Joshua SkeensChief Technical Officer
Sources• Verizon DBIR• SonicWall Security
Report• Cisco Security Report
2018 Year in Review
❑Breach❑An incident that results in confirmation of
information loss
❑Incident❑Event that compromises CIA (no confirmation)
❑Confidentiality
❑Integrity
❑Availability
Top Security concern?!
❑Number 1 cause of breaches & incidents
1 in 5 Breaches
SMB Under Attack
50% of all attacks take place against small businesses
Why is that important?
•97% of all businesses in North America are SMB
50% of all Alerts logged in the US go uninvestigated
60% of customers will think about leaving you if breached
•30% WILL leave
2018 by the
numbers
Hackers = MinutesBusiness = Months
Numbers by Sector
90%
10%
Motives
Financial & Espionage the REST
A customer experience
company that delivers
comprehensive network
security services❑Malicious Software Downloads
❑Ransomware❑39%
It’s NOT…just for the PROs
anymore!
CYBERCRIME!
Let's go fishing!!
❑Phishing❑65% increase – PhishMe
❑Good News❑16 minutes before first click
❑ Bad News❑76% of businesses reported Phishing Attacks
❑30% of phishing campaigns opened❑12% of users click the link
❑Less than 17% of phishing incidents are reported
❑30 minutes before attack is first reported
❑97% of people can’t identify a phishing email – McAfee
PHISHING!!!
1.5 Million NEW Phishing Sites Created Per Month!!!!
Social Engineering – Email Edition
❑Pretexting❑110% increase – PhishMe
❑Target Departments❑Finance
❑Executive
❑Human Resources
❑It can happen to anyone….
Social Engineering – Twitter Edition
What was that noise?!
Checked
your attic
lately?!
Office 365
Hijack
Explained
Nefarious Actor gains access to User Account
• Password Database dump
• Phishing Attack
• Social Engineering
NA creates forwarding rules looking for specific
information
Once triggered, NA springs into action
• Forwards communication offsite
• Starts impersonation
• Automatically deletes correspondence
Check your O365 “attic”
❑ Enable MFA❑ Enable Unified Audit & Logging – Security & Compliance Center❑ Enable Mailbox Auditing❑ Use Microsoft Security Score
❑ Create Forward Alerts❑ Disable ability to forward email
❑ PowerShell scripts for auditing❑ Rules❑ Forwards❑ Alerts
MFA can
save the
day!
Security Best Practices
Security Awareness Training
• KnowBe4
• Moodle
Patch Management
• 60% of businesses were breached
Vulnerability Scans
• 37% of businesses that were breached
• No Vulnerability Scans
MFA/2FA
• Twofactorauth.org
• www.mycerdant.com
K.I.S.SLockdown NON-Standard Ports
Security Best Practices
Control Admin rights
• Don’t operate as
• Domain Admin
• Local Admin
• Microsoft LAPS
SIEMLog & Monitor Lateral Movement
Security Best Practices
VPN for Remote Access
No direct RDP
NEW RDP Bug *PATCH!
Add *External* stamp to Email
50% uplift in preventing incidents
Monthly Account Review
26% of User Accounts are
stale
Involve HR
Network Segmentation
Control Lateral
Movement
Again….Educate Employees
Security Best Practices
Or Not so
Top…
Let’s talk Passwords
• 123456
• password
• 123456789
• 12345678
• 12345
• 111111
• 1234567
• sunshine
Top Passwords for 2018
The Mentalist:Password Creation
Password Requirements:
Minimum 8 charactersUppercase LetterLowercase LetterNumberSpecial Characters / punctuation (Ex: !@#$%^&)
It’s just a matter of When not IF!
❑Average password is 7-9 characters in length
❑Most likely used symbols: ~, !, @, $, %, &, and ?
❑If a number, usually a 1 or 2, sequential, and likely at the end
❑If a capital letter, it’s usually the beginning, followed by a vowel
❑66% of people use 1-3 passwords for all online accounts
❑1 in 9 have a password based on the common Top 500
❑20-60-20 Rule: Large password dump• 20% are easily guessed dictionary words or know common
passwords• 60% are moderate to slight variations of the earlier 20%• 20% are hard, lengthy, complex, or of unique characteristics
How old are your passwords?!
The Domino Effect
A customer experience
company that delivers
comprehensive network
security services
CORPORATE HEADQUARTERS
5747 Perimeter Drive Suite 110 Dublin, OH 43017
PHONE 614.652.3486 EMAIL [email protected]
Thank YOU!