Cyber Security and Incident Response

Find out how hackers wreak havoc and learn what you can do to protect yourself.

Brett Dearman – Digital Forensic ExaminerMarc Miller - General Council

Seth Waldman – Internet Security Analyst

Cyber Security TeamBrett Dearman

• Digital forensics examiner - 200 internal investigations of varying complexity from 2002 to present

• Numerous e-discovery initiatives including probable cause for reasonable termination. COE AccessData Certified Examiner – Forensic Toolkit MCSE Microsoft Certified Systems Engineer EnCE (x2) Certified Information Systems Security Professional CISSP (International Security Certification Consortium) Certified Ethical Hacker Certified Penetration Tester

Marc Miller• Assistant District Attorney in Harris County (Houston), Texas• United States Department of Justice – Assistant Deputy Chief Computer Crime Section • Assistant United States Attorney - Organized Crime Task Force section - complex money-

laundering, conspiracy, wire-tap and narcotics cases • Nintendo – Vice President – Global IP protection• Motion Picture Association of America – Senior Vice President – IP protection• Management liaison for U.S. Justice Department with IP “czar” and other senior White

House officials relating to IP policy, strategic goals and budgeting

Seth Waldman • Cyber security analyst and systems administrator

MCSE CompTIA Network +

Small to Medium Sized Businesses (SMBs)

• In 2014, small firms with annual revenues less than $100 million cut security spending by 20%, while large companies increased security investments by 5%.

• The 2014 Target breach reportedly occurred when attackers stole network credentials from Target’s HVAC provider.

• SMBs typically spend less time and money on network security than larger firms. That means they are easy targets for cyber criminals.

• 60% of small businesses hit by a cyber attack go out of business within 6 months of the attack!

• Nearly 90% of SMBs in the U.S. do not use data protection for company and customer information, and less than half have secured company email to prevent phishing scams.

• In 2013, the cost of medical identity theft to consumers was estimated at $12 billion. In 2014, more than 2 million patients were victim to medical identity theft globally, a half million more than were recorded in 2013.

How Do Hackers Get Data?

The receptionist for a small municipal court found a box of branded USB drives left on her desk. In hopes of figuring out who they are for, she plugged one into her computer. The drive was blank, so she gave away the free storage. By then, she had already infected the court‘s office network— and spread the malware to each of the drive recipients.

• Phishing attacks • Shoulder surfing• Malware• Social engineering

Office Threat Reduction

• Unified Threat Management (UTM)/Next Generation Firewall (NGFW)

• Encrypted VPN connection between offices and between remote users

• Security policies• Monitoring

Home/Travel Threat Reduction

• Most home offices do not use secure VPN to connect to the corporate office

• Monitored/managed firewall with secure VPN capability• Password protected devices • Security policies

Layered Approach

• Perimeter – Firewall• Physical Security – Access controls• Control Network – Security policies and controls• Device Security – Anti-virus

Assessment and Monitoring

• Meet with customer to discuss needs• Develop and implement a plan to meet the needs and budget of the

company• Proactively monitor the network for security changes or breaches• Quarterly reporting of health of network

Incident Response Plan: The Key Elements

• Prepare – Risk assessment, security architecture, and response plan

• Reporting – Detect the problem, incident reporting, who receives the reports, assess the damage

• Incident countermeasures – How do you protect yourself and get your business back up and running quickly, efficiently, and safely?

• Identifying corrective actions – How do we get back to “normal?”

• Monitoring corrective actions – Did we fix the problem? Are we doing everything we can to prevent future problems?

Incident Response Plan: Preservation of Evidence

• Legal action is anticipated - Integrity of the evidence can be the win/lose factor

• Criminal or civil action - Perpetrator, current employee, former employee, or someone else

• Law enforcement - Involve?

• IT staff - Must stay out!

• Chain of custody - Documentation is critical

Cyber-Security Quarterly – 1st Quarter 2016

• Regulatory Updates - What is required for your business to be in compliance?

• Does your business handle financial information or medical records?

• Insurance Coverage - Does your business have an insurance policy covering a cyber security incident? Will you be able to make a successful claim?

• Best Practices for SMBs – Do you have the appropriate training measures in place for your employees? Are there technological measures that you should be taking?

About McCannSecurity

Every day McCann Security helps business decision-makers and stakeholders solve cyber- security issues and protect their critical data and infrastructure. Visibility and analytics tools such as WatchGuard Dimension™ translate millions of lines of logs into the thimbleful of intelligence you need to recognize and address problems in your network.Our operations began during the mass adoption of electronic devices and digitally stored information, and we have continued to lead the cyber-security industry through the evolution of mainframes, desktops and laptops, and now mobile devices and cloud storage. All along the way, our veteran team has been armed with the latest technology, and backed by decades of professional experience in both public law enforcement and private security.

TO GET STARTED CONTACT

MCCANN TOTAL SECURITY

HOUSTON NATIONAL DISPATCH CENTER

800.713.7670Take control of your organization’s cyber-security by putting McCann Security’s dedicated team and three decades of proven experience on the front line!

MCCANN SECURITY SYSTEMS10375 Richmond, Suite 260 | Houston, TX 77042

mccann-security.com