Does Your Cybersecurity Stack Up Against Todays Cyber Criminals - Final

©2021 CliftonLarsonAllen LLP
Does Your Cybersecurity Stack Up

Against Today’s Cyber Criminals?
October 2021 – Cybersecurity Awareness Month
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor
Disclaimer
The information contained herein is general in nature and is not intended, and
should not be construed, as legal, accounting, or tax advice or opinion
provided by CliftonLarsonAllen LLP to the user. The user also is cautioned that
this material may not be applicable to, or suitable for, the user’s specific
circumstances or needs, and may require consideration of non-tax and other
tax factors if any action is to be contemplated. The user should contact his or
her CliftonLarsonAllen LLP or other tax professional prior to taking any action
based upon this information. CliftonLarsonAllen LLP assumes no obligation to
inform the user of any changes in tax laws or other factors that could affect
the information contained herein.
2
IT & Cyber Security Services
Information Security offered as specialized service offering for
over 25 years
• Penetration Testing and Vulnerability Assessment
o Black Box, Red Team, Infrastructure, Applications, Social Engineering, and
Collaborative Assessments
• Incident response and forensics
• IT/Cyber risk, audit, readiness and compliance assessments
o HIPAA, GLBA, FFIEC, NIST, CMMC, CIS, etc…
• PCI-DSS Readiness and Compliance Assessments

• HITRUST Assessments
• SOC Assessment and Reporting
• Business Risk Services
• Digital Transformation
3
Our Panelists
Randy Romes David Anderson David Sun Jeffrey Ziplow

Principal, Cybersecurity Principal, Cybersecurity Principal, Cybersecurity Principal, Cybersecu
Randy.Romes@CLAconnect.com David.Anderson@CLAconnect.com David.Sun@CLAconnect.com Jeffrey.Ziplow@CLAconnect.com

612-397-3114 612-376-4699 703-483-2650 860-561-6815
4
Agenda and Learning Objectives
Agenda
• Current Cybersecurity Trends
• Breach Case Study
• CMMC
Learning Objectives
 Explain current cyber threats, including ransomware, data exfiltration, and
other attacks
 Discuss business ramifications of a data breach
 Identify the increasing costs of maintaining good cybersecurity
 Explain how current legislation may affect your cybersecurity requirements
 Describe how Cybersecurity Maturity Model Certification (CMMC) can enhance
business success
Current Cybersecurity Landscape
WEALTH ADVISORY | OUTSOURCING

AUDIT, TAX, AND CONSULTING
Investment advisory services are offered through CliftonLarsonAllen
Wealth Advisors, LLC, an SEC-registered investment advisor 6
Cybersecurity Landscape in 2021
• As a result of the pandemic, we have seen both traditional, and more
commonly, nontraditional forms of hacking targeting all Industry sectors.
• COVID and the remote working transition continues to present challenges

with most organization’s cyber security strategy.
• Hackers (both individuals and nation state) recognize many corporations

as the banks of the 21st century.
7
Cybersecurity – What we learned in 2020
• As companies continued to digitize and connect, they created an ecosystem
that requires a security architecture adequate to protect beyond its physical
buildings.
• A robust Information Governance Strategy is a key imperative – identify and
protect your Crown Jewels, and purge unneeded information.
• Leadership needs to be aware of and manage its supply chain and vendors
(Vendor Risk Management). A proactive Vendor Risk Management strategy is
critical to minimizing the disruption of a companies supply chain.
• Organizations must educate and inform your board of directors and senior
executives. They will be an important advocate in funding your cybersecurity
strategy.
8
Cybersecurity Data Breach- Cost by the numbers
• IBM’s 2021 Cost of a Data Breach study conducted by the Ponemon
Institute noted:
o $9.05m Average cost of a data breach in the United States
o $5.33m Global average cost of breach enterprises > 25,000 employees
o $2.98m Global average cost of breach organizations < 500 employees
o +$1.07m Cost where remote workforce was a factor in causing the breach
o 44% Breaches that included records containing Customer PII
 Average cost of $180 per record
o 38% Portion of breach costs due to lost business
9
How Long
Does it Take
to Identify
and Contain?
Source: IBM Security

Cost of a Data Breach
Report 2020
10
Behind the statistics
• Hackers can do a lot in AND to your network in 207 days (Global Average)
o Learn everything about your business
o Find your crown jewels and take them
o Disable backups and security systems
o Create numerous back doors
• Public portrayal of ransomware creates a false sense of security
o Ransomware is usually coupled with other acts – Ransomware is simply the
most visible part of the attack
o Current ransomware attacks are coupled with data exfiltration
o Resuming operations is just the first step
o Legal and business ramifications of a data breach can persist
11
Current State of Affairs

Wealth Advisors, LLC, an SEC-registered investment advisor
Top Causes of Data Breaches
• So much easier to steal
passwords than exploit
systems
Source: 2020 Verizon DBIR

Other Trends
• Majority financially motivated
Source: 2020 Verizon DBIR

Business Email Compromise
• Fraudsters impersonate employees or vendors via email in an
attempt to steal money
o Fake vendor invoice
o Exec asks staff to “buy gift cards”
o Update direct deposit account
o Etc.
• Malware often not needed
Cost of BEC
• Exploitation of cloud-based email has cost US businesses over
2 billion Lots of claims
around $40K
50% of victims
recover money
17
Ransomware
• Attack on the Availability of data
• Payments are often in Bitcoin
• Cyber criminals attempt to delete backups
• Newer variants also demand payment not to publish stolen
data (DOUBLE TAP)
2020 Sophos Study
• 51% of companies were hit with ransomware
• 26% paid the ransom
Case Analysis

Case Study
• Company experiences attack and ransomware outage
o Most systems encrypted
o Operations have been shut down
o Company had an IR plan and attempted to implement.
o Primary contact of CIO changed but identified to correct lead IT person
o System backups exist - IT has been trying to restore for last 3 days
o Company did not have cyber insurance coverage
o CEO is responding to vendor and client inquires on why the company was not
responding to emails and rumors of an incident
o Board was notified of breach and instructed CEO to bring in outside assistance
20
Case Study
• CLA’s cyber response team is brought in to assist

o Examined all key systems
 Identified which systems were encrypted and when
 Collected logs from all available devices
o Forensics examination was performed
 Determined that the ransomware variant was Sodinokibi  known to exfiltrate data
 Logs showed CFO’s account logged in to remote access server from:
 Vietnam, Germany and the Philippines
 Logs only go back 2 months
 Evidence the threat actor was in the network goes as far back as then
 Company did not maintain systems to monitor for data leaving the network
21
Case Study
• Restoring operations
o After working with company’s IT, we were able to isolate all infected
systems
o Built new servers and systems
o Restored data from backup to the newly built systems
• Fallout
o One of the compromised systems contained protected data covered
under state reporting regulations
o Because the ransomware group is known to exfiltrate data and
company did not have anything monitoring outbound data, all
clients with protected information in the system needed to be
notified of the potential compromise
o Risk of litigation from clients
22
What To Do:
Cybersecurity Maturity Model
Certification (CMMC)

CMMC - Background
• NIST 800-171 was established in 2017-2018 to protect Controlled
Unclassified Information (CUI) in Nonfederal Systems and Organizations
o Companies working with the DoD or Subcontractors working with Companies with DoD
contracts were impacted
• NIST 800-171 was a self-assessment standard

o Companies/Subcontractors were supposed to assess themselves against the standards and
develop Systems Security Plan along with a Plan of Action and Milestones (POAM)
• DoD recognized a low adoption level of compliance

• Cybersecurity Maturity Model Certification (CMMC) was created to remedy
noncompliance and develop more robust standards
o Created a unified cybersecurity standard for DoD acquisitions (FAR 52.204.21, DFARS
252.204-7012, DFARS Interim Rule)
24
CMMC – NIST 800-171 Difference
• CMMC requires defense suppliers and other types of companies to be
certified by CMMC Assessors
o CMMC Assessor is an independent 3rd party organization
o Certifications are issued for a period of 3 years
• CMMC requires perpetual flow down provisions for supply chain entities that

provide other than "off the shelf" supplies/services to prime contractors and
other tiers of subcontractors
• Other Industries impacted by CMMC
o Higher Education Colleges/Universities maintain CUI information and need CMMC assessments
• General Services Administration (GSA) has adopted CMMC

o Other Federal agencies plan on adopting CMMC framework
25
CMMC – Who Has to Comply
• Defense suppliers will require CMMC certification to bid for selected RFPs
o Includes organizations in the DoD supply chain that processes, stores or transmits CUI
• Defense subcontractors may also require CMMC compliance for selected awards
• CMMC – Scales for different types of suppliers (down and up)
o Level 1 to Level 5
• CMMC has additional assessment domains and adds processes to the assessment
• CMMC has a greater focus on Cyber Threat Intelligence
• Some DoD contracts will require CMMC Level 1 initially
o CMMC certification will be required at time of contract award. If you aren’t compliant, you don’t get award
o By 2025 many companies will need to be at Level 3
26
27
**
**
CMMC – Overview
**


CMMC – Benefits
• Ability to assess and confirm current and targeted cybersecurity posture
• Identify gaps in a Company’s current security programs and processes
• Identify and prioritize opportunities for improvement using a continuous and repeatable
process
• Ability to demonstrate progress toward reaching
its target cybersecurity posture – Level
• Ability to demonstrate the organization’s alignment with the Framework’s recognized best
practices
• Ability to validate and communicate an organization’s cybersecurity posture in a common,
recognized language – CMMC Certification
28
CMMC – What To Do?
• Tone at the top – Cybersecurity needs to be considered at all times
o Not an after thought
• Review current DoD contracts

o Confirm requirements identified in the contract
o Contracts will change over time

• Obtain an independent Gap assessment against CMMC control standards
o Determine Level 1 – Level 3 controls to be assessed against
o Develop Plan of Action & Milestone (POAM) and remediation strategy
29
Cyber Security Can Make a Difference

Properly
Managing
Cyber Risks $2.3m
Difference
makes a
Difference
Source: IBM Security Cost of

a Data Breach Report 2021
31
Properly Managing Cyber Risks makes a Difference
Source: IBM Security Cost of a Data Breach Report 2020
32
Properly Managing Cyber Risks makes a Difference
• Technical tools are only as good as
the people behind them
• Proper management requires a

combination of leadership,
technology and philosophy
33
Questions

Thank you!
Randy Romes David Sun
CISSP, CRISC, CISA, MCP, PCI-QSA CISSP
Principal – Cybersecurity Services Principal – Cybersecurity Services
Direct: 612-397-3114 Direct: 703-483-2650
Randy.Romes@claconnect.com David.Sun@claconnect.com
David Anderson Jeff Ziplow

OSCP MBA, CISA, CGEIT
Principal – Cybersecurity Services Principal – Cybersecurity Services
Direct: 612-376-4699 Direct: 860-561-6815
David.Anderson@claconnect.com Jeffrey.Ziplow@claconnect.com
CLAconnect.com
WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor
Wealth Advisors, LLC, an SEC-registered investment advisor

Does Your Cybersecurity Stack Up Against Todays Cyber Criminals - Final

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Does Your Cybersecurity Stack Up Against Todays Cyber Criminals - Final

Uploaded by

Copyright:

Available Formats

©2021 CliftonLarsonAllen LLP

Does Your Cybersecurity Stack Up

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

• PCI-DSS Readiness and Compliance Assessments

Randy Romes David Anderson David Sun Jeffrey Ziplow

Randy.Romes@CLAconnect.com David.Anderson@CLAconnect.com David.Sun@CLAconnect.com Jeffrey.Ziplow@CLAconnect.com

WEALTH ADVISORY | OUTSOURCING

• COVID and the remote working transition continues to present challenges

• Hackers (both individuals and nation state) recognize many corporations

Source: IBM Security

WEALTH ADVISORY | OUTSOURCING

Source: 2020 Verizon DBIR

Source: 2020 Verizon DBIR

WEALTH ADVISORY | OUTSOURCING

• CLA’s cyber response team is brought in to assist

WEALTH ADVISORY | OUTSOURCING

• NIST 800-171 was a self-assessment standard

• DoD recognized a low adoption level of compliance

• General Services Administration (GSA) has adopted CMMC

©2021 CliftonLarsonAllen LLP

• Review current DoD contracts

WEALTH ADVISORY | OUTSOURCING

Source: IBM Security Cost of

Source: IBM Security Cost of a Data Breach Report 2020

• Proper management requires a

WEALTH ADVISORY | OUTSOURCING

David Anderson Jeff Ziplow

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

You might also like