Professional Documents
Culture Documents
Presentation Deck - Full Slides
Presentation Deck - Full Slides
Erich Kron
Security Awareness Advocate
KnowBE4
24 April 2018 1
WELCOME
To receive your CPE
credit:
1. Complete 3 checkpoints
Audio is streamed over your computer. or
2. Watch the recorded version
from the beginning to the
Dial-in numbers and codes are on the left. very end.
3. Don’t forget to take the
Have a question for the speaker? Access the Q&A tab. survey!
Erich Kron
KnowBe4
AGENDA
5
Employees Are the Last Line of
Defense
91%
of successful data breaches started
with a spear phishing attack
• CEO fraud (aka Business Email
Compromise) estimated to exceed
$9 billion in 2018
54.9%
of users click on a phishing link
in under 60 minutes
Ransomware:
Know The
Enemy
9
The Anatomy of a Ransomware
Attack
-- sort of --
Internet
11
Recent Attacks
City of Atlanta
• SamSam Variant
• Ransom demand is 6,800 per machine or $51,000 for all
• Outages include customer-facing applications, online bill payment
and court-related information access
• "We don't know the extent so we just ask that you be vigilant, all of
us are subject to this attack, if you will. Many of us pay our bills
online, we have direct deposit, so go online and check your bank
statements.” - Mayor Keisha Lance Bottoms
Recent Attacks
• Variant of SamSam
• Ransom paid was roughly $55,000
• They paid the ransom even though they had good backups, because
it was easier than having to restore all of the damage
• The brought in
incident response teams from Microsoft and Cisco
and got Mandiant involved as well
• The Chief said. “Our automatic backup started after the infection,
so it just backed up infected files”
• The press release states that this is the result of a phishing email
Recent Attacks
Licking County, OH
• Ransomware took online access and landline phones were
down.
• 911 center computers were down and they had to log contacts
manually.
• This is designed to let people that are not technical set up attacks
• Different ways of doing this, for example, Philadelphia is $400, Dot
is free with a 50/50 split of profits, Saturn and Cerber RaaS models
are free with a 70/30 affiliate/malware developer split
19
The Future of Ransomware
Protecting Your Organization
• Train Your Users – This is our number one suggestion because it works. An untrained staff is
an incident waiting to happen. Most technical solutions are reactive and respond after an attack.
It is important to have them to minimize the damage, but we prefer to prevent the attack
• Segment the Network – Marketing computers rarely need to have network access to the SQL
servers or accounting systems
• Principle of Least Privilege – Not everyone should be an administrator. The less access users
have, the less malware can spread
• Remove Internet Facing RDP – If you need remote access, VPN first
19
How can we protect our current businesses?
19
Other Threat Vectors
19
Other Threat Vectors
• Don’t plug your devices in to random stuff
19
Users:
Arm Them
For Battle
25
Comprehensive Programs Work
• Most security awareness programs are still too superficial and done for compliance
reasons
• What is missing is the correct estimation of the adversary being faced and the degree of
commitment an organization has to have to stave of attacks
19
Training:
How To Do It
Right
27
Build A Security Awareness
Program That WORKS!
Baseline Testing
We provide baseline testing to assess the Phish-prone™
percentage of your users through a free simulated phishing
attack.
3
Security Awareness Training Program That Works
17,000
• Based in Tampa Bay, Florida, founded in 2010
• We help thousands of
organizations manage the
problem of social
engineering
1
QUESTIONS?
This training content (“content”) is provided to you without warranty, “as is” and “with all
faults”. ISACA makes no representations or warranties express or implied, including
those of merchantability, fitness for a particular purpose or performance, and non-
infringement, all of which are hereby expressly disclaimed.
You assume the entire risk for the use of the content and acknowledge that: ISACA has
designed the content primarily as an educational resource for IT professionals and
therefore the content should not be deemed either to set forth all appropriate
procedures, tests, or controls or to suggest that other procedures, tests, or controls that
are not included may not be appropriate; ISACA does not claim that use of the content
will assure a successful outcome and you are responsible for applying professional
judgement to the specific circumstances presented to determining the appropriate
procedures, tests, or controls.
Copyright © 2018 by the Information Systems Audit and Control Association, Inc. (ISACA). All rights reserved. This webinar may not be used, copied, reproduced,
modified, distributed, displayed, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise).
THANK YOU FOR
ATTENDING THIS
WEBINAR
33