SlideShare una empresa de Scribd logo

Cybersecurity.pptx

Descargar como PPTX, PDF
J
John Donahue

PDT2022

Gobierno y org. sin ánimo de lucro
1 de 18
IT & Cybersecurity May 19, 2022 Presented by Jaime Rumbaoa, CPA/CITP, CFE, CISA Partner
AGENDA • Internet Landscape • Cybersecurity Statistics • Types of Cyberattacks • Common Vulnerabilities • Recent Cyberattacks • Cybersecurity Controls • Cybersecurity Framework and Tools • US and New Mexico Initiatives on Cybersecurity • What Can We Do?
Internet landscape • First website went live in 1991. Today, there are more than 1.88 billion websites.
Internet Landscape • There are over 5 billions people who use the internet. This represents over 70% of the total population
Cybersecurity Statistics • Over 75% of targeted cyberattacks start with an email. (Round Robin, 2020) • Global cybercrime costs are expected to grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025. (Cybersecurity Ventures, 2020) • The healthcare industry is expected to spend $125 billion on cybersecurity from 2020 to 2025. (Cybersecurity Ventures, 2020) • The first half of 2021 saw a 102% increase in ransomware attacks compared to the beginning of 2020. (Check Point, 2021) • 53% of adults agree that remote work has made it much easier for hackers and cybercriminals to take advantage of people. (Norton, 2021)
Cybersecurity Statistics • IoT (Internet of Things) devices will be the biggest technology crime driver in 2018. • The average cost of a ransomware attack was $1.85 million in 2020, doubling the year before at $761,106. (Sophos, 2021) • On the dark web, Social Security numbers might go for $1 each, a credit card number could sell for up to $110, and a U.S. passport might cost up to $2,000. (Experian, 2018)
Types of Cyberattacks • Malware is an abbreviated form of “malicious software,” a software that is specifically designed to gain access to or damage a computer, usually without the knowledge of the owner. And it can come in many forms, including ransomware, spyware, and viruses, to name a few. • Phishing is when scammers try to lure sensitive information or data from you by disguising themselves as trustworthy sources. And phishers use multiple platforms to achieve these cyberattacks, including emails, texts, and phone calls. • Denial-of-Service (DOS) Attack. DoS attacks work by flooding systems, servers, and/or networks with traffic to overload resources and bandwidth. The result is rendering the system unable to process and fulfill legitimate requests. In addition to denial-of-service (DoS) attacks, there are also distributed denial-of-service (DDoS) attacks.
Types of Cyberattacks • SQL Injections. This occurs when an attacker inserts malicious code into a server using server query language (SQL) forcing the server to deliver protected information. This type of attack usually involves submitting malicious code into an unprotected website comment or search box. Secure coding practices such as using prepared statements with parameterized queries is an effective way to prevent SQL injections. • Password Attack. Passwords are the most widespread method of authenticating access to a secure information system, making them an attractive target for cyber attackers. By accessing a person’s password, an attacker can gain entry to confidential or critical data and systems, including the ability to manipulate and control said data/systems. • Internet of Things (IoT) Attacks. While internet connectivity across almost every imaginable device creates convenience and ease for individuals, it also presents a growing—almost unlimited—number of access points for attackers to exploit and wreak havoc. The interconnectedness of things makes it possible for attackers to breach an entry point and use it as a gate to exploit other devices in the network.
Vulnerabilities
Recent Cyberattacks US • Colonial Pipeline. Ransomware resulting to a payment of $4.4 million (75 bitcoin) and shutdown of some pipelines. Exposed password for a VPN account. • JBS Foods (Pilgrim, Great Southern and Aberdeen Black). Ransomware resulting to a payment of $11 million in bitcoin and shutdown of plants and increase in meat prices. • Nvidia. Ransomware that threatened to release 1TB of data. • Bridgestone. Ransomware resulting to a halt in production for a week.
Recent Cyberattacks New Mexico • Albuquerque Public Schools. Ransomware attack resulting to schools closures for few days. • Bernalillo County. Ransomware attack resulting to disruption of various services. • University of New Mexico Hospital. Exposure of PI of over 600,000 patients
Cybersecurity Controls • Develop Security Policies. Development will include information classification policy as well as risk assessment. • Inventory all hardware and software. You can’t protect what you don’t know exists. • Keep your software up to date. Network providers issue updates that address known security vulnerabilities. Install them to prevent hackers from exploiting such weaknesses. Very common in NM. • Backup your data regularly. Use multiple storage systems to minimize data loss and avoid paying ransoms in case of attack. • Employ multiple security systems, for example firewalls, anti-virus software, spam filters, and web security. This enables you to detect and react to intrusions faster.
Cybersecurity Controls • Provide awareness training for your employees. Staff are often the target of phishing emails, so it is important they know how to recognize and avoid such scams. • Network Penetration Test. Test include both internal and external to identify vulnerabilities • Vulnerability assessment. Some available tools to scan network and applications. Some available free tools or federal grants. • Encryption of PI. This will ensure that protected information can’t be accessed in event of cyberattacks. • Create Strong Passwords. Ensure it is consistent across the board for users and administrators’ accounts. • Review Users’ Access Control Listing. This should be completed for critical applications at least on an annual basis to ensure access is provided on a “need to know” basis.
Cybersecurity Controls • Use multi-factor authentication. This means that even if hackers get a hold of employee credentials, they will not gain access to your system without additional authenticating factors. This is especially true for administrators’ accounts. • Implement Controls over IoT and portable devices. Security protocols need to be implemented when connecting devices over internet (printers, HVAC, medical devices, doorbell, security cameras, appliances. Etc.) • Develop Incident Response Plan. Policies to guide the organization in event of attacks. • End of life systems should be replaced or protected. This is very common in New Mexico. • Implement Controls Over Applications on the Cloud. SLA, SOC reports and other assessments.
Cybersecurity Frameworks/Tools • NIST Cybersecurity Framework • FFEIC Cybersecurity Assessment Tool • ISACA COBIT and Nexus
US and NM Initiatives • US created Cybersecurity and Infrastructure Security Agency (CISA) in November 2018, with annual budget of $2.5 billion. • Bill to Create Cybersecurity Program for K-12.
What can we do? • Consider creating a separate agency, similar to CISA for federal government. • Baseline IT Controls for governmental agencies (Tier system depending on PI). • Emphasize IT as part of local government governance. • Increase budget for IT Department, address staffing issues • Hire Information Security Officer, especially for bigger agencies. • Develop Cybersecurity Programs at Universities and Colleges • Be Proactive on Security Matters.
www.axiomnm.com Questions?

Recomendados

Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
Daniel Thomas
 
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
Internetwork Engineering (IE)
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
DLT Solutions
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
imanuelantoniussohir
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
Brooks18
Brooks18Brooks18
Brooks18
Chuck Brooks
 
2019 Cyber Security Trends
2019 Cyber Security Trends2019 Cyber Security Trends
2019 Cyber Security Trends
Internetwork Engineering (IE)
 

Recomendados

Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
Daniel Thomas
 
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
2019 NCLGISA Spring Cybersecurity Threats & Trends: Blended Threats and Smart...
Internetwork Engineering (IE)
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
DLT Solutions
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
imanuelantoniussohir
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
Brooks18
Brooks18Brooks18
Brooks18
Chuck Brooks
 
2019 Cyber Security Trends
2019 Cyber Security Trends2019 Cyber Security Trends
2019 Cyber Security Trends
Internetwork Engineering (IE)
 
Cyber security by Gaurav Singh
Cyber security by Gaurav SinghCyber security by Gaurav Singh
Cyber security by Gaurav Singh
Gaurav Singh
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
SonakshiMundra
 
Cyber security and its controls.pptx
Cyber security and its controls.pptxCyber security and its controls.pptx
Cyber security and its controls.pptx
srikmhh
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Vansh Verma
 
Cloud security
Cloud securityCloud security
Cloud security
Tushar Kayande
 
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptxWhy-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
dhananjay80
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
marukanda
 
Cisco 2014 - Anual Security Report
Cisco 2014 - Anual Security Report Cisco 2014 - Anual Security Report
Cisco 2014 - Anual Security Report
Mandar Kharkar
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptx
jondon17
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
nado-web
 
Ayala "Security is an Enabler; Not Securing is an Inhibitor"
Ayala "Security is an Enabler; Not Securing is an Inhibitor"Ayala "Security is an Enabler; Not Securing is an Inhibitor"
Ayala "Security is an Enabler; Not Securing is an Inhibitor"
National Information Standards Organization (NISO)
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
KARANSINGHD
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Accellis Technology Group
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy club
Get up to Speed
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharing
Jisc
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
Sebastien Deleersnyder
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
CSO_Presentations
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
56ushodayareddy
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
prtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
Imran Khan
 
MossAdamsID.pptx
MossAdamsID.pptxMossAdamsID.pptx
MossAdamsID.pptx
John Donahue
 
StateBudgetOverview.pdf
StateBudgetOverview.pdfStateBudgetOverview.pdf
StateBudgetOverview.pdf
John Donahue
 

Más contenido relacionado

Similar a Cybersecurity.pptx

Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptxWhy-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
dhananjay80
 
Cisco 2014 - Anual Security Report
Cisco 2014 - Anual Security Report Cisco 2014 - Anual Security Report
Cisco 2014 - Anual Security Report
Mandar Kharkar
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
Imran Khan
 

Similar a Cybersecurity.pptx (20)

Cyber security by Gaurav Singh
Cyber security by Gaurav SinghCyber security by Gaurav Singh
Cyber security by Gaurav Singh
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Cyber security and its controls.pptx
Cyber security and its controls.pptxCyber security and its controls.pptx
Cyber security and its controls.pptx
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Cloud security
Cloud securityCloud security
Cloud security
 
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptxWhy-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Cisco 2014 - Anual Security Report
Cisco 2014 - Anual Security Report Cisco 2014 - Anual Security Report
Cisco 2014 - Anual Security Report
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptx
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
 
Ayala "Security is an Enabler; Not Securing is an Inhibitor"
Ayala "Security is an Enabler; Not Securing is an Inhibitor"Ayala "Security is an Enabler; Not Securing is an Inhibitor"
Ayala "Security is an Enabler; Not Securing is an Inhibitor"
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy club
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharing
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 

Más de John Donahue

FraudThe OtherEmployeeBenefit.pptx
FraudThe OtherEmployeeBenefit.pptxFraudThe OtherEmployeeBenefit.pptx
FraudThe OtherEmployeeBenefit.pptx
John Donahue
 
IPRATransparencyAndPublicRecords.pdf
IPRATransparencyAndPublicRecords.pdfIPRATransparencyAndPublicRecords.pdf
IPRATransparencyAndPublicRecords.pdf
John Donahue
 

Más de John Donahue (20)

MossAdamsID.pptx
MossAdamsID.pptxMossAdamsID.pptx
MossAdamsID.pptx
 
StateBudgetOverview.pdf
StateBudgetOverview.pdfStateBudgetOverview.pdf
StateBudgetOverview.pdf
 
FraudThe OtherEmployeeBenefit.pptx
FraudThe OtherEmployeeBenefit.pptxFraudThe OtherEmployeeBenefit.pptx
FraudThe OtherEmployeeBenefit.pptx
 
WalkthroughOfGovConcepts.pptx
WalkthroughOfGovConcepts.pptxWalkthroughOfGovConcepts.pptx
WalkthroughOfGovConcepts.pptx
 
RandyRomesCyberRisks.pptx
RandyRomesCyberRisks.pptxRandyRomesCyberRisks.pptx
RandyRomesCyberRisks.pptx
 
SingleAuditUpdate.pptx
SingleAuditUpdate.pptxSingleAuditUpdate.pptx
SingleAuditUpdate.pptx
 
PDTFindings.pptx
PDTFindings.pptxPDTFindings.pptx
PDTFindings.pptx
 
PathToCGFMProgram.pptx
PathToCGFMProgram.pptxPathToCGFMProgram.pptx
PathToCGFMProgram.pptx
 
RFPOverview.pdf
RFPOverview.pdfRFPOverview.pdf
RFPOverview.pdf
 
ElementsOfAnACFR.pdf
ElementsOfAnACFR.pdfElementsOfAnACFR.pdf
ElementsOfAnACFR.pdf
 
LegislativeUpdate.pptx
LegislativeUpdate.pptxLegislativeUpdate.pptx
LegislativeUpdate.pptx
 
JAGLeadershipEthics.pptx
JAGLeadershipEthics.pptxJAGLeadershipEthics.pptx
JAGLeadershipEthics.pptx
 
CoachingAndMentoring.pptx
CoachingAndMentoring.pptxCoachingAndMentoring.pptx
CoachingAndMentoring.pptx
 
Accounting Foundations
Accounting FoundationsAccounting Foundations
Accounting Foundations
 
CapitalOutlay.pdf
CapitalOutlay.pdfCapitalOutlay.pdf
CapitalOutlay.pdf
 
DFAFinancialControlUpdate.pdf
DFAFinancialControlUpdate.pdfDFAFinancialControlUpdate.pdf
DFAFinancialControlUpdate.pdf
 
IPRATransparencyAndPublicRecords.pdf
IPRATransparencyAndPublicRecords.pdfIPRATransparencyAndPublicRecords.pdf
IPRATransparencyAndPublicRecords.pdf
 
NMEthics.pdf
NMEthics.pdfNMEthics.pdf
NMEthics.pdf
 
GASBLeasesImplementation.pdf
GASBLeasesImplementation.pdfGASBLeasesImplementation.pdf
GASBLeasesImplementation.pdf
 
AreFundsInJeopardy.pptx
AreFundsInJeopardy.pptxAreFundsInJeopardy.pptx
AreFundsInJeopardy.pptx
 

Último

Competitive Advantage slide deck___.pptx
Competitive Advantage slide deck___.pptxCompetitive Advantage slide deck___.pptx
Competitive Advantage slide deck___.pptx
ScottMeyers35
 
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Namrata Singh
 
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
gajnagarg
 
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
HyderabadDolls
 
Unique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdfUnique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdf
ScottMeyers35
 

Último (20)

Competitive Advantage slide deck___.pptx
Competitive Advantage slide deck___.pptxCompetitive Advantage slide deck___.pptx
Competitive Advantage slide deck___.pptx
 
Financing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCCFinancing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCC
 
Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'
 
Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019
 
2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.
 
Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)
 
2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30
 
AHMR volume 10 number 1 January-April 2024
AHMR volume 10 number 1 January-April 2024AHMR volume 10 number 1 January-April 2024
AHMR volume 10 number 1 January-April 2024
 
Honasa Consumer Limited Impact Report 2024.pdf
Honasa Consumer Limited Impact Report 2024.pdfHonasa Consumer Limited Impact Report 2024.pdf
Honasa Consumer Limited Impact Report 2024.pdf
 
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
 
31st World Press Freedom Day Conference in Santiago.
31st World Press Freedom Day Conference in Santiago.31st World Press Freedom Day Conference in Santiago.
31st World Press Freedom Day Conference in Santiago.
 
Sustainability by Design: Assessment Tool for Just Energy Transition Plans
Sustainability by Design: Assessment Tool for Just Energy Transition PlansSustainability by Design: Assessment Tool for Just Energy Transition Plans
Sustainability by Design: Assessment Tool for Just Energy Transition Plans
 
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
 
NGO working for orphan children’s education
NGO working for orphan children’s educationNGO working for orphan children’s education
NGO working for orphan children’s education
 
Panchayath circular KLC -Panchayath raj act s 169, 218
Panchayath circular KLC -Panchayath raj act s 169, 218Panchayath circular KLC -Panchayath raj act s 169, 218
Panchayath circular KLC -Panchayath raj act s 169, 218
 
3 May, Journalism in the face of the Environmental Crisis.
3 May, Journalism in the face of the Environmental Crisis.3 May, Journalism in the face of the Environmental Crisis.
3 May, Journalism in the face of the Environmental Crisis.
 
A Press for the Planet: Journalism in the face of the Environmental Crisis
A Press for the Planet: Journalism in the face of the Environmental CrisisA Press for the Planet: Journalism in the face of the Environmental Crisis
A Press for the Planet: Journalism in the face of the Environmental Crisis
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
 
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
Just Call VIP Call Girls In Bangalore Kr Puram ☎️ 6378878445 Independent Fem...
 
Unique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdfUnique Value Prop slide deck________.pdf
Unique Value Prop slide deck________.pdf
 

Cybersecurity.pptx

  • 1. IT & Cybersecurity May 19, 2022 Presented by Jaime Rumbaoa, CPA/CITP, CFE, CISA Partner
  • 2. AGENDA • Internet Landscape • Cybersecurity Statistics • Types of Cyberattacks • Common Vulnerabilities • Recent Cyberattacks • Cybersecurity Controls • Cybersecurity Framework and Tools • US and New Mexico Initiatives on Cybersecurity • What Can We Do?
  • 3. Internet landscape • First website went live in 1991. Today, there are more than 1.88 billion websites.
  • 4. Internet Landscape • There are over 5 billions people who use the internet. This represents over 70% of the total population
  • 5. Cybersecurity Statistics • Over 75% of targeted cyberattacks start with an email. (Round Robin, 2020) • Global cybercrime costs are expected to grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025. (Cybersecurity Ventures, 2020) • The healthcare industry is expected to spend $125 billion on cybersecurity from 2020 to 2025. (Cybersecurity Ventures, 2020) • The first half of 2021 saw a 102% increase in ransomware attacks compared to the beginning of 2020. (Check Point, 2021) • 53% of adults agree that remote work has made it much easier for hackers and cybercriminals to take advantage of people. (Norton, 2021)
  • 6. Cybersecurity Statistics • IoT (Internet of Things) devices will be the biggest technology crime driver in 2018. • The average cost of a ransomware attack was $1.85 million in 2020, doubling the year before at $761,106. (Sophos, 2021) • On the dark web, Social Security numbers might go for $1 each, a credit card number could sell for up to $110, and a U.S. passport might cost up to $2,000. (Experian, 2018)
  • 7. Types of Cyberattacks • Malware is an abbreviated form of “malicious software,” a software that is specifically designed to gain access to or damage a computer, usually without the knowledge of the owner. And it can come in many forms, including ransomware, spyware, and viruses, to name a few. • Phishing is when scammers try to lure sensitive information or data from you by disguising themselves as trustworthy sources. And phishers use multiple platforms to achieve these cyberattacks, including emails, texts, and phone calls. • Denial-of-Service (DOS) Attack. DoS attacks work by flooding systems, servers, and/or networks with traffic to overload resources and bandwidth. The result is rendering the system unable to process and fulfill legitimate requests. In addition to denial-of-service (DoS) attacks, there are also distributed denial-of-service (DDoS) attacks.
  • 8. Types of Cyberattacks • SQL Injections. This occurs when an attacker inserts malicious code into a server using server query language (SQL) forcing the server to deliver protected information. This type of attack usually involves submitting malicious code into an unprotected website comment or search box. Secure coding practices such as using prepared statements with parameterized queries is an effective way to prevent SQL injections. • Password Attack. Passwords are the most widespread method of authenticating access to a secure information system, making them an attractive target for cyber attackers. By accessing a person’s password, an attacker can gain entry to confidential or critical data and systems, including the ability to manipulate and control said data/systems. • Internet of Things (IoT) Attacks. While internet connectivity across almost every imaginable device creates convenience and ease for individuals, it also presents a growing—almost unlimited—number of access points for attackers to exploit and wreak havoc. The interconnectedness of things makes it possible for attackers to breach an entry point and use it as a gate to exploit other devices in the network.
  • 10. Recent Cyberattacks US • Colonial Pipeline. Ransomware resulting to a payment of $4.4 million (75 bitcoin) and shutdown of some pipelines. Exposed password for a VPN account. • JBS Foods (Pilgrim, Great Southern and Aberdeen Black). Ransomware resulting to a payment of $11 million in bitcoin and shutdown of plants and increase in meat prices. • Nvidia. Ransomware that threatened to release 1TB of data. • Bridgestone. Ransomware resulting to a halt in production for a week.
  • 11. Recent Cyberattacks New Mexico • Albuquerque Public Schools. Ransomware attack resulting to schools closures for few days. • Bernalillo County. Ransomware attack resulting to disruption of various services. • University of New Mexico Hospital. Exposure of PI of over 600,000 patients
  • 12. Cybersecurity Controls • Develop Security Policies. Development will include information classification policy as well as risk assessment. • Inventory all hardware and software. You can’t protect what you don’t know exists. • Keep your software up to date. Network providers issue updates that address known security vulnerabilities. Install them to prevent hackers from exploiting such weaknesses. Very common in NM. • Backup your data regularly. Use multiple storage systems to minimize data loss and avoid paying ransoms in case of attack. • Employ multiple security systems, for example firewalls, anti-virus software, spam filters, and web security. This enables you to detect and react to intrusions faster.
  • 13. Cybersecurity Controls • Provide awareness training for your employees. Staff are often the target of phishing emails, so it is important they know how to recognize and avoid such scams. • Network Penetration Test. Test include both internal and external to identify vulnerabilities • Vulnerability assessment. Some available tools to scan network and applications. Some available free tools or federal grants. • Encryption of PI. This will ensure that protected information can’t be accessed in event of cyberattacks. • Create Strong Passwords. Ensure it is consistent across the board for users and administrators’ accounts. • Review Users’ Access Control Listing. This should be completed for critical applications at least on an annual basis to ensure access is provided on a “need to know” basis.
  • 14. Cybersecurity Controls • Use multi-factor authentication. This means that even if hackers get a hold of employee credentials, they will not gain access to your system without additional authenticating factors. This is especially true for administrators’ accounts. • Implement Controls over IoT and portable devices. Security protocols need to be implemented when connecting devices over internet (printers, HVAC, medical devices, doorbell, security cameras, appliances. Etc.) • Develop Incident Response Plan. Policies to guide the organization in event of attacks. • End of life systems should be replaced or protected. This is very common in New Mexico. • Implement Controls Over Applications on the Cloud. SLA, SOC reports and other assessments.
  • 15. Cybersecurity Frameworks/Tools • NIST Cybersecurity Framework • FFEIC Cybersecurity Assessment Tool • ISACA COBIT and Nexus
  • 16. US and NM Initiatives • US created Cybersecurity and Infrastructure Security Agency (CISA) in November 2018, with annual budget of $2.5 billion. • Bill to Create Cybersecurity Program for K-12.
  • 17. What can we do? • Consider creating a separate agency, similar to CISA for federal government. • Baseline IT Controls for governmental agencies (Tier system depending on PI). • Emphasize IT as part of local government governance. • Increase budget for IT Department, address staffing issues • Hire Information Security Officer, especially for bigger agencies. • Develop Cybersecurity Programs at Universities and Colleges • Be Proactive on Security Matters.