Anatomy of a Cyber Attack - IACCE€¦ · Anatomy of a Cyber Attack A Reality Check for Business Decision Makers including Executives, Directors, and Owners. Bruce Ward, Vice President

Helping you grow your business with

scalable IT services & solutionsfor today’s challenges & tomorrow’s vision.

© 2017 Peters & Associates, Inc. All rights reserved.

Anatomy of a Cyber AttackA Reality Check for Business Decision Makers including Executives, Directors, and Owners.

Bruce Ward, Vice President of Business StrategyDr. Rachael Narel, Solution StrategistAdam Gassensmith, Manager of Client Engagement


IT SecuritySolutionsAgenda


IT SecuritySolutionsChanges Keep Changing


IT SecuritySolutionsChanges Keep Changing

2005 2013


IT SecuritySolutionsBreaches Keep Breaching

www.hhs.gov/ocr/privacy/hipaa/enforcement/index.html https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

http://www.hhs.gov/ocr/privacy/hipaa/enforcement/index.html

https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf


IT SecuritySolutions

“Cyber crime only happens to large companies like Chase, Target and Home Depot.”

31% - incidents of losses at organizations with <100 employees

61% - incidents of losses at organizations with <250 employeesSource: Symantec Internet Threat Report

Common Misconceptions


IT SecuritySolutionsCloud Shift only Shifts


IT SecuritySolutionsLooming Risk Offset

Above The Surface

Below The Surface

• Customer Breach Notification• Technical Investigation

• Loss of Client Relationships• Reputation / Brand• Cost of Raising Capital• Loss of Intellectual Property• Impact on Operations• Insurance Sources:2017 Reports:

Ponemon and Deloitte

2017 Ponemon Institute Cost of a Data Breach Study

https://www2.deloitte.com/global/en/pages/risk/articles/Global-Cyber-Briefing.html


IT SecuritySolutionsInformation Security Is Complex & Dynamic

DATA“A lot of moving parts”


IT SecuritySolutionsInformation Security Industry


IT SecuritySolutionsCyber Security Framework

Data Protection



People

Process

Technology

NIST CSF


IT SecuritySolutionsCyber Security Framework

Data Protection1


IT SecuritySolutionsSignificant Data

Helping you grow your business with

scalable IT services & solutionsfor today’s challenges & tomorrow’s vision.


Creating a Culture of Security and Effective Training Programs

Rachael NarelSolution Strategist



The security of systems is dependent on the people that use them. Effective institutional assessment of risks and implementation of secure practices rely on a shared understanding of the threats and challenges facing the institutions….

Lohrmann, 2014



• Time and budget for training

• Say one thing and do another

• Lack of buy-in

• Not organizationally mandated

• “I’m not a target” mindset

• History of failed programs

• Lack of communication or purpose

• Change is hard….

Some Challenges….


IT SecuritySolutionsOrganizational Culture

Edgar Schein



• The leadership team needs to support and promote a security culture– Does the strategy support the realization of the goals? (do people

know the strategy?)

– Is the right structure in place?

– Do key business processes support the strategy?

– Are the outcomes and behaviors that are rewarded and recognized support the strategy?

– Does the current talent of the organization support the strategy?

It starts at the top…



• Security belongs to everyone

• Overall awareness

• Rewards and recognition for those who do the right thing

• Creation of a security community

• Fun and engaging

• Continual learning and improvement

• Communication

Key Elements of a Security Culture


IT SecuritySolutionsEngage the entire system



• Security training ≠ cyber awareness program

• Ongoing, continuous, communication, reinforcement

• Go beyond compliance and ‘check the box’ mindset

• Keep it simple!

Cyber Security Awareness PROGRAM



• Just one piece of the program

• Not a point in time event

• Relevant to the audience and consistent with the values and goals of the organization

• Influence behavior changes that deliver measureable results

Training IS important!


IT SecuritySolutionsUse a variety of approaches


IT SecuritySolutionsMeasure and share results



• Is there a security policy that is enforced across the entire organization?

• Do employees know the policy?

• What are the practices and technologies in place that can detect a breach?

• Do employees know what to do if they detect a security violation?

Simple Assessment

Sugar Rush: How to select an IT Managed Services and Cybersecurity Partner in a Crowded Marketplace

Adam Gassensmith – Manager of Client Engagement

This Photo by Unknown Author is licensed under CC BY-ND

https://whydyoueatthat.wordpress.com/2012/10/30/tidbit-tuesday-candy-and-trick-or-treating

https://creativecommons.org/licenses/by-nd/3.0/

Happy (belated) Halloween!

This Photo by Unknown Author is licensed under CC BY-NC

This Photo by Unknown Author is licensed under CC BY-NC-ND

This Photo by Unknown Author is licensed under CC BY

https://www.flickr.com/photos/spookytreasures/2940565506/

https://creativecommons.org/licenses/by-nc/2.0/

http://flickr.com/photos/fiasuna/8344852632

https://creativecommons.org/licenses/by-nc-nd/2.0/

http://afactsaday.blogspot.com/2011/10/halloween-money-facts.html

https://creativecommons.org/licenses/by/3.0/

Partnering for Security

Average Salary of an IT Security Specialist

$120,000/year

Average Direct Cost of a Cyberattack on a Small Business

$9,000

The Cost of the Slow Burn

???

Choosing your Candy

Beware of Dum Dums

Avoid Kit Kat’s Rigidity

Peanut Butter and Chocolate

– Better Together

Are you Asking the Right Questions?

• Who is your ideal customer?

• What do you see as the greatest security threat to our business?

• How can you uniquely support our business?

Table Stakes• Security Expertise• Certification

This Photo by Unknown Author is licensed under CC BY-NC

https://danamccauley.wordpress.com/2009/05/07/you-are-what-you-eat/

https://creativecommons.org/licenses/by-nc/3.0/



IACCE Participant Entitlements Greater Chicago Area

Lunch and Learn - on-site

Security Review in a Day - on-site

Non-Profit Pricing


IT SecuritySolutionsChamber Engagement 2016 …2017



The Right Mix Culture, Program, People, Process, and Technology

https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwjk8anUg53XAhWD24MKHQFUAlsQjRwIBw&url=https://lizhendersondata.wordpress.com/2016/11/23/people-are-the-key-to-data-success/&psig=AOvVaw2j7H4C0D9B9si93cwXqtMH&ust=1509613692711105



Successful Community Everyone Wins With The Right Cybersecurity Mix



Peters IL Chamber Program

•Connect•Engage•Measure•Evaluate



• Participated in 100 + Events Made 2000+ New Connections

• Chamber Cyber Security - 3 events and over 500 Participants

• 160 Cyber Community Businesses Educational Activities

• Results:• Improved Awareness Inquiries For Education lots more to do…..

Peters Community Programs 2017



Contact Tim O’Hara [email protected] to:

Set up your Community Awareness Program (CAP)

Learn About Microsoft Non-Profit Program

Chat about Risk

What Next – Chamber Challenge

mailto:[email protected]


IT SecuritySolutionsKnowledge is Power

www.peters.com/blog

www.peters.com/event

http://www.peters.com/blog

http://www.peters.com/event

© 2015 Peters & Associates, Inc. All rights reserved.© 2016 Peters & Associates, Inc. All rights reserved.

Documents

Anatomy of a Cyber Attack - IACCE€¦ · Anatomy of a Cyber Attack A Reality Check for Business Decision Makers including Executives, Directors, and Owners. Bruce Ward, Vice President