owning the cybersecurity function – if there is no such role, create one!
Do we have cyber insurance? Are we comfortable with its
coverage?
Are we facing any limitations that prevent us to secure our
remote workforce? What are the limitations?
How do we ensure that our Managed (Security) Service
Provider is effectively monitoring for and detecting threats
against our assets?