CYBERSECURITY FOR DEFENSE CONTRACTORS: THREAT BRIEF

Hosted by:

North Carolina Military Business Center

North Carolina Defense Technology Transition Office

Businesses in AttendancePlease test your chat function and provide: company name,

your name, location, email address

AGENDA• Introductions and Welcome

• Scott Dorney, North Carolina Military Business Center (NCMBC)• Denny Lewis, North Defense Technology Transition Office (DEFTECH)

• Presentation• Maria Thompson, Chief Risk Officer, North Carolina Department of Information

Technology• Colonel Jeff Worthington, Special Assistant, XVIII Airborne Corps, Chief of Staff

• Business Questions and Answers• Please type your questions in the chat function for review and response

• Conclusion and Announcements• Denny Lewis, North Carolina Military Business Center

UPCOMING TRAININGS: Introduction to Federal Contracting

(Sept 17)

Cybersecurity Series Part 2/6, Cybersecurity Business Needs (Sept 24)

Hiring & Retaining Skilled, Veteran Workforce for Federal Contractors (Two-Parts, Oct 1 & Oct 8)

Advanced Proposal Preparation and Development (Oct 5-7-9 & Dec 7-9-11)

DLA AVIATION BRIEFINGS: Pre-Award and Post-Award Tips for Success (Sept 16)

UPCOMING VIRTUAL SUMMIT: Southeast Region Federal Construction, Infrastructure and Environmental

Summit(October 21-22, Virtual)

All registration information is available online at www.ncmbc.us.

AGENDA• Introductions and Welcome

• Scott Dorney, North Carolina Military Business Center (NCMBC)• Denny Lewis, North Defense Technology Transition Office (DEFTECH)

• Presentation• Maria Thompson, Chief Risk Officer, North Carolina Department of Information

Technology• Colonel Jeff Worthington, Special Assistant, XVIII Airborne Corps, Chief of Staff

• Business Questions and Answers• Please type your questions in the chat function for review and response

• Conclusion and Announcements• Denny Lewis, North Carolina Military Business Center

UPCOMING TRAININGS: Introduction to Federal Contracting

(Sept 17)

Cybersecurity Series Part 2/6, Cybersecurity Business Needs (Sept 24)

Hiring & Retaining Skilled, Veteran Workforce for Federal Contractors (Two-Parts, Oct 1 & Oct 8)

Advanced Proposal Preparation and Development (Oct 5-7-9 & Dec 7-9-11)

DLA AVIATION BRIEFINGS: Pre-Award and Post-Award Tips for Success (Sept 16)

UPCOMING VIRTUAL SUMMIT: Southeast Region Federal Construction, Infrastructure and Environmental

Summit(October 21-22, Virtual)

All registration information is available online at www.ncmbc.us.

AGENDA• Introductions and Welcome

• Scott Dorney, North Carolina Military Business Center (NCMBC)• Denny Lewis, North Defense Technology Transition Office (DEFTECH)

• Presentation• Maria Thompson, Chief Risk Officer, North Carolina Department of Information

Technology• Colonel Jeff Worthington, Special Assistant, XVIII Airborne Corps, Chief of Staff

• Business Questions and Answers• Please type your questions in the chat function for review and response

• Conclusion and Announcements• Denny Lewis, North Carolina Military Business Center

UPCOMING TRAININGS: Introduction to Federal Contracting

(Sept 17)

Cybersecurity Series Part 2/6, Cybersecurity Business Needs (Sept 24)

Hiring & Retaining Skilled, Veteran Workforce for Federal Contractors (Two-Parts, Oct 1 & Oct 8)

Advanced Proposal Preparation and Development (Oct 5-7-9 & Dec 7-9-11)

DLA AVIATION BRIEFINGS: Pre-Award and Post-Award Tips for Success (Sept 16)

UPCOMING VIRTUAL SUMMIT: Southeast Region Federal Construction, Infrastructure and Environmental

Summit(October 21-22, Virtual)

All registration information is available online at www.ncmbc.us.

North Carolina Military Business Center Cyber Briefing

Maria S. ThompsonState Chief Risk Officer

Why are small businesses so appealing to hackers?

Source: IBM Report & Verizon Data Breach Report

BECAUSE:• 43% of SMBs Lack Any Type of Cybersecurity Defense Plans• One in Five SMBs Don’t Use Any Endpoint Security Protections• 60% of SMB Choose to Keep Their Heads in the Sand About Attack

& Breach Risks• 28% of the Breaches in 2019 Involved Small Business Victims• 85% of MSPs Report Ransomware as the Biggest Malware Threat

to SMBs in 2019• 63% of SMBs Report Experiencing a Data Breach in the Previous 12

Months• 22% of SMBs Switched to Remote Work Without a Cybersecurity

Threat Prevention Plan

Why are small businesses so appealing to hackers?

• 54% of small businesses think they’re too small for a cyber attack.• 25% of small businesses didn’t realize cyber attacks would cost them money.• 83% of small businesses haven’t put cash aside for dealing with a cyber attack.• 54% of small businesses don’t have a plan in place for reacting to cyber attacks.• 65% of small businesses have failed to act following a cyber security incident.• 50% of small and mid-sized businesses reported suffering at least one cyber attack

in the last year.• Small businesses spend an average of $955,429 to restore normal business in the

wake of successful attacks.• Just figuring out how a cyber attack happened could cost $15,000.• 40% of small businesses experienced eight or more hours of downtime due to a

cyber breach.• This downtime accounts for an average of $1.56 million in losses.

Attackers Focus – Key Findings

Source: 2020 Crowdstrike Services Cyber Frontlines Report

• Business disruption was the main attack objective• Credential dumping was the most frequent technique used• Dwell time increased from 85-95 days. The use of stronger countermeasures allow

them to stay hidden longer• Both Malware (49%) and malware-free (51%) intrusions were just about equal in use• Attackers are more deliberate and targeted in their efforts to automate Active Directory

reconnaissance.• Third-party compromises serve as a force multiplier for attacks • Attackers are targeting cloud infrastructure as a service (IaaS). Targeting of API keys is

increasing• Macs are now clearly in the crosshairs of the cyber fight. • Patching remains a problem• Many organizations fail to leverage the capabilities of the tools they already have

Attackers Focus – Key Findings

Source: 2020 Crowdstrike Services Cyber Frontlines Report

Attackers Focus – Key Findings

Source: 2020 Crowdstrike Services Cyber Frontlines Report

Attackers Focus – Key Mitigations

Source: 2020 Crowdstrike Services Cyber Frontlines Report

2019 NC Reported Ransomware Attacks

Date Affected Entity Ransomware VariantMar 2019 Orange County (hit 3 times in 6 yrs) Ryuk

Mar 2019 Pasquotank-Camden EMS Unknown

Mar, 2019 Robeson, NC Ryuk

Apr, 2019 City of Greenville RobinHood

Jul, 2019 Richmond Community College Ryuk

Aug 2019 Lincoln County Sheriffs Off/911 (X2) DopplePaymer

Sep 2019 Wildlife Commission DopplePaymer

Oct 2019 NC State Bar Neshta (dropper)

Oct 2019 Columbus Co School System (x17) Ryuk

Oct 2019 ABC Board (x21) Sodinokibi

Dec 2019 EBCI Sodinokibi (Insider Threat)

2020 NC Reported Ransomware AttacksDate Affected Entity Ransomware VariantFeb 2020 Duplin County RyukMar 2020 Durham County RyukMar 2020 City of Durham RyukMar 2020 Burke K-12 X (24) AKO Mar 2020 Alleghany K-12 PhobosMar 2020 City of Shelby RyukMar 2020 Mitchell K-12 SnatchMay 2020 Person County LockBitAug 2020 City of Rocky Mtn RYUKAug 2020 Haywood K-12 SuncyrptAug 2020 Piedmont Comm. College Matrix

2019 FBI IC3 Report – North Carolina

Source: 2019 Internet Crime Report

To Pay or Not to Pay

Source: Proofpoint -2020 State of Phish Report

Best Practices• Defense in Depth: Firewalls, antivirus, and endpoint detection/response

solutions• Network penetration testing• Cybersecurity audits• Computer use, device, and password policies• Access management and control policies and procedures• Email security solutions (such as anti-phishing solutions, spam filters,

email signing certificates [S/MIME certificates])• Employee cyber security awareness training and phishing simulations• Incident response and disaster recovery plans• Current data OFFLINE backups*** Cyber Insurance*** Virtual CISO

Question for you

Whole-of-State Cyber Approach• BitSight Monitoring of local county

infrastructure

• Pilot program for continuous monitoring of local county network traffic

• Development of Statewide Significant Cyber Incident Plan

• Establishment of statewide information sharing under HB 217

• 2-1-1 Cybercrime Hotline launched August 2020

Free ResourcesDHShttps://us-cert.cisa.gov/resources/smb

NISThttps://www.nist.gov/itl/smallbusinesscyber

FCChttps://www.fcc.gov/general/cybersecurity-small-business

SBAhttps://www.sba.gov/business-guide/manage-your-business/stay-safe-cybersecurity-threats

FTChttps://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity

@NCDIT@BroadbandIO@ncicenter

NCDIT

NC Department of Information Technology

NC DIT

Let’s Connect!

it.nc.gov@NCDIT

AGENDA• Introductions and Welcome

• Scott Dorney, North Carolina Military Business Center (NCMBC)• Denny Lewis, North Defense Technology Transition Office (DEFTECH)

• Presentation• Maria Thompson, Chief Risk Officer, North Carolina Department of Information

Technology• Colonel Jeff Worthington, Special Assistant, XVIII Airborne Corps, Chief of

Staff

• Business Questions and Answers• Please type your questions in the chat function for review and response

• Conclusion and Announcements• Denny Lewis, North Carolina Military Business Center

UPCOMING TRAININGS: Introduction to Federal Contracting

(Sept 17)

Cybersecurity Series Part 2/6, Cybersecurity Business Needs (Sept 24)

Hiring & Retaining Skilled, Veteran Workforce for Federal Contractors (Two-Parts, Oct 1 & Oct 8)

Advanced Proposal Preparation and Development (Oct 5-7-9 & Dec 7-9-11)

DLA AVIATION BRIEFINGS: Pre-Award and Post-Award Tips for Success (Sept 16)

UPCOMING VIRTUAL SUMMIT: Southeast Region Federal Construction, Infrastructure and Environmental

Summit(October 21-22, Virtual)

All registration information is available online at www.ncmbc.us.

There is no way it will happen to me…right?my personal 2020 story

“From U.S. businesses, to the federal government, to state and local governments, the United States is threatened by cyberattacks every day.” Daniel Coates, former Director of National Intelligence

America’s View of how DoD does Cyber Security

Threat intelligence states that DOD’s most critical defense missions are threatened on a regular basis by cyber-capable adversaries seeking to deny, disable and disrupt U.S. defense operations below the level of armed conflict

2018 – DoD received 3.2Bn emails13M contained viruses, malware, or phishing attempts

2015 – DoD targeted with 2 Gb DDoSToday - > 600 Gb daily

COVID-19 – Exponential increase in probing and VPN-related attacks

IoT and Networked devices create supplychain risk never before considered

Our View of how DoD does Cyber SecurityPersonal involvement in five DoD-level responses to critical vulnerabilities or attacks

- Controlled use of external media / USB- Focus on printer configuration- Supply Chain vulnerabilities- Greater visibility of remote access / phones

Cyber Security Maturity Model Certification (CMMC)Level 1 – Basic Cyber Hygiene (Access Control/Network Scan)Level 2 – Intermediate Cyber Hygiene (Establish Policy)Level 3 – Good Cyber Hygiene (Manage and Safeguard CUI)Level 4 – Proactive Cyber Hygiene (Review and Measure)Level 5 – Advanced Cyber Hygiene (APT)

Nobody questions the Sanitation Score in restaurants, but we won’t eat in one if it is lower than a 90

We are not at the End Daysbut we need to be careful

USCYBERCOM and the Service Cyber Commands are much more mature

Election Security is USCYBERCOM’s #1 Priority

Public – Private partnerships between USG and tech industry helpful

Low barrier to entry – Teenager in Tampa to Nation State in Asia

Attacks will increase in sophistication as we grow our automated capabilities to detect, remediate and comply

We must get it right all the time – the adversary only has to get it right once

Secure your Hardware

Encrypt and Backup Data

Invest in Cyber Security Insurance

Promote a Security-Focused Culture

Anti-Malware and Firewall Software

AGENDA• Introductions and Welcome

• Scott Dorney, North Carolina Military Business Center (NCMBC)• Denny Lewis, North Defense Technology Transition Office (DEFTECH)

• Presentation• Colonel Jeff Worthington, Special Assistant, XVIII Airborne Corps, Chief of

Staff• Maria Thompson, Chief Risk Officer, North Carolina Department of Information

Technology

• Business Questions and Answers• Please type your questions in the chat function for review and response

• Conclusion and Announcements• Denny Lewis, North Carolina Military Business Center

UPCOMING TRAININGS: Introduction to Federal Contracting

(Sept 17)

Cybersecurity Series Part 2/6, Cybersecurity Business Needs (Sept 24)

Hiring & Retaining Skilled, Veteran Workforce for Federal Contractors (Two-Parts, Oct 1 & Oct 8)

Advanced Proposal Preparation and Development (Oct 5-7-9 & Dec 7-9-11)

DLA AVIATION BRIEFINGS: Pre-Award and Post-Award Tips for Success (Sept 16)

UPCOMING VIRTUAL SUMMIT: Southeast Region Federal Construction, Infrastructure and Environmental

Summit(October 21-22, Virtual)

All registration information is available online at www.ncmbc.us.