2016 gpug summit hacked
TRANSCRIPT
You've Been Hacked:Now what?Rick Zich
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
You've Been Hacked• This is NOT GP security oriented• History• Identify if you have been hacked• Steps to take• Plan for future
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Meet Your PresenterGPUG Member for 5 Years!Favorite benefit: webinars, lunch and learns, and forumsWork and Fun : Beer and MotorcyclesERP: Major-Dynamics, SAP, Baan, Minor- Visual, Misys, pcMRP, Xtuple
eCommerce:Coresense, Magento, Woocommerce, Volusion, Shopify, Pixafy, Others
History
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Recent Attacks• Retail Giants Lose “Mass Quantities”
• Target/Home Depot/Michaels/N-Marcus• Marriott/White Lodging/Trump• CVS/Costco/RiteAid• Heartland
• Health Care Data Targeted• Anthem/Partners/Premera BC/CareFirst
• 100 Bank Cyber heist/Scottrade• Yahoo – 500 MILLION accounts• Ashley Madison
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Who are Targets
• Wherever valuable data can be found• Creative uses of data (blackmail)• Data is power (OPM)
• Quantity and Quality• Law firms are “soft underbelly” of
business• Panama Papers• Cravath/ Weil Gotshal
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Credit Cards are only Targets…?
• Medical Records• Anthem/BCBS (ss #, DOB, and Names)
• Tax Records• IRS – 2015 hit $21 Billion sent out to fraudulent returns
https://www.irs.gov/uac/newsroom/irs-combats-identity-theft-and-refund-fraud-on-many-fronts-2015
• South Carolina
• School Information• Many examples (fresh identities, unchecked diplomas)
• Immigration Fraud
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Highly Organized• Tools available for anyone
(marketplaces)• Organized markets for the stolen
goods• System kidnapping• Botnet networks for lease• Hacking for hire• Bitcoin for payments
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Why important for C-Level• Recent Study Finds Majority of Board
Executives blame CEO rather than security team for a data breach.• NY Stock Exchange/Veracode study – 200 directors• C-Level holds purse• C-Level sets enterprise priorities
• Target CEO fired• Sony Co-Chair resigned
Have you been hacked?
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
What to checkInternal networkServersPC- Windows and Macs (including POS)Mobile – Tablets and phonesLAN Devices – Routers and WIFI
External networkSeparate IntranetsInternet Sites
UsersEmployeesConsultantsOthers
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Internal NetworkServersPC’sMobileLAN Devices
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
External NetworkIntranetsInternet Sites
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
UsersEmployeesConsultantsUsers
Steps to take
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Action Plan• Retail Store example• Have one made ahead of time• Hand out to everyone in company
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Summary To Do ListContact Authorities
• Police• FBI
Contact InsuranceContact your lawyersInform your companyContact your Web DevelopersInform Customers
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
AuthoritiesPoliceFBI
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
InsurancePrepare for costsAsk for help
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
LegalPrepare for callsState Attorney Generals
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Internal CommunicationsBoard Members or OwnersEmployees
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
DevelopersScanning source codeReviewing APIReviewing usersImmediate Backup made
• E01 (preferable)• VMDK
Shut down site(s) if necessary
Plan for future
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Where are youNo current planUse To Do list as a guide to create a planWork with local company to make a plan
Inadequate PlanUse To Do list to fill in the gapsTest it to see where problems arise
Current PlanTest it to ensure it worksKeep up to date on trends
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Basic "Small Stuff"• Install updates and patches• Proper Password Hygiene • Protect your valuables (Sony)• TRAIN, REINFORCE, TRAIN MORE regarding
NO clicking on unknown links• Stay up to date on news – vlogs, podcasts, etc.
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Dealing with Customers• Credit monitoring?• Coupons or discounts• One voice• Comprehensive explanation
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Credit Cards• PCI Compliance• Hosted Fields• Compliance reporting
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Contact Info• Rick Zich, Coopers DIY
GPUG Summit | Tampa, Florida | October 11–14, 2016 | #CountOnSummit #GPUGSummit
Thank you for attending this session!• Please complete the survey found on the mobile
app.• Download session materials using the “Email my
Notes” tile in the App. This will send you a link to the Session Material Summary, or by visiting: www.gpugsummit.com/session-materials
Scan this to download the Summit app!
© 2016 Dynamic Communities. All rights reserved.