Protecting your network, defending your data.

Vulnerability Management 101:

10 Essential Rules to Help

Prevent Cyberattacks

Cal Net Technology GroupSouthern California’s Premier IT Service Provider

CYBERCRIME TRENDS & TARGETS

IT Security Budget & Level of Protection

Val

ue

of

Exp

loit

able

Ass

ets

Enterprise

Small Business

Cybercriminal Sweet SpotMid-size Business

Data/Service Price Range

Credit Card # & CVV $4-$8 (US)

$7-$13 (UK/Australia/Canada)

$15-$18 (EU/Asia)

Credit Card including track data $12 (US)

$19-$20 (UK/Australia/Canada)

$28 (EU/Asia)

Fullz (identity and financial info) $25 (US)

$30-$40 (UK/Australia/Canada/EU/Asia)

Bank Account $70K-$150K < $300

Electronic Health Record (partial) $50

Infected Computers (1,000 – 15,000) $20 - $250

THE VALUE OF STOLEN DATA

205 days is the average amount of time organizations

had been compromised before they knew it– FireEye/Mandiant - 2015

The average cost for detection and escalation only subsequent to a security breach is approximately $417,700*

- Ponemon Institute & IBM 2015 – Cost of Data Breach Report

* Cost does not include: Average Total Cost of Data Breach $3.8 Million

Loss of business

(Brand)

Remediation and

mitigation costs

Notification

Identity Protection

THE 10 GOLDEN RULES OF CYBERSECURITY

Pardon me, but your vulnerability is showing.

Rule #1 Perform regular Internal and External Vulnerability Scans.

99.9%OF THE EXPLOITED

VULNERABILITIES

WERE COMPROMISED

MORE THAN A YEAR

AFTER THE CVE

WAS PUBLISHED.

About half of the CVEs

exploited in 2014 went

from publish to pwn in

less than a month.

VERIZON 2015 DATA BREACH INVESTIGATIONS REPORT

Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities.

THE 10 GOLDEN RULES OF CYBERSECURITY

“There are only two types of companies: those that have been hacked and those that will be.”

-Robert Mueller, FBI Director

Rule #2 Have an Incident Response Plan tested and ready

INCIDENT RESPONSE PLAN

Defines Guidelines for Communications: How to protect communications around an incident to both employees and the public.

Defines Regulatory Thresholds, Notification Requirements and Compliance Considerations.

Provides a clear path for categorization and appropriate actions to mitigate exposure.

THE 10 GOLDEN RULES OF CYBERSECURITY

“The time to repair the roof is when the sun is shining”. - JFK

Rule #3 Integrate a Vulnerability Management strategy into your Enterprise Patch Management Program.

1) Discover2) Prioritize3) Assess Risk4) Report5) Remediate6) Rescan7) Trending & Metrics

VULNERABILITY MANAGEMENT LIFECYCLE

THE 10 GOLDEN RULES OF CYBERSECURITY

Your Firewall alone is like bringing a knife to a gunfight.

Rule #4 Focus on a Defense-in-depth strategy.

DEFENSE IN DEPTH

THE 10 GOLDEN RULES OF CYBERSECURITY

Ignorance is not bliss.

Rule #5 Use Security Information Event Management (SIEM) tools to provide visibility into your enterprise.

SECURITY INFORMATION EVENT MANAGEMENT (SIEM)

Centralize Security Logs

Correlate Security Events Alerts

Automate Compliance

Performance, Change and Availability Monitoring

Detect Botnets and Malware

Risk Prioritization

Uncover your attack surface

Powerful Dashboards, Reporting and Alerting

THE 10 GOLDEN RULES OF CYBERSECURITY

The check is in the mail.

Rule #6 Cyber Liability Insurance is a must have, but there are rules of engagement for it to be effective.

CYBER INSURANCE

1.Make sure your policy limits and sublimits are adequate

2.Request "retroactive" coverage for prior, unknown breaches

3.Watch out for "panel" and "prior consent" provisions that purport to tie your hands

in responding to a breach

4.Get coverage for claims resulting from your data vendors' errors and omissions,

not just your own

5.If you handle data for others, make sure your liability to them is covered too

6.Seek coverage for "loss" of data, not just data theft

THE 10 GOLDEN RULES OF CYBERSECURITY

Fool me once, shame on unencrypted data.

Rule #7 Encryption, Encryption, Encryption and more Encryption.

THE 10 GOLDEN RULES OF CYBERSECURITY

One Ransomware incident with your data is worth 10 DNS filters in your network.

Rule #8 Ensure you are using DNS Malware Protection in your overall defense-in-depth strategy.

RANSOMWARE

Cisco’s analysis of malware

validated as “known bad”

found that the majority of

that malware—91.3

percent—use the Domain

Name Service in one of

these three ways:

- To gain command and

control

- To exfiltrate data

- To redirect traffic

THE 10 GOLDEN RULES OF CYBERSECURITY

Mama always said “untrained is as untrained does”.

Rule #9 Leverage effective and ongoing Security Education and Awareness Training.

THE 10 GOLDEN RULES OF CYBERSECURITY

You don’t have to be a security expert to have a secure network.

Rule #10 Ensure you have the right skillsets for your Detective, Preventative and Response Security Strategy. Outsource to an expert when appropriate.

OVERVIEWCal Net Technology Group (CNTG)

Headquartered in Los Angeles

Full Spectrum of IT service capabilities

Consistent IT competency and

loyalty through employee membership

ITIL based servicing framework adoption

SLA and run-book based management

20 Years of IT Experience – Service First!

Strategic, planning, IT to business alignment

and IT governance services

Acquisition and disposition of physical and

virtual assets

Transitioning services

Unified communications, carrier management,

desktop, servers, storage, network and backup

expertise

Hosting, virtualization, disaster recovery,

security and governance offerings

Business process capabilities Including help

desk, ticket management and service

automation

Full Lifecycle of IT Requirements

01

C o n t a c t U s

( 8 6 6 ) 9 9 9 - 2 6 3 8

w w w . c a l n e t t e c h . c o m

Matt Lindley - Director of Security Services - Cal Net Technology(e) mlindley@calnettech.com

(p) (818) 721-4474

Interested in scheduling a FREE

Security Assessment?

THANKYOU!

CAL NET TECHNOLOGY GROUP