Presentation is loading. Please wait.

Presentation is loading. Please wait.

Welcome and Introduction:

Published byAndrea Park Modified over 7 years ago

Similar presentations

Presentation on theme: "Welcome and Introduction:"— Presentation transcript:

1 Welcome and Introduction:
Shareholder Services Association Webinar: Cybersecurity: New Insights & Lessons Learned Welcome and Introduction: Abby Cowart, Executive Director, SSA Moderator: Patrick Burke Director of Operations and Assistant Secretary AIG, Inc. Presenters: Brad Mathis Richard Young Senior Information Security Consultant Head of Virtualization Technologies Keller Schroeder Computershare

2 DISCLAIMER The information provided in this webinar represents the current understanding of the presenters and the Shareholder Services Association. It is subject to change. In no way should this information be construed or relied upon as legal or operational advice. You should consult with your own legal counsel, compliance officer and/or other subject matter experts.

3 Agenda Speaker Introductions Who are the hackers?
What are the different ways to get hacked? How should companies protect their customers and employees? Recent hacks and breaches Podesta – A case study What should individuals do to protect themselves? Q & A session

4 Brad Mathis CISSP, CGEIT, CRISC, GPEN, GCCC
Brad Mathis CISSP, CGEIT, CRISC, GPEN, GCCC Joined Keller Schroeder as an employee-owner in 2011 to lead the Security Practice 30+ Years in Information Technology and Security Previously Served on the Indiana FBI InfraGard Members Alliance State Board of Directors 2009 Guest Speaker - SANS Log Management Summit in Washington, DC Native of Southern Illinois – Southern Indiana Resident since 1983 12+ Year Sustaining Member of the Rotary Club of Warrick County – Paul Harris Fellow Married 31+ years to an incredible wife with a growing family - three grown kids, a son-in-law, a daughter-in-law, the world’s most awesome granddaughter, and a brand new grandson!

5 Richard Young Over 20 years experience with Infrastructure design, delivery and operations. Held positions as: Manager, Virtualization Technologies Global Head of Security and Risk Reporting Information Security Program Manager Global Infrastructure Manager Practice Lead, Wintel IT Managed Services Senior Automation Engineer Business Manager, IT Consulting Systems Architect Systems Engineer Systems Administrator Help Desk Technician Specialty with Financial Services institutions. LinkedIn – Twitter

6 Who are the hackers? Cyber criminals / thieves Hacktivists
Petty thieves with sophisticated weapons Hacktivists Political activists that drive transparency of information, or seek out to expose those they perceive to be the corrupt Corporate competitors Companies will attempt to steal intellectual property, design specifications and plans from the competition to gain an edge in the market place. Nation state actors Military and mercenary hackers who seek out to steal intelligence data, disrupt infrastructures of other countries or change the course of political events Real terrorists Like traditional terrorists, these hackers seek out to cause bodily harm and invoke fear and chaos by crippling critical infrastructure Curious geeks Bright, curious folks who look to push the limits of technology and believe that if there’s an open door they are allowed to walk through it

7 What are the different ways to get hacked?
Attack targets Social Media Web sites Bank and credit accounts Financial Markets Transportation Healthcare databases Methods Malware Social engineering Fraud Denial of service

8 How should companies protect their customers and employees?
A comprehensive, inclusive, multi-layered, lifecycle focused information security program should be a cornerstone of any organization’s overall strategy. What does “Good” look like? Access Management Threat Management Security Operations Business Partnership Awareness & Education

9 Recent hacks and breeches
Centene Corporation lost 6 hard drives containing personal information for over 950,000 patients. ADP’s web site was hacked due to a vulnerability that allowed hackers to steal W-2 data from employees at over 640 client companies. Homeland Security and the FBI got hacked and personal information was published for over 30,000 federal law enforcement personnel because a hacker was able to download almost 1 Terrabyte of data from a single hacked account. Seagate technologies lost all of its employees W-2 and benefits data due to a phishing scam that targeted a single staff member. The IRS lost information from over 700,000 taxpayers because of a vulnerability exploited in their Get Transcript program that provides taxpayer history data. The Office of Child Support Enforcement had a laptop and some portable hard drives stolen that contain the personal information of over 5 million people. The FDIC’s data was openly accessible between 2013 and 2015 because Chinese hackers were able to install malware on numerous servers and workstations, and reported the loss of personal information for over 160,000 individuals.

10 Democratic National Committee
Case study Democratic National Committee

11 4920 Carriage Drive| Evansville, IN 47715 | 812. 474. 6825 | www
4920 Carriage Drive| Evansville, IN |  | Founded in Employee-owned $30M information technology consulting services firm. Headquartered in Evansville, Indiana. Client base ranges from local and regional businesses to global enterprises, such as Mead Johnson Nutrition, Old National Bancorp, Vectren, Anchor Industries, Raben Tire, Deaconess Hospital, Champion Laboratories and MasterBrand Cabinets clients served annually with a track record of solid financial performance – profitable in every year of our existence – we are known as a great place to work. For nearly 40 years, this has proven to be a successful formula for our employee-owners and our clients.

12

13

14 John Podesta

15 The “Phishermen” went Phishing and caught a Whale. (a. k. a
The “Phishermen” went Phishing and caught a Whale. (a.k.a. John Podesta) Or, as Stu Sjouwerman, CEO of KnowBe4, called it, John Podesta is the new Poster boy for CyberInsecurity

16 How Did This Happen? Ask Fancy Bear!
(also known as APT28, Pawn Storm, Sofacy Group, Sednit and STRONTIUM) Wikipedia lists Fancy Bear as a Cyber Espionage Group CrowdStrike suggests it is associated with the Russian Military Agency GRU Known to target government, military, and security organizations Categorized as an Advanced Persistent Threat (APT) Fancy Bear employs spear phishing attacks, using malware to gain control of systems Known for many well known attacks – Germany, White House, and more

17 How Did they Hook John Podesta?
Alarming and legitimate looking from Google – actually from a hacking group He clicked… Game Over

18 Podesta’s IT team told Podesta the fake Gmail email was real.
Podesta’s chief of staff forwarded the to the Clinton campaign Help Desk Response was ‘This is legitimate . John needs to change his password immediately.’ The link actually went to a computer overseas, not Google Multiple Security Awareness Failures here Podesta Help Desk Chief of Staff “Fill-in-the-blank”

19

20

21 The Podesta situation is a textbook example of how to become a
Cyber-Insecurity Poster Child Using a terrible password to begin with Re-using that password for multiple sites/accounts Sharing the password with assistants Asking an assistant to him his password when he forgot it Not turning on two-factor authentication Not changing passwords after one account was known to be compromised

22 Simple Tips to NOT BECOME a
Cyber-Insecurity Poster Child Use Strong Passwords Avoid Re-using passwords for multiple sites/accounts Don’t share passwords with anyone Enable two-factor authentication, if available Change passwords periodically, but never from a link received in Train ALL Users – Phish test them!

23

24 Thank you for participating!
Questions & Comments? Thank you for participating!

25 Save The Dates November 17, :30 am. SSA Luncheon & Seminar Mock Proxy Battle- Sponsored by Alliance Advisors Battery Gardens Restaurant- New York, New York December 1, :30 am. SSA Annual Meeting & Holiday Luncheon Details can be found at

26 2017 SSA Annual Conference July 18-20, 2017 Bonita Springs, Florida

Download ppt "Welcome and Introduction:"

Similar presentations

Introduction and Overview of Digital Crime and Digital Terrorism

Introduction and Overview of Digital Crime and Digital Terrorism
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.

English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © 2014 CUNA Mutual Group, All Rights Reserved. Understanding Cyber Insurance.

CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © 2014 CUNA Mutual Group, All Rights Reserved. Understanding Cyber Insurance.
Cyber Security Nevada Businesses Overview June, 2014.

Cyber Security Nevada Businesses Overview June, 2014.
Cyber Security in Local Government. One of the Industry’s Most Widely Recognized and Highly Accredited Partners 1.

Cyber Security in Local Government. One of the Industry’s Most Widely Recognized and Highly Accredited Partners 1.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Cyber Attacks Threaten: privacy reliability safety resiliency 2.

Cyber Attacks Threaten: privacy reliability safety resiliency 2.
NEACS: CRO Perspective William Feher Vice President, Internal Audit and Chief Risk Officer October 27, 2015.

NEACS: CRO Perspective William Feher Vice President, Internal Audit and Chief Risk Officer October 27, 2015.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Https://www.youtube.com/watch?v=1hpU_Neg1KA. INTRODUCTION & QUESTIONS.

INTRODUCTION & QUESTIONS.

Similar presentations

Ads by Google