friday, october 23, 2015. jacqueline harris, cpm®, ccim® director of training & administration...
TRANSCRIPT
Cyber Attacks and Hacking: What You Need to Know About Data Privacy and SecurityFriday, October 23, 2015
Jacqueline Harris, CPM®, CCIM®Director of Training & AdministrationDigital Realty
Kevin BodellSystems and Infrastructure ManagerCity Creek Reserve, Inc.
Smart Chick Megan OrserSmart Apartment Solutions
BREAKING NEWS….CIA “HACKED”?
TUESDAY, OCTOBER 20, 2015
“It’s no longer a matter of if a company gets hacked, it’s only a matter of when.”
Mark Stamford, OCCAMSEC
Symantec found that 17 percent of all android apps were actually malware in
disguise.
Ransomware attacks grew 113 percent in 2014, along
with 45 times more crypto-ransomware
attacks.
2014 2013
168127
New Mobile Vulnerabilities
2014 2013
24000
11000
Ransomware Total
2015 INTERNET SECURITY THREAT REPORT, Symantec
Who is getting hacked.
Small BusinessA recent infographic by Towergate Insurance said that last year, 97
percent of smaller businesses neglected to prioritize online security improvement for future business growth.
VS
It’s not IF,It’s
WHEN!
Today’s Cyber Attacks
Social EngineeringPhishingHackingRansomware
What is Social Engineering?A non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures
Social engineering is one of the most effective ways to circumvent established security protocol
Targets human “vulnerabilities” (helpfulness, fear, insecurity)
10
“Hacking” what’s at risk for Property Managers?
Building Management SystemsEnergy Management SystemsEmergency Notification SystemsCustomer PortalsIntegrated Work Management SystemsPoor Password ProtectionUnmonitored Access PointsRudimentary Software
RansomwareMidsize BusinessesThe most common causes were malicious or criminal attacks (44 percent), followed by employee negligence (31 percent) and system glitches (25 percent).
The intent of the breach is usually information theft leading to financial gain, rather than so-called hacktivism,
What is your exposure?
Resident/Employees FilesSocial Security NumberDrivers LicenseMajor Credit CardsCredit ReportAddress HistoryEmployment HistoryBusiness Reputation
Prevent
•What is the risk?
•What is your exposure?
Prepare
•What can you do to prepare for the inevitable?
•What practical approaches can you take to minimize exposure?
Respond
•How do you minimize the impact to business as usual when it does happen?
•How do you mitigate risk once it’s happened?
Data Classification
Level 1 Level 2 Level 3 Level 4
Data that may be freely disclosed with the public.
Internal data that is not meant for
public disclosure.
Sensitive internal data that if
disclosed could negatively affect
operations.
Highly sensitive corporate and customer data that if disclosed could put the
organization at financial or legal risk.
Example: Contact information, price
lists
Example: Sales contest rules, organizational
charts
Example: Contracts with third-party
suppliers, employee reviews
Example: Employee social security numbers,
customer credit card numbers
Prevent Prepare
Respond
Network & Physical Security Controls
Network, Computer, and Email Access ControlsEncryptionAnti-Virus/Anti-SpywareFirewall and Internet Connection
Prevent Prepare Respond
General Security Controls
Visitor PolicySocial EngineeringThird party network security checksNetwork and Computer Backups
Prevent Prepare Respond
“I’ve been hacked...”
Prevent Prepare Respond
Respond CONSIDER THE NUMBERSAverage Organizational Cost of a Data Breach $5.9 millionEstimated Cost of a General Data Breach $201 per compromised record
• Identify source & stabilize• Notify impacted parties• Be detailed, consistent & diligent with your reporting• Review business loss insurance• Develop plan to protect the company brand• Commence “Customer Loyalty” activities• Implement protocols to prevent future breaches• Be ready to adjust & adapt quickly as new threats arise
Prevent Prepare Respond
Future Predictions
New forms of blackmailing & extortion schemesRansom ware for data theftSmart MachinesSmart Offices or Business BMS SystemsIncreased threats at the power source (public utilities, old/outdated infrastructure, banking systems, financial institutions)
Are you and your organization protected ?
Prevent Prepare Respond
IREM Resources…
“Are You Sitting on a Cyber Security Bombshell?”, Joseph Dobrian, JPM Sept/Oct 2015Before and After Disaster Strikes: Developing An Emergency Procedures Manual, 4th Edition, ©2012 IREM“What You Should Know About Cybersecurity Insurance,” © IREM Blog October 15, 2015