Joshua SkeensChief Technical Officer

Sources• Verizon DBIR• SonicWall Security

Report• Cisco Security Report

2018 Year in Review

❑Breach❑An incident that results in confirmation of

information loss

❑Incident❑Event that compromises CIA (no confirmation)

❑Confidentiality

❑Integrity

❑Availability

Top Security concern?!

❑Number 1 cause of breaches & incidents

1 in 5 Breaches

SMB Under Attack

50% of all attacks take place against small businesses

Why is that important?

•97% of all businesses in North America are SMB

50% of all Alerts logged in the US go uninvestigated

60% of customers will think about leaving you if breached

•30% WILL leave

2018 by the

numbers

Hackers = MinutesBusiness = Months

Numbers by Sector

90%

10%

Motives

Financial & Espionage the REST

A customer experience

company that delivers

comprehensive network

security services❑Malicious Software Downloads

❑Ransomware❑39%

It’s NOT…just for the PROs

anymore!

CYBERCRIME!

Let's go fishing!!

❑Phishing❑65% increase – PhishMe

❑Good News❑16 minutes before first click

❑ Bad News❑76% of businesses reported Phishing Attacks

❑30% of phishing campaigns opened❑12% of users click the link

❑Less than 17% of phishing incidents are reported

❑30 minutes before attack is first reported

❑97% of people can’t identify a phishing email – McAfee

PHISHING!!!

1.5 Million NEW Phishing Sites Created Per Month!!!!

Social Engineering – Email Edition

❑Pretexting❑110% increase – PhishMe

❑Target Departments❑Finance

❑Executive

❑Human Resources

❑It can happen to anyone….

Social Engineering – Twitter Edition

What was that noise?!

Checked

your attic

lately?!

Office 365

Hijack

Explained

Nefarious Actor gains access to User Account

• Password Database dump

• Phishing Attack

• Social Engineering

NA creates forwarding rules looking for specific

information

Once triggered, NA springs into action

• Forwards communication offsite

• Starts impersonation

• Automatically deletes correspondence

Check your O365 “attic”

❑ Enable MFA❑ Enable Unified Audit & Logging – Security & Compliance Center❑ Enable Mailbox Auditing❑ Use Microsoft Security Score

❑ Create Forward Alerts❑ Disable ability to forward email

❑ PowerShell scripts for auditing❑ Rules❑ Forwards❑ Alerts

MFA can

save the

day!

Security Best Practices

Security Awareness Training

• KnowBe4

• Moodle

Patch Management

• 60% of businesses were breached

Vulnerability Scans

• 37% of businesses that were breached

• No Vulnerability Scans

MFA/2FA

• Twofactorauth.org

• www.mycerdant.com

K.I.S.SLockdown NON-Standard Ports

Security Best Practices

Control Admin rights

• Don’t operate as

• Domain Admin

• Local Admin

• Microsoft LAPS

SIEMLog & Monitor Lateral Movement

Security Best Practices

VPN for Remote Access

No direct RDP

NEW RDP Bug *PATCH!

Add *External* stamp to Email

50% uplift in preventing incidents

Monthly Account Review

26% of User Accounts are

stale

Involve HR

Network Segmentation

Control Lateral

Movement

Again….Educate Employees

Security Best Practices

Or Not so

Top…

Let’s talk Passwords

• 123456

• password

• 123456789

• 12345678

• 12345

• 111111

• 1234567

• sunshine

Top Passwords for 2018

The Mentalist:Password Creation

Password Requirements:

Minimum 8 charactersUppercase LetterLowercase LetterNumberSpecial Characters / punctuation (Ex: !@#$%^&)

It’s just a matter of When not IF!

❑Average password is 7-9 characters in length

❑Most likely used symbols: ~, !, @, $, %, &, and ?

❑If a number, usually a 1 or 2, sequential, and likely at the end

❑If a capital letter, it’s usually the beginning, followed by a vowel

❑66% of people use 1-3 passwords for all online accounts

❑1 in 9 have a password based on the common Top 500

❑20-60-20 Rule: Large password dump• 20% are easily guessed dictionary words or know common

passwords• 60% are moderate to slight variations of the earlier 20%• 20% are hard, lengthy, complex, or of unique characteristics

How old are your passwords?!

The Domino Effect

A customer experience

company that delivers

comprehensive network

security services

CORPORATE HEADQUARTERS

5747 Perimeter Drive Suite 110 Dublin, OH 43017

PHONE 614.652.3486 EMAIL Joshua.Skeens@cerdant.com

Thank YOU!