1 / 34

Targeted Attacks and the Small Business

Targeted Attacks and the Small Business. Stephen Ferrero Consultant, Xantrion. Xantrion. Founded in 2000 by Anne Bisagno and Tom Snyder Wanted to bring big company IT to small and midsized organizations Among the top 50 worldwide MSPs (1) 45 person technical team 70 core clients

feleti
Télécharger la présentation

Targeted Attacks and the Small Business

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Targeted Attacks and the Small Business Stephen Ferrero Consultant, Xantrion

  2. Xantrion Founded in 2000 by Anne Bisagno and Tom Snyder Wanted to bring big company IT to small and midsized organizations Among the top 50 worldwide MSPs (1) 45 person technical team 70 core clients 3000 end users supported 600 servers managed (1) MSP Mentor worldwide survey results.

  3. Agenda The current SMB security paradigm Why we need to evolve our thinking Targeted attack methods The new SMB security paradigm

  4. Current Security Paradigm

  5. Protect against Opportunistic Attacks Your Company Attacker

  6. Security mindset “Be more secure than the other guy” “I’m too small to be a target”

  7. Typical security layers Hardware Firewall Email Filter Web Filter Antivirus / Antimalware OS Security Patches User Rights Assignment Policies, and Awareness User

  8. Why Change?

  9. Targeted Attack Your Company Attacker

  10. Targeted attacks in 2012 (Symantec, 2013)

  11. More targeted attacks on SMB Attackers have more and better resources SMBs are typically less secure SMBs make good launch points

  12. Targeted Attack Methods

  13. Spear Phishing

  14. Water Hole Attack

  15. Process of A Typical Attack 3 2 1 4 5 6

  16. Spear Phishing, Waterholing, etc. Hardware Firewall Email Filter Web Filter Antivirus / Antimalware OS Security Patches User Rights Assignment User

  17. New SMB Security Paradigm

  18. Protect against Targeted Attacks Your Company Attacker

  19. Security mindset “I have important data and assets to protect” Assume you are a target

  20. Typical SMB security layers Hardware Firewall Email Filter Web Filter Antivirus / Antimalware OS Security Patches User Rights Assignment Policies, and Awareness User

  21. Add more layers Educate employees Review hiring and firing policies Aggressive patching of OS and Apps • Acrobat, Flash, QuickTime, Java Get off End of Life software • Windows XP • Office 2003 End of Support - April, 2014

  22. Additional security layers Hardware Firewall Email Filter Web Filter Antivirus / Antimalware OS Security Patches App Security Patches User Rights Assignment User User Awareness and Training HR and Security Policies

  23. Identify your valuable assets Customer Data Customer Relationships Intellectual Property Bank Account Info

  24. Identify your special risks Internal threats Liability Unmanaged mobile devices Physical security

  25. Plan your response

  26. Practice secure banking Use Two-Factor authentication Require “Dual-Control” or separation of duties Require one control be completed on a dedicated PC Require out-of-band confirmation from your bank for large transactions

  27. Protect mobile devices Be aware of the increase in mobile malware Stream data to mobile devices instead of storing it there Separate personal and work data Track devices Have remote-wipe capability Enforce password policies

  28. Regularly re-evaluate your security Use the Top 20 security controls as a framework for frequent security policy updates. www.sans.org Remind users of proper security best practices

  29. Questions

  30. References cybersecurity. (n.d.). In Merriam-Webster’s online dictionary. Retrieved from http://www.Merriam- webster.com/dictionary/cybersecurity Small and midsize businesses. (n.d.). In Gartner IT Glossary. Retrieved from http://www.gartner.com/it- glossary/smbs-small-and-midsize-businesses/ Symantec Inc. (2013, April). Internet Security Threat Report. Retrieved from http://www.symantec.com/security_response/publications/threatreport.jsp Verizon. (2012). Data Breach Investigations Report. Retrieved from http://www.verizonenterprise.com/products/security/dbir/?CMP=DMC- SMB_Z_ZZ_ZZ_Z_TV_N_Z041 Mandiant. (2013) M-Trends 2013: Attack the Security Gap. Retrieved from https://www.mandiant.com/resources/m-trends/

  31. Top 10 Threat Actions Keylogger / Form-Grabber / Spyware Exploitation of default or guessable passwords Use of stolen login credentials Send data to external site/entity Brute force and dictionary attacks Backdoor (Allows remote access / control) Exploitation of Backdoor or CnC Channel Disable or interfere with security controls Tampering Exploitation of insufficient authentication (no login required)

  32. Advanced Persistent Threats Long-term attacks Focused on large organizations Organized Crime or State Sponsored

More Related