Abstract image of a woman sitting on books and studying on a laptop

Cybersecurity…real world solutions

Download as PPTX, PDF
E
ErnestStaats

The document outlines essential cybersecurity practices, emphasizing that complete security is unattainable due to inherent vulnerabilities and the human factor in breaches. Key recommendations include establishing a response plan for breaches, implementing multi-factor authentication, and developing comprehensive policies and procedures for data protection. It also stresses the importance of continuous governance and oversight to ensure robust cybersecurity measures.

Technology
Related topics:
Cyber-Security IT Security Data Privacy
1 of 23
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Cybersecurity… Real World Solutions Network Paladin (Making complex Cyber & Privacy issues understandable and actionable ) Ernest Staats estaats@networkpaladin.org
Our Reality
Other SDA’s have learned that… 1. We are never as safe or secure as we think we are 2. Nobody’s defenses can protect against a determined hacker 3. Networks and data systems are inherently insecure There are always vulnerabilities that can be exploited 4. Your Response is More important than your security Software
People are the strongest and weakest link!
Individuals Enable Hacking People make mistakes by: •Sharing passwords •Using outdated software •Losing or improperly discarding files •Mishandling personal information •Storing unencrypted personal information on laptops or easily lost mobile devices •Circumventing information security controls oIntentionally for their purposes; oIn the mistaken belief that they can improve efficiency; oIn narrow mindedly thinking that they “just need to get the job done” regardless of risk
What to Do? 1. Expect a breach & establish a response plan (Link to resources) 2. Purchase cyber insurance (A team to help you) (Link to resources) 3. Develop, implement, & document policies and procedures (Now) 4. Consider outsourcing some security aspects (e.g. 24/7 monitoring) 5. Have backups, backups of backups and backups where people can’t find them (Link to Backup resources) 6. Discover then Restrict access to any system or report that contains sensitive information (Link to sensitive data resource) 7. Use an out of band communication method (signal, telegram)
What to Do? 8. Establish a password manager (Link to resources) 9. Limit local Admin accounts 10. Patch systems and applications 11. Use Multi-Factor authentication 12. Verify all 3rd party vendors (Link to Resources) 13. Risk Management is everyone’s responsibility (Train Engage them) 14. Secure your Data Systems (Link to resources)
Reduce reliance and burden on people Start with People Policies Set the Framework to align People, Processes and Technology Policy without enforcement is a suggestion Processes Reflect need of People in relation to policies & Technology Success Relies On: Technology Process People
Demo – HID Card Key Bypass
Cyber Incident Response Plan Key elements to have in place before a cyber incident occurs include: A cyber incident response plan customized for the organization’s specific Data Systems- (including cloud apps). Well-defined and assigned roles to ensure appropriate individuals understand their duties. Communications plans so the organization can efficiently communicate and explain reportable incidents. Link to IR Resources
How Do We Prevent Being a Headline?
Colonial Pipeline & SDA Organizations Gov issued Executive Order Requiring: 1. Multifactor Authentication (Limit Local Admin Accounts) 2. Zero Trust (Contain legacy systems) ` 3. Use Risk based Governance & Compliance 4. Documented IR & communication plans 5. Vendor vetting (Link to template) Colonial Pipeline SDA Orgs Access VIA VPN Access VIA RDP or VPN Some multifactor Password Multifactor Passwords – Some – to NONE Access through a Legacy System Access through Legacy Systems
Information Leakage is Easy
Governance Terminology Policies: Formal statements produced and supported by senior management (Approved by your board) Standards: Mandatory courses of action or rules that give formal policies support and direction (Approved by leadership team) Procedures: Detailed step-by-step technical instructions to achieve a goal or mandate. (Managed by tech team)
•Data Integrity Procedures (Backups, retention, restore (overwrite) authorization, etc.) (Link to templates) •Data Governance Procedures (DATA handling, lifecycle, deletion, access control & authentication, etc.) •Data Classification Procedures (PII, PCI, PHI, and how the entity stores, accesses and manages that data) •Email Retention Policy and Procedures (email is one of our significant internal liabilities) •Incident Response Plan (Policies & Procedures) (Link to templates) •Cyber Security (Policies and Procedures) Document Policies and Procedures
Mobile Issues /Demo Deep Fakes: Spoofed Voice https://www.zdnet.com/article/forget-email-scammers-use- ceo-voice-deepfakes-to-con-workers-into-wiring-cash/ USE A Code Word Identify Caller Use Code Words PIN security – 6 digit code no Pattern Camera and mic can be turned on without permission
Ransomware Trends 2021
Ransomware Response 1. Start a log of all actions taken by who (Link to template) 2. Determine what is encrypted 3. Contain system pull network cable & disconnect wireless 4. Call Cyber Insurance team …. 5. (Ransomware Check Lists) 6. Know if you are willing to pay 7. See if Ransomware has an unlock key www.nomoreransom.org 8. Determine if you need to report a breach 9. Consider contacting local and federal law www.ic3.gov
Monitor your Ministry & Life (Demo) Google alerts: https://www.google.com/alerts Hacked Account: https://haveibeenpwned.com/ Dark Web Scan: https://try.idx.us/cyberscan/ Public Records: http://publicrecords.searchsystems.net/ Image Search: https://yandex.com/images/ Metadata Viewer: http://exif.regex.info/exif.cgi Take Control – Data Detox: https://datadetox.myshadow.org/en/home
Common Pitfalls to Avoid •Emphasizing highly publicized but rare threats over basic cyber hygiene •Treating cybersecurity as a one-off project instead of a key organizational component •Not sustaining budget and human resources for cyber defenses •Lack of vendor governance and oversight
More Common Pitfalls to Avoid •Implementing the latest cybersecurity tools and technology instead of addressing critical security controls (Link to CIS v7 template) •Have independent security reports that are not (captain obvious) •No written information security program with supporting policies, processes, and procedures •Lack of governance and oversight
Legal Data Privacy Resources Data Protection Laws of the World https://www.dlapiperdataprotection.com/ US State Breach Notification Law Interactive Map https://www.bakerlaw.com/BreachNotificationLawMap State Laws Related to Internet Privacy http://www.ncsl.org/research/telecommunications-and-information- technology/state-laws-related-to-internet-privacy.aspx US state comprehensive privacy law comparison: https://iapp.org/resources/article/us-state-privacy-legislation-tracker/ https://emtemp.gcom.cloud/ngw/globalassets/en/legal-compliance/documents/trends/gdpr-compliance-audit-checklist.pdf
Cybersecurity…real world solutions

More Related Content

PDF
IT security in 2021: Why Ransomware Is Still The Biggest Threat
ETech 7
 
PDF
Cisa ransomware guide
anpapathanasiou
 
PPTX
Ransomware Has Evolved And So Should Your Company
Veriato
 
PDF
The Cost of Doing Nothing: A Ransomware Backup Story
Quest
 
PPTX
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Storage Switzerland
 
PPT
Safeguard your enterprise against ransomware
Quick Heal Technologies Ltd.
 
PPTX
Anatomy of a Ransomware Event
Art Ocain
 
PPTX
Cybersecurity
UmairFirdous
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
ETech 7
 
Cisa ransomware guide
anpapathanasiou
 
Ransomware Has Evolved And So Should Your Company
Veriato
 
The Cost of Doing Nothing: A Ransomware Backup Story
Quest
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Storage Switzerland
 
Safeguard your enterprise against ransomware
Quick Heal Technologies Ltd.
 
Anatomy of a Ransomware Event
Art Ocain
 
Cybersecurity
UmairFirdous
 

What's hot (20)

PDF
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
James Anderson
 
PDF
Triangulum - Ransomware Evolved - Why your backups arent good enough
Martin Opsahl
 
PPTX
Ransomware Detection: Don’t Pay Up. Backup.
marketingunitrends
 
PDF
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
SaraPia5
 
PDF
The importance of Cybersecurity
Benoit Callebaut
 
PDF
Cambodia CERT Seminar: Incident response for ransomeware attacks
APNIC
 
PDF
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Edureka!
 
PPTX
Cybersecurity Training
WindstoneHealth
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
PPTX
Cyber Attack Survival: Are You Ready?
Radware
 
PPTX
Ransomware: A Perilous Malware
HTS Hosting
 
PDF
Cyber Security For Organization Proposal PowerPoint Presentation Slides
SlideTeam
 
PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
PPTX
Ransomware Resiliency, Recoverability and Availability
Lai Yoong Seng
 
PPTX
Ransomware: Can you protect against attacks?
Osirium Limited
 
PPTX
DC970 Presents: Defense in Depth
IceQUICK
 
PPTX
Hyphenet Security Awareness Training
Jen Ruhman
 
PDF
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC
 
PDF
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Shawn Tuma
 
PPTX
An introduction to Cyber Essentials
Jisc
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
James Anderson
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Martin Opsahl
 
Ransomware Detection: Don’t Pay Up. Backup.
marketingunitrends
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
SaraPia5
 
The importance of Cybersecurity
Benoit Callebaut
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
APNIC
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Edureka!
 
Cybersecurity Training
WindstoneHealth
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Cyber Attack Survival: Are You Ready?
Radware
 
Ransomware: A Perilous Malware
HTS Hosting
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
SlideTeam
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Ransomware Resiliency, Recoverability and Availability
Lai Yoong Seng
 
Ransomware: Can you protect against attacks?
Osirium Limited
 
DC970 Presents: Defense in Depth
IceQUICK
 
Hyphenet Security Awareness Training
Jen Ruhman
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Shawn Tuma
 
An introduction to Cyber Essentials
Jisc
 
Ad

Similar to Cybersecurity…real world solutions (20)

PPTX
Tsc2021 cyber-issues
Ernest Staats
 
PPTX
2022 Rea & Associates' Cybersecurity Conference
Rea
 
PPT
Port of seattle security presentation david morris
Emily2014
 
PPTX
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
PPT
December ISSA Meeting Executive Security Presentation
whmillerjr
 
PDF
Understanding Cyber Kill Chain and OODA loop
David Sweigert
 
PDF
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Resilient Systems
 
PDF
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
 
PPTX
Introduction-to-Cybersecurit57hhfcbbcxxx
zahraomer517
 
PPTX
New PPTX mittre attack Presentation.pptx
esaabren
 
PPTX
New PegwrgwewegewtgPTX Presentation.pptx
esaabren
 
PDF
Cyber Defense - How to be prepared to APT
Simone Onofri
 
PPTX
Cybersecurity.pptx
John Donahue
 
PPTX
cybersecurity.pptx cybersecurity.pptx cybersecurity.pptx
kuperkyle52
 
PPTX
slidesgo-navigating-the-cyber-landscape-understanding-threats-and-strategies-...
NasratullahMirzai2
 
PPTX
Incident Response: Validation, Containment & Forensics
Priyanka Aash
 
PPTX
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
PPTX
Cybersecurity - Sam Maccherola
TechBiz Forense Digital
 
PPTX
Presentation - Cybersecurity Essentials.pptx
AllanCustodio5
 
PDF
Cervone uof t - nist framework (1)
Stephen Abram
 
Tsc2021 cyber-issues
Ernest Staats
 
2022 Rea & Associates' Cybersecurity Conference
Rea
 
Port of seattle security presentation david morris
Emily2014
 
Cybersecurity Basics of awareness presentation .pptx
williambillrials
 
December ISSA Meeting Executive Security Presentation
whmillerjr
 
Understanding Cyber Kill Chain and OODA loop
David Sweigert
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Resilient Systems
 
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
 
Introduction-to-Cybersecurit57hhfcbbcxxx
zahraomer517
 
New PPTX mittre attack Presentation.pptx
esaabren
 
New PegwrgwewegewtgPTX Presentation.pptx
esaabren
 
Cyber Defense - How to be prepared to APT
Simone Onofri
 
Cybersecurity.pptx
John Donahue
 
cybersecurity.pptx cybersecurity.pptx cybersecurity.pptx
kuperkyle52
 
slidesgo-navigating-the-cyber-landscape-understanding-threats-and-strategies-...
NasratullahMirzai2
 
Incident Response: Validation, Containment & Forensics
Priyanka Aash
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
Cybersecurity - Sam Maccherola
TechBiz Forense Digital
 
Presentation - Cybersecurity Essentials.pptx
AllanCustodio5
 
Cervone uof t - nist framework (1)
Stephen Abram
 
Ad

Recently uploaded (20)

PDF
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week IV
NewMind AI
 
PDF
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
PDF
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
PPTX
TEXTILE technology diploma scope and career opportunities
kriti38
 
PPTX
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
PPTX
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PDF
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
Principled Technologies
 
PDF
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
PDF
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
PPTX
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
PPTX
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
PDF
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
PDF
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
NewMind AI Weekly Chronicles – August ’25 Week IV
NewMind AI
 
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Kalilur Rahman
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
TEXTILE technology diploma scope and career opportunities
kriti38
 
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
Principled Technologies
 
UiPath Agentic Automation session 1: RPA to Agents
suhanisingh58689
 
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 

Cybersecurity…real world solutions

  • 1. Cybersecurity… Real World Solutions Network Paladin (Making complex Cyber & Privacy issues understandable and actionable ) Ernest Staats [email protected]
  • 3. Other SDA’s have learned that… 1. We are never as safe or secure as we think we are 2. Nobody’s defenses can protect against a determined hacker 3. Networks and data systems are inherently insecure There are always vulnerabilities that can be exploited 4. Your Response is More important than your security Software
  • 4. People are the strongest and weakest link!
  • 5. Individuals Enable Hacking People make mistakes by: •Sharing passwords •Using outdated software •Losing or improperly discarding files •Mishandling personal information •Storing unencrypted personal information on laptops or easily lost mobile devices •Circumventing information security controls oIntentionally for their purposes; oIn the mistaken belief that they can improve efficiency; oIn narrow mindedly thinking that they “just need to get the job done” regardless of risk
  • 6. What to Do? 1. Expect a breach & establish a response plan (Link to resources) 2. Purchase cyber insurance (A team to help you) (Link to resources) 3. Develop, implement, & document policies and procedures (Now) 4. Consider outsourcing some security aspects (e.g. 24/7 monitoring) 5. Have backups, backups of backups and backups where people can’t find them (Link to Backup resources) 6. Discover then Restrict access to any system or report that contains sensitive information (Link to sensitive data resource) 7. Use an out of band communication method (signal, telegram)
  • 7. What to Do? 8. Establish a password manager (Link to resources) 9. Limit local Admin accounts 10. Patch systems and applications 11. Use Multi-Factor authentication 12. Verify all 3rd party vendors (Link to Resources) 13. Risk Management is everyone’s responsibility (Train Engage them) 14. Secure your Data Systems (Link to resources)
  • 8. Reduce reliance and burden on people Start with People Policies Set the Framework to align People, Processes and Technology Policy without enforcement is a suggestion Processes Reflect need of People in relation to policies & Technology Success Relies On: Technology Process People
  • 9. Demo – HID Card Key Bypass
  • 10. Cyber Incident Response Plan Key elements to have in place before a cyber incident occurs include: A cyber incident response plan customized for the organization’s specific Data Systems- (including cloud apps). Well-defined and assigned roles to ensure appropriate individuals understand their duties. Communications plans so the organization can efficiently communicate and explain reportable incidents. Link to IR Resources
  • 11. How Do We Prevent Being a Headline?
  • 12. Colonial Pipeline & SDA Organizations Gov issued Executive Order Requiring: 1. Multifactor Authentication (Limit Local Admin Accounts) 2. Zero Trust (Contain legacy systems) ` 3. Use Risk based Governance & Compliance 4. Documented IR & communication plans 5. Vendor vetting (Link to template) Colonial Pipeline SDA Orgs Access VIA VPN Access VIA RDP or VPN Some multifactor Password Multifactor Passwords – Some – to NONE Access through a Legacy System Access through Legacy Systems
  • 14. Governance Terminology Policies: Formal statements produced and supported by senior management (Approved by your board) Standards: Mandatory courses of action or rules that give formal policies support and direction (Approved by leadership team) Procedures: Detailed step-by-step technical instructions to achieve a goal or mandate. (Managed by tech team)
  • 15. •Data Integrity Procedures (Backups, retention, restore (overwrite) authorization, etc.) (Link to templates) •Data Governance Procedures (DATA handling, lifecycle, deletion, access control & authentication, etc.) •Data Classification Procedures (PII, PCI, PHI, and how the entity stores, accesses and manages that data) •Email Retention Policy and Procedures (email is one of our significant internal liabilities) •Incident Response Plan (Policies & Procedures) (Link to templates) •Cyber Security (Policies and Procedures) Document Policies and Procedures
  • 16. Mobile Issues /Demo Deep Fakes: Spoofed Voice https://www.zdnet.com/article/forget-email-scammers-use- ceo-voice-deepfakes-to-con-workers-into-wiring-cash/ USE A Code Word Identify Caller Use Code Words PIN security – 6 digit code no Pattern Camera and mic can be turned on without permission
  • 18. Ransomware Response 1. Start a log of all actions taken by who (Link to template) 2. Determine what is encrypted 3. Contain system pull network cable & disconnect wireless 4. Call Cyber Insurance team …. 5. (Ransomware Check Lists) 6. Know if you are willing to pay 7. See if Ransomware has an unlock key www.nomoreransom.org 8. Determine if you need to report a breach 9. Consider contacting local and federal law www.ic3.gov
  • 19. Monitor your Ministry & Life (Demo) Google alerts: https://www.google.com/alerts Hacked Account: https://haveibeenpwned.com/ Dark Web Scan: https://try.idx.us/cyberscan/ Public Records: http://publicrecords.searchsystems.net/ Image Search: https://yandex.com/images/ Metadata Viewer: http://exif.regex.info/exif.cgi Take Control – Data Detox: https://datadetox.myshadow.org/en/home
  • 20. Common Pitfalls to Avoid •Emphasizing highly publicized but rare threats over basic cyber hygiene •Treating cybersecurity as a one-off project instead of a key organizational component •Not sustaining budget and human resources for cyber defenses •Lack of vendor governance and oversight
  • 21. More Common Pitfalls to Avoid •Implementing the latest cybersecurity tools and technology instead of addressing critical security controls (Link to CIS v7 template) •Have independent security reports that are not (captain obvious) •No written information security program with supporting policies, processes, and procedures •Lack of governance and oversight
  • 22. Legal Data Privacy Resources Data Protection Laws of the World https://www.dlapiperdataprotection.com/ US State Breach Notification Law Interactive Map https://www.bakerlaw.com/BreachNotificationLawMap State Laws Related to Internet Privacy http://www.ncsl.org/research/telecommunications-and-information- technology/state-laws-related-to-internet-privacy.aspx US state comprehensive privacy law comparison: https://iapp.org/resources/article/us-state-privacy-legislation-tracker/ https://emtemp.gcom.cloud/ngw/globalassets/en/legal-compliance/documents/trends/gdpr-compliance-audit-checklist.pdf