reducing cyber risk
TRANSCRIPT
Reducing Cyber Risk
Ashleigh P. Smaha, JDData Breach Response TeamNelson Mullins
Cell: (478) [email protected]
Annual Member’s MeetingSavannah, GAJune 9, 2021
Gabriel Gomez EnCE CBE CCLAManaging Director | DFIRTracepoint
Cell: (540) [email protected]
Nelson Mullins 24/7/365 Breach Response Intake Team
Ashleigh P. Smaha, JD
Associate
Georgia
M: 478.960.4623
Gina Ginn Greenwood, JD, CIPP/US
Partner, Co-Chair Data Breach Response Practice
Georgia
M: 404.909.0665
In the event of an incident, please contact
[email protected] or call
our Breach Hotline at 404.322.6767. You may also call
and text the Intake Team Members listed below.
Brad C. Moody, JD, CIPP/US
Blythe K. Lollar, JD
Of Counsel Mississippi
omM: 601.937.9925
Partner, Co-Chair Data Breach Response Practice
Mississippi, Alabama
M: 601.278.2118
attorneys and professionals
800+ 25
States Where Nelson Mullins Attorneys are Admitted to Practice
Nelson Mullins Offices
SOC 2 TYPE 2 with
HITRUST controls audits
ISO/IEC 27001:2013 certified
offices in 11 states and the District of
Columbia
2020 Am Law ranking
68
diversified practice areas
100+
[email protected] is distributed to all Intake Team Members.Nelson Mullins Riley & Scarborough LLP | nelsonmullins.com
Featured Privacy, Security, & Incident Response Team Members
Gina Ginn Greenwood, JD, CIPP/US Angela Hart-Edwards, JD Patricia A. Markus, JD Roy Wyman, JD Blythe K. Lollar, JD Ashleigh P. Smaha, JD Brad C. Moody, JD, CIPP/US
Partner, Co-Chair Data Breach Response Practice
Georgia
Partner
Raleigh, NC
Of Counsel
Mississippi
Partner
Washington, D.C.
Associate
Georgia
Partner, Co-Chair Data Breach Response Practice
Mississippi, Alabama
Partner, Chair Privacy & Security Industry Group
Nashville, TN
Colton Driver, JD, CIPP/E Colin T. Barrett, JD Eli A. Poliakoff, JD John F. Loar, JD James J. Pagano, Jr., JD Samer A. Roshdy, JD Jason I. Epstein, JD
Associate
Columbia, SC
Associate
Atlanta, GA
Associate
Boston, MA
Partner
Charleston, SC
Of Counsel
Tallahassee, FL
Associate
Tallahassee, FL
Partner, Co-Head, Technology & Procurement Industry Group
Nashville, TN | New York, NY
Neeru “Nina” Gupta, JD Lucile H. Cohen, JD Brad Rustin, JD Daniel C. Lumm, JD Philip M. Busman, JD Craig Nazzaro, JD Johnathan H. Taylor, JD
Partner
Atlanta, GA
Partner
Washington, D.C.
Partner
Greenville, SC
Partner
Atlanta, GA
Partner
Greenville, SC | Washington, D.C.
Associate
Atlanta, GA
Partner, E-Discovery and Information Management Practice Group
Columbia, SC
Wesley McCulloch, JD Sam Rosenthal, JD Elizabeth Donaldson, JD Lori L. Wright, JD D. Larry Kristinik, III, JD Geoffrey P. Vickers, JD Kelly L. Frey, JD
Associate
Nashville, TN
Partner
Atlanta, GA
Partner
Columbia, SC
Partner
Nashville, TN
Partner
Washington, D.C. | New York, NY
Partner
Nashville, TN
Associate
Greenville, SC
With additional support from:
Jillian Hart, JD Mark Brophy, CISSP, GCIH, GDSA, GSNA Val Gross, JD Evan M. Sauda, JD William H. Latham, JD, CIPP/US Stephanie A. Russo, JD Will Bryan, GCCC Daniel A. Cohen, JD
Associate
Boston, MA
Information Security Supervisor
Columbia, SC
Director of IT Security and Information Services Columbia, SC
Of Counsel
New York, NY
Partner
Charlotte, NC
Partner
Columbia, SC
Partner
Miami, FL
Partner
Atlanta, GA
Alabama . District of Columbia . Florida Georgia Massachusetts Mi...ssissippi New Y.ork North Carolina South Carolina Tennessee
. . . .
Cyber Incident Response, Remediation & Recovery Solutions
Incident Response Services:
• Digital Forensics & Incident
Response
• Ransomware Recovery Solutions
• Data Recovery & Remediation
Services
• Business Email Compromise
• Phishing Investigations
Active Defense Services:
• Security Assessments
• Technical Testing
• Managed Security Programs &
Development
• Security Training
• Virtual CISO and Strategic
Services
• Cyber Insurance Readiness &
Preparation
Tracepoint.com | [email protected] | 844-TRACE-04
Digital Forensics & Incident Response Leadership
Chris SalsberryChief Executive Officer
Brett AndersonChief Operating
Officer
Rob DriscollChief Revenue
Officer
Mike MakowkaChief Information Security
Officer & Managing
Director
Rob SpitlerManaging Director
Stacey LevyManaging Director
Edith SantosManaging Director
Clay BlankenshipManaging Director
Gabriel GomezManaging Director
CYBER ATTACKSCyber attacks are in the
headlines everyday.
All of us are under constant attack by hackers trying to
gain access to our computers and networks!
Blackbaud Data Security Incidents Affects 55,000 Entities; millions of letters are sent
- 2020
Ryuk Ransomware – Health Providers Under Attack
Colonial Pipeline Allegedly Pays Darkside $4.4 Million Dollars Following Ransomware Attack
EDUCATION IS KEY
Think
Source: DynaSis
Educate About MalDoc Trends through Phishing
Scams Often Make You Feel You are Missing Out If You Don’t Click on the Link!
MalDoc Trends through Phishing Disguised as DocuSign
Some Scams Use our Security against Us! Scams Even Involve Encrypted Emails!!
TESTING SYSTEMS / TABLE TOPS
USER TRAINING: Establishing Safe Habits
BACK–UP FILES / CONTAINMENT / BLOCKING
WEEKLY PATCH UPDATES: Workstation & Server
ANTI–MALWARE / ANTI-VIRUS SOFTWARE
MANAGING ADMIN AND ACCESS RIGHTS – Multifactor Authentication
FILTERING: Email Content Filtering
DATA MAPPING / DEVICE MANAGEMENT
FIREWALLS / ENCRYPTION
INCIDENT RESPONSE EMERGENCY PREPAREDNESS PLAN
PRIVACY AND SECURITY POLICIES / PROCEDURES factoring in applicable law
Cyber Liability Insurance
Security And Risk Management Is About Managing Risk Through A Layered Approach
Lessons Learned – The Legal Perspective
• Early Reporting Saves Time and Money
oRecent GSBA insured cases…alert IT Directors helped avoid a larger issue
oKnow your policy deadlines, but report to GSBA ASAP
• Manage Communications
o “You don’t know what you don’t know until you know”
o The “facts” at the beginning are rarely the same facts at the end…
• It’s All in the Name
o Threat Actors are hunting for sensitive data. Don’t make it easy for them by labeling files “Department of Education Report by Social Security Number” or “ Domain Password List”
13
UPDATE, UPDATE, UPDATE!
14
Operating System Updates
o Ensure operation systems are up to date with available cumulative updates
oApply operating system security patches to keep current with recently identified vulnerabilities
o Eliminate the use of outdated operating systems which no longer receive security updates
Antivirus Updates
o Ensure antivirus updated on regular basis to ensure latest malware definitions are loaded
Maintenance for Protection
15
Quarterly/SemiAnnual Active Directory Audits
o Identify abandoned profiles
▪ Former employees
▪ Accounts created for specific projects no longer being used
oConfirm only administrators have administrator privileges
▪ Eliminate used of shared administrator accounts
▪ Employees granted temporary administrator access for completed projects set back to appropriate access level
▪ Regular users should not be setup as local administrators on assigned workstations
Fortifying the Exterior
16
Firewall Settings
o Enable Geoblocking for incoming/outgoing network connections
o Whitelist IP addresses and subnets for specific exceptions
o Ensure Firewall/Load Balancer translation table configuration to allow originating IP addresses to pass through for investigative/auditing purposes
o Backup Firewall/VPN/AV logs to SEIM or Syslog instance
Remote Accesso Disable RDP access to systemso Use VPN for remote access with MFAo Require Multifactor Authentication (MFA) for all
users and administrator accounts for network and web-based email access
Fortifying the Interior
17
Password Policy
o Password complexity requirements
▪ 10-12 character minimum include upper/lowercase letters, numbers and symbols
o Password Cycling
▪ Require password changes every 60-90 days
o Immediately disable former employee credentials
User Controls
o Software restriction policies
o Disable Macros
o Disable SMB (malware lateral spread)
Cyber Risk Assessments and Monitoring
18
Education
o Educate employees on risks related to phishing campaigns
oPerform internal phishing exercises quarterly
oRegular penetration testing annually
Endpoint Monitoring
oPlacement of Endpoint Detection and Response (EDR) to monitor environment
▪ Preferably monitoring 24/7 Security Operations Center (SOC) with playbooks in place to limit lateral spread of malware/ransomware
Response and Recovery Planning
19
Continuity of Operations Plan (COOP) for ‘disaster’ recovery
oCreate recovery plan to include evidence preservation and restoration plan for mission critical systems
oBackup regularly - keep offline/offsite backups (daily if possible) for purposes of restoration
o Segment network
▪ Separate HR/Payroll servers from general system population allowing only approved users for access
oRecommendation to migrate on premise email platforms to cloud based instances (i.e. O365, GSuite) for continuity should network environment be compromised
Nelson Mullins 24/7/365 Breach Response Intake Team
Ashleigh P. Smaha, JD
Associate
Georgia
M: 478.960.4623
Gina Ginn Greenwood, JD, CIPP/US
Partner, Co-Chair Data Breach Response Practice
Georgia
M: 404.909.0665
In the event of an incident, please contact
[email protected] or call
our Breach Hotline at 404.322.6767. You may also call
and text the Intake Team Members listed below.
Brad C. Moody, JD, CIPP/US
Blythe K. Lollar, JD
Of Counsel Mississippi
omM: 601.937.9925
Partner, Co-Chair Data Breach Response Practice
Mississippi, Alabama
M: 601.278.2118
attorneys and professionals
800+ 25
States Where Nelson Mullins Attorneys are Admitted to Practice
Nelson Mullins Offices
SOC 2 TYPE 2 with
HITRUST controls audits
ISO/IEC 27001:2013 certified
offices in 11 states and the District of
Columbia
2020 Am Law ranking
68
diversified practice areas
100+
[email protected] is distributed to all Intake Team Members.Nelson Mullins Riley & Scarborough LLP | nelsonmullins.com