what non-technical professionals need to know to navigate ... · • cyberinsurance market will...

October 27 2017

copyStinnett amp Associates LLC

David Losacco CPA CISA | Principal

What non-technical professionals need to know to navigate the cybersecurity landscape

October 27 2017

TECHNOLOGY amp CYBERSECURITY

David Losacco

copyStinnett amp Associates LLC3

Personal Introduction

Graduated from TU with a Bachelorrsquos Degree in Accounting and MIS

Dad of Four Sophie (17) Zoe (15) Sadie (12) Rocco (8)

Started Career as an ERP Systems Implementation Consultant then spent 10 years with PricewaterhouseCoopers (PwC)

Joined Stinnett amp Associates as a Principal in 2006

Has his CPA CIA and CISA certifications

Significant experience in Business Process and IT Consulting IT and Application Controls and Risk Management

Industries include energy with heavy upstream focus manufacturing and telecommunications

Background

Interests

Golf four kids limit my opportunities

Did I mention the four kids Interests are limited

The Great Circus that is our Political System

Vegas during March Madness


DISCLAIMER

bull The comments and statements in this presentation are the opinions of the speakers and do not necessarily reflect the opinions or positions of Stinnett amp Associates LLC

bull This presentation is the property of Stinnett amp Associates LLC All rights reserved No part of this document may be reproduced transmitted or otherwise distributed in any form without written permission from Stinnett amp Associates LLC

bull Stinnett amp Associates LLC expressly disclaims any liability in connection with the use of this presentation or its contents by any third party

4


FIRM BACKGROUND

5

Stinnett amp Associates LLC (Stinnett) is a professional advisory firm which excels at maximizing value for both public and private

organizations Our services are designed to help clients more effectively manage risk and improve performance by streamlining processes

reducing costs and enhancing controls

Stinnett offers co-source and outsource solutions within a diverse range of services including

Process Design and Re-engineering Internal AuditGovernance Risk and Compliance

Sarbanes-Oxley Fraud Investigation Fraud Risk Assessment

Cost Recovery Information Technology Enterprise Risk Management

Doing the Right Thing

Founded in 2001 Stinnett has grown to have offices in Dallas Denver Houston Oklahoma City San

Antonio and Tulsa We provide services to several Fortune 1000 companies as well as many mid to

large size organizations with global operations

We are primarily recognized for offering relevant advisory assistance and exemplary client service with

the unique ability to deliver what our clients need Working toward solutions we have a reputation for

ldquodoing the right thingrdquo

Stinnett is a certified Womenrsquos Business Enterprise through the Womenrsquos Business

Enterprise National Council We pride ourselves on being trusted business advisors

who focus on assisting clients to reach strategic milestones positioning them for

future success


LEARNING OBJECTIVES

bull Why should we be concerned with cybersecurity

bull What are some key cybersecurity definitionsbull What are some emerging cybersecurity trends

and threatsbull What happened with some recent high-profile

cybersecurity attacksbull What are some cybersecurity roadblocksbull What are steps to evaluate your companyrsquos

cybersecurity risk levelbull How can you take preventive measures and

protect yourself and your company

6


MY FIRST INTRODUCTION TO A CYBER CRIMINAL

7


WHAT DO ALL OF THESE ORGANIZATIONS HAVE IN COMMON

8


hellipAND THESE

9


hellipTHEY ALL HAVE AT LEAST TWO THINGS IN COMMON

10

ALL HAVE BEEN VICTIMS OF CYBER ATTACK amp BREACH

ALL HAD SOMETHING OF VALUE TO THE ATTACKER


LIST OF RECENT HEADLINES


WHY DO WE CARE

12

Security compromises are a persistent business risk

bull US Department of Commerce estimates intellectual

property theft costs US companies $250 billion

annually

bull In 2015 38 more security incidents were

detected than in 2014

bull 70 of cyber attacks and data breaches go

undetected

bull 69 of organizations learn of their breach from an

outside entity such as law enforcement customers

or suppliers

bull Data breaches cost companies an average of $154

per compromised record

bull Cyberinsurance market will reach $75 billion in

annual sales by 2020 up from $25 billion in 2016

bull Cyber Crime costs estimated to reach $2 Trillion by

2019

bull 20 of small and mid-size businesses have been

cyber crime targets

Source PwC Global State of Information Security Survey 2016US Dept of Commerce Stolen Intellectual Property Harms American Businesses Says Acting Deputy Secretary Blank 2012IBM and Ponemon 2015 Cost of Data Breach Study Global Analysis


FINANCIAL GAIN STILL 1 REASON

13

Financial Gain is still the 1 factor for cyber attacks and breaches at over 75 in 2015

Espionage and other factors combined still make up less than 25

bull Personally Identifiable Information

(PII) is worth more on the black

market (ldquoThe Dark Webrdquo) then Credit

Card Numbers

bull Ransomware payments estimated

over $1 billion in 2016

bull 70 of all Ransomware was paid

bull 20 paid over $20000

Source Verizon Data Breach Investigations Report 2016


METHODS OF FINANCIAL GAIN

Cyber criminals have multiple means to achieve financial gain

14

bull Theft of funds (Bank Accounts)bull Extortion (Ransomware)bull Selling of stolen credit cardsbull Selling of PII databull Insider trading informationbull Using compromised environment for other

attacks or for rent


THE TYPES OF CYBER ATTACKS AND EXPLOITS ARE CHANGING

15

bull Server Attacks once at 50 are

trending down

bull User Device and Person attacks are

both trending upward at nearly same

pace due to Malware Ransomware

and Phishing attacks

The types of exploits used are changing



CYBERSECURITY DEFINED

The body of technologies processes and practices

designed to protect networks computers programs and

data from attack damage or unauthorized access

Cybersecurity is usually considered a sub-set of

Information Security but can require the consideration of

bull Application Security

bull Operating System and Network security

bull Usage of Specific Intrusion Detection and Prevention

Software and tools

bull User Training and Education

bull Disaster Recovery and Business Continuity Considerations

bull Really Anything to help prevent detect or recover from a

Cyberattack

16


CYBER ATTACK DEFINED

The deliberate exploitation of computer systems technology-dependent enterprises and

networks Cyber attacks can use malicious code weak passwords or other cyber exploits to gain

unlawful access to systems and data often resulting in disruptive consequences that can

compromise data and lead to cybercrimes such as information and identity theft

Cyber attacks often include the followingbull Identity theft fraud extortionbull Malware pharming phishing spamming spoofing spyware Trojans

and virusesbull Stolen hardware such as laptops or mobile devicesbull Denial-of-service and distributed denial-of-service attacksbull Breach of accessbull Password sniffingbull System infiltrationbull Website defacementbull Private and public Web browser exploitsbull Instant messaging abusebull Intellectual property (IP) theft or unauthorized access

17


CYBERSECURITY COMMON TERMS AND DEFINITIONS

18

Information Technology (IT) ndash The typically corporate department that handles the corporate software and hardware that runs the normal functions of a typical business or enterprise The department within a company that is charged with establishing monitoring and maintaining information technology systems and services

Operational Technology (OT) ndash The Hardware and software that detects or causes a change through the direct monitoring andor control of physical devices processes and events in the enterprise OT technology and departments are usually found within manufacturing and industrial environments and include industrial control systems (ICS) such as Supervisory Control and Data Acquisition systems(SCADA) OT devices and environments are typically run separately from IT departments These are the devices that communicate with pipelines and electrical grids (and nuclear power plants)

Internet of Things ndash A computing concept that describes the idea of everyday physical devices (DVR systems thermostats refrigerators vehicles) being connected to the internet and being able to identify themselves to other devices which enable the devices to collect and exchange data



19

Bot ndash A bot is a software ldquorobotrdquo that performs an extensive set of automated tasks on its own Bots can perform an extensive set of destructive tasks as well as introduce many forms of malware to your system or network They can also be used by black hats to coordinate attacks by controlling botnets

Botnet ndash A number of Internet-connected devices (eg computers DVR systems and other devices) after being infected with malware each of which is running one or more bots Botnets can be used to perform Distributed Denial Of Service Attack steal data send spam and allow the attacker access to the device and its connection Botnets can be rented out to other hackers or cyber criminals

Denial of Service(DOS) and Distributed Denial of Service ndash A type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic A Distributed DOS is the same as a DOS attack but involves multiple computers attacking the network from multiple locations Typically the computers being used are infected with Botnet



20

Middleware ndash Software that facilitates exchange of data between two application programs within the same

environment or across different hardware and network environments Three basic types of middleware are (1)

communication middleware (2) database middleware and (3) system middleware

Man-in-the-Middle (MITM) Attacks ndash An attack occurrence where the attacker has been able to place

themselves in the middle of communications between two parties The Attacker is able to alter or obtain data for

themselves while unknown to the other two parties

SQL Injection and Cross-site scripting Attacks ndash An attack occurrence where the attacker injects malicious

code into a website In SQL Injection the attacker uses SQL language to obtain information back from the

website that was unintended In Cross-site scripting the attacker injects code that only impacts other users of

website



21

Common Vulnerability and Exposures (CVE) ndash Catalog sponsored by Homeland Security that documents known Cyber threats Vulnerabilities are known errors in a system or software that provides an attacker with direct access Exposures are known errors that allow an attacked indirect access which may allow the attacker to gather knowledge or content Many of the malwares and cyber attacks in the news resulted from attackers utilizing a vulnerability that had been known and fixed by the vendor for several months or years but not fixed at the company level

Zero Day VulnerabilityAttack ndash An unknown or newly discovered vulnerability that has not yet been fixed by the software or system provider Zero day vulnerabilities are the most difficult to protect against and detect due to the lack of knowledge and support by vendor

Advanced Persistent Threat ndash A set of stealthy and continuous computer hacking processes often orchestrated by a person or persons targeting a specific entity



22

Dark Web Darknet ndash Websites located on the internet that are not accessible by normal search engines or

means Darknet sites require special software such as TOR (The Onion Router) that helps keep users

anonymous Darknet sites are used for several illegal activities such as black market purchasing of stolen PII or

Credit card data as well as Botnet rentals Bitcoins are traded on the Dark web

Bitcoin ndash A digital currency created in 2009 There are no physical bitcoins only balances kept on a public

ledger in the cloud that ndash along with all Bitcoin transactions ndash is verified by a massive amount of computing

power Bitcoin mining is the process through which bitcoins are released to come into circulation and involves

solving a computationally difficult puzzle to discover a new block which is added to the blockchain and receiving

a reward in the form of few bitcoins As more and more bitcoins are created the difficulty of the mining process ndash

that is the amount of computing power involved ndash increases


PHISHING

A form of social engineering in which a message typically an email with a malicious

attachment or link is sent to a victim with the intent of tricking the recipient to open an

attachment

23

Spear-Phishing ndash Phishing attacks directed at a specific

individual or company Sub-category of Spear Phishing includes

Cloning (using a previous legitimate email) and Whaling (attacking

a high level executive)

bull CEO Email to Treasurer

bull HR Phishing for Employee Data

bull W2 Phishing Data (IRS Sent out Warning)

The majority of Phishing cases are used as a means to install

Malware onto a host environment


PHISHING

Most companies battle the increase Phishing and spear-phishing attacks by labeling each

external email with some form of the following inserts

24


MALWARE

Malware is short for malicious software Malware is a broad term that encompasses computer

viruses worms Trojan horses spyware adware and now Ransomware Malware is designed

to interfere with normal computer operation usually giving hackers a chance to gain access to

your computer and collect sensitive personal information

25

bull Malware is seen as first access

point used in connection with

hacking attempts

bull Ransomware is the latest version

of Malware that has been in the

headlines and represents one of

the largest cyber threats to most

companies



RANSOMWARE

A type of malware that prevents or limits users from accessing their system either by locking the

systems screen or by locking the users files unless a ransom is paid Ransomware typically

encrypts certain file types on infected systems and forces users to pay the ransom through certain

online payment methods to get a decrypt key

26

bull The Use of BITCOINS is typically the

payment method

bull Ransomware attacks quadrupled to 4000

per day from 2015 to 2016

bull This yearrsquos WannaCry Ransomware attack

impacted over 200000 people across 150

countries (included a Worm)


COMMON CYBER ATTACK PATTERNS

bull 78 of all breaches results from these 5

Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware

63 of all breaches attributable to the top 2 alone

27

Common attack patterns account for a vast majority of documented breaches



WEB APP ATTACKS

bull Modern websites with business

functionality increase the impact of a

successful breach

bull Recycled or unchanged default

passwords can compromise an

organizationrsquos security efforts

bull Breaching a web application can

open the gates to internal

applications and code

bull Cross site scripting and SQL

injection are most common attack

attempts

28



POINT-OF-SALE (POS) INTRUSIONS

bull Attackers target systems capturing

customer payment information during

legitimate transactions

bull Attacks can exploit POS software or

hardware

bull Attackers commonly target POS

system vendors as a means to exploit

an organizationrsquos POS system

bull Retail and accommodation sites are

experiencing massive POS attacks

29



PRIVILEGE MISUSE

bull Internal Parties act (maliciously or

not) in a way to cause a breach

bull Most actors are outside Executive

Management and leadership roles

bull While financial reasons still motivate

most actors espionage has become

an increasingly common motivation

bull Most breaches take months or

longer to discover

30



CYBER-ESPIONAGE

bull External Parties (possibly state-

affiliated or organized crime)

infiltrating an organizationrsquos systems

bull Attacks commonly begin through

phishing andor exploiting

backdoors in software (browsers or

even websites)

bull Over 90 of breaches target trade

secrets for exfiltration

31



CRIMEWARE

bull Crimeware contains any malware or

other incident that focuses directly

on financial opportunity

bull Ransomware keyloggers and use

of backdoors most common

occurrence of Crimeware

bull Crimeware is typically introduced

through the following- Email Attachment

- Cross-site scripting from visited website

- Email Link

32



KEY CYBER ATTACKS IN THE NEWS

bull Target Data Breach ndash 70 Million PII Records of Users

and 40 Million Credit Cards Stolen

bull Sony Attack ndash Malware attack that erased over half of

the companyrsquos servers and PCrsquos and released 4

unreleased movies and over 45000 social security

numbers

bull Yahoo Data Breach (20132014) ndash August breach that

exposed PII of 1 billion users 2014 data breach of 500

million users Additional data loss in 2016

bull Prepaid CardATM Scheme (2013) ndash $45 Million Stolen

(worldwide)

bull Bank of Bangladesh (February 2016) ndash $81 Million

Stolen

33


COMPLEXITY BEHIND THE TARGET ATTACK

34

bull Cyber attackers first attacked third party vender (The HVAC Vendor) through use of Malware introduced via phishing campaign

bull Used HVAC Vendor stolen credentials to gain access to third party website used for submitting electronic invoices

bull Injected code into a vulnerability of the electronic submission process to gain further access to Target internal network

bull Recon-ed the environment and obtained domain administrator access

bull Attackers then worked their way through various servers by using a scanner to detect which other servers they could gain access to from their current location Worked around firewalls and other defenses



35

bull Gained access to server than contained SQL database and were able to download 70 million PII records of customers

bull Attackers then gained access to POS environment (should have been walled off)

bull Attackers then went on the darknet and inquired to find someone with knowledge of the POS system and how to inject code into the POS application

bull Attackers were able to install malware on certain POS servers that scanned memory and saved off credit card information

bull Attackers then copied credit card files to another server that had remote FTP ability and sent files to themselves


RANSOMWARE ndash ANATOMY OF AN ATTACK

36


BARRIERS TO EFFECTIVE CYBERSECURITY

Many companies do not know where to start with cybersecurity how to evaluate what is

enough or how to recover when their best efforts still result in a cyber breach Main

reasons for companies struggles are

37

bull Expansion of the attack surface

bull Continued innovations in technology

bull Lack of understanding of companyrsquos information assets and the assetrsquos value

bull Failure to properly understand threats and risks

bull Failure to implement core security protocols and procedures

bull Lack of skilled resources (people and time)

bull Lack of funds


CYBERSECURITY DEFENSE IN-DEPTH

38

PEOPLE

TECHNOLOGYPROCESSES

THE PEOPLE CHALLENGEHumans remain one of the weakest links in security chain Ensure you have a strong security awareness training program

THE TECHNOLOGY CHALLENGEThe increasing sophistication and rate of attacks means that constant upkeep and tracking of technology changes is essential

THE PROCESS CHALLENGEEnsure best practice processes and associated management frameworks are in place Regular audits and reviews are important


IMPLEMENTING A CYBERSECURITY PROGRAM

39

bull Understand the organizational risk

and where high risk assets exist

bull Risk assessments should be

performed annually or when

significant changes to the

environment occur

bull Stinnett uses Microsoft STRIDE

Threat Modeling to semi-qualitatively

measure cybersecurity risks to

identify estimate and prioritize

information security risks

Identification of Assets

Asset Locations

Classification of Assets

Threat Modeling

Calculated Risk Results


CYBERSECURITY RISK ASSESSMENT

Key to an effective cybersecurity program is to understand the Companyrsquos information

assets

40

bull What Value Do the Assets Havebull Credit Card Databull Employee or Customer Recordsbull Bank Accountsbull Intellectual Propertybull Trade Secretsbull Insider Knowledgebull Who Would Want the Databull Data Location


BASELINE GAP ANALYSIS

41

bull Perform walkthroughs with information technology department to understand cybersecurity controls in place

bull Evaluate control design as it relates to commonly accepted framework(s)

bull Identify control gaps and create a baseline for cybersecurity maturity in the organization


CYBERSECURITY FAILURES AND FIXES

42

Patch Management ndash A Patch Management process is a companyrsquos strategy around ensuring a companyrsquos IT devices

are properly updated (patched) to reflect the latest software update or release from the vendor Most companies fail to

implement sound patch management processes and procedures which includes

bull 99 of exploited vulnerabilities were comprised more than a year after the patch was published

bull Companies do not know all of the Information devices in their network and therefore are unable

to adequately assess their patch management process

User and Administrator level Access ndash Companies fail to adequately assess User access levels to ensure that the

principle of Least Privilege is applied as much as possible Within IT department the failure of Least Privilege can

result in multiple individuals and IDrsquos with access andor knowledge of higher level functions within the environment

User Cybersecurity Training and Awareness ndash Companies often fail to implement basic end user training around

cybersecurity Often times the uneducated or untrained end user is the Cyber attackers first entry point into the

company



43

FIXESbull Obtain at least a basic understanding of your critical information assets where they are

stored and how they are protected

bull Perform an Inventory of IT devices and assess each devices risk relating to patches

bull Focus on higher risk areas such as internet facing devices and software with known vulnerabilities (Adobe Java Browsers Operating Systems)

bull Perform an inventory of all User and Admin IDs Understand the access each ID has in your environment and why that access level is necessary Assess whether password levels and parameters are adequate (password length characters and change interval)

bull Implement a continual end user training program

bull Ensure backups and recovery plans work as intended and are properly segregated


QUESTIONS

44

wwwSTINNETT-ASSOCIATEScom | 8888081795

Stinnett amp Associates8811 S Yale Ave Suite 300

Tulsa OK 74137

Main Number 9187283300

ContactUsStinnett-Associatescom

October 27 2017

TECHNOLOGY amp CYBERSECURITY

David Losacco










Background

Interests






DISCLAIMER




4


FIRM BACKGROUND

5


















future success


LEARNING OBJECTIVES







6



7



8


hellipAND THESE

9



10






WHY DO WE CARE

12




annually




undetected



or suppliers






2019


cyber crime targets




13






Card Numbers









14


attacks or for rent



15


trending down

















Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137












Background

Interests






DISCLAIMER




4


FIRM BACKGROUND

5


















future success


LEARNING OBJECTIVES







6



7



8


hellipAND THESE

9



10






WHY DO WE CARE

12




annually




undetected



or suppliers






2019


cyber crime targets




13






Card Numbers









14


attacks or for rent



15


trending down

















Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137




DISCLAIMER




4


FIRM BACKGROUND

5


















future success


LEARNING OBJECTIVES







6



7



8


hellipAND THESE

9



10






WHY DO WE CARE

12




annually




undetected



or suppliers






2019


cyber crime targets




13






Card Numbers









14


attacks or for rent



15


trending down

















Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137




FIRM BACKGROUND

5


















future success


LEARNING OBJECTIVES







6



7



8


hellipAND THESE

9



10






WHY DO WE CARE

12




annually




undetected



or suppliers






2019


cyber crime targets




13






Card Numbers









14


attacks or for rent



15


trending down

















Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137




LEARNING OBJECTIVES







6



7



8


hellipAND THESE

9



10






WHY DO WE CARE

12




annually




undetected



or suppliers






2019


cyber crime targets




13






Card Numbers









14


attacks or for rent



15


trending down

















Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





7



8


hellipAND THESE

9



10






WHY DO WE CARE

12




annually




undetected



or suppliers






2019


cyber crime targets




13






Card Numbers









14


attacks or for rent



15


trending down

















Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





8


hellipAND THESE

9



10






WHY DO WE CARE

12




annually




undetected



or suppliers






2019


cyber crime targets




13






Card Numbers









14


attacks or for rent



15


trending down

















Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137




hellipAND THESE

9



10






WHY DO WE CARE

12




annually




undetected



or suppliers






2019


cyber crime targets




13






Card Numbers









14


attacks or for rent



15


trending down

















Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





10






WHY DO WE CARE

12




annually




undetected



or suppliers






2019


cyber crime targets




13






Card Numbers









14


attacks or for rent



15


trending down

















Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137






WHY DO WE CARE

12




annually




undetected



or suppliers






2019


cyber crime targets




13






Card Numbers









14


attacks or for rent



15


trending down

















Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





13






Card Numbers









14


attacks or for rent



15


trending down

















Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137






14


attacks or for rent



15


trending down

















Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





15


trending down

















Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137













Software and tools




Cyberattack

16









17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137











17



18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





18






19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





19






20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





20










website



21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





21






22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





22












PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137




PHISHING



attachment

23











PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137




PHISHING



24


MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137




MALWARE





25



hacking attempts





companies



RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137




RANSOMWARE





26


payment method









Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137






Attack Patterns

- Web App Attacks

- POS Intrusions

- Privilege Misuse

- Cyber-espionage

- Crimeware


27




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137




WEB APP ATTACKS



successful breach









attempts

28








hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137









hardware






29



PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137




PRIVILEGE MISUSE









longer to discover

30



CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137




CYBER-ESPIONAGE







even websites)



31



CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137




CRIMEWARE










- Email Link

32









numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137










numbers





(worldwide)


Stolen

33



34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





34








35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





35








36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





36






37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137








37







bull Lack of funds



38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





38

PEOPLE

TECHNOLOGYPROCESSES






39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





39






environment occur







Asset Locations


Threat Modeling





assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137






assets

40




41






42












company



43









QUESTIONS

44



Tulsa OK 74137





41






42












company



43









QUESTIONS

44



Tulsa OK 74137





42












company



43









QUESTIONS

44



Tulsa OK 74137





43









QUESTIONS

44



Tulsa OK 74137




QUESTIONS

44



Tulsa OK 74137



what non-technical professionals need to know to navigate ... · • cyberinsurance market will...

Documents