MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
A Hacker's Playground - Cyber Risks During COVID-19
1. David Roath / Partner
New York, NY
203.707.9788
droath@citrincooperman.com
Kevin Ricci / Principal
Providence, RI
401.421.4800
kricci@citrincooperman.com
CITRIN COOPERMAN’S TRAC PRACTICE
OCTOBER 14, 2020
A HACKER’S PLAYGROUND
CYBER RISKS DURING COVID-19
UNDERSTANDING YOUR RISKS DURING
UNCERTAIN TIMES
2. citrincooperman.com2
MEETING OBJECTIVE / AGENDA
SECTION 1
SECTION 2
SECTION 3
A LOOK AT THE FACTS
HACKING DEMOS
WHERE DO WE GO FROM
HERE?
INTRO AGENDA / ABOUT US
Q&A QUESTIONS FROM THE
AUDIENCE
3. citrincooperman.com3
PRESENTERS
Michael Camacho, CPA, CIA
Partner, Citrin Cooperman
TRAC Practice
mcamacho@Citrincooperman.com
401.567.2126
Matt Wagenknecht, CISSP, CEH, CREA
Director, Citrin Cooperman
TRAC Practice
mattw@Citrincooperman.com
401.421.4800
4. citrincooperman.com4
ABOUT CITRIN COOPERMAN
We are a top-25 nationally
recognized full-service assurance,
tax, and advisory firm with offices
conveniently located throughout the
United States, in addition to
locations in the United Kingdom,
India, and the Cayman Islands. Since
1979, we have steadily built our
business by helping companies and
high net worth individuals find smart
solutions. Whether your operations
and assets are located around the
corner or across the globe, we can
provide new perspectives on
strategies that will help you achieve
your short- and long-term goals.
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
5. citrincooperman.com5
ABOUT OUR TRAC PRACTICE
TRAC Overview
In today’s environment, companies are exposed to mounting
risks associated with increased business complexity, technology
challenges, the growing regulatory environment, and
cybersecurity threats and breaches.
Business walks a fine line between risk and reward. Citrin
Cooperman’s Technology, Risk Advisory, and Cybersecurity
Practice (TRAC) offers integrated services in the areas of:
• IT Risk
• Risk Advisory including internal audits, SOX, and compliance
• Cybersecurity and privacy
We help focus on risk, so you can focus on what counts – your
business. Let us help you stay OnTRAC!
TECHNOLOGY, RISK ADVISORY, AND CYBERSECURITY (TRAC)
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
6. TRACOn Business walks a fine line between risk and reward
Let us help you stay OnTRAC
OnTRACBusiness walks a fine line between risk and reward
Let us help you stay OnTRAC
A LOOK AT THE FACTS
UNDERSTANDING
THE CYBERSECURITY
AND PRIVACY
LANDSCAPE
7. citrincooperman.com7
2020 – A Hacker’s Playground
The First Three Months of 2020
➢ Disruption, innovation, and change were common cybersecurity and privacy themes
➢ Cyber risk awareness was on the rise
Enter COVID-19
➢ Focus switched to remote workforce and ensuring connectivity and sustained operations
• VPN networks set-up recently “in a rush” to allow employees to work from home
• Vulnerabilities from the usage of unsecured personal computers and home networks
• A remote workforce can make it more difficult for IT staff to monitor and contain threats
➢ Social Engineering on the rise
• Attacks are up over 600% since February 2020
• Potential distractions increase likelihood of successful spear-phishing and malware attacks
➢ Other Risks
• Workforce reductions could lead to disgruntled employees
• Privacy concerns (e.g., Family, Amazon Echo, Unsecured video conferencing, Ad hoc remote access)
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
8. citrincooperman.com8
THE STATISTICS - CYBER THREAT LANDSCAPE
Global Average Cost per Breach:
$3.86M
Average Cost per Record
Compromised: $146
• Detection & Escalation: 28.8%
• Notification: 6.2%
• Ex-post Response: 25.6%
• Lost business cost: 39.4%
15.1 Billion Records Were Lost,
Stolen, or Exposed In 2019
Increase In the Number of Breaches
in 2019 vs 2018: 284%
Average Cost of a Breach Is 39.5%
Higher When Unprepared
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
Sources: Ponemon Institute/IBM Cost of a Data Breach Report -2020 & Verizon2020 Data Breach InvestigationReport
9. citrincooperman.com9
THE STATISTICS - CYBER THREAT LANDSCAPE (continued)
There Is a Cyber Attack Every 39
Seconds
43% of Cyber Attacks Target Small
Businesses
91% of Breaches Are the Result of
Phishing Attacks
Average Days to Detect a Breach:
207
Average Days to Contain a Breach:
73
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
Sources: Ponemon institute/IBM Cost of a Data Breach Report -2020 & Verizon2020 Data Breach Investigation Report
10. citrincooperman.com10
2019
THE FACTS - CYBER THREAT LANDSCAPE
➢ Hackers are industry agnostic
➢ COVID increases the likelihood of a data
breach at a time when companies are ill-
equipped to deal with the repercussions
➢ WFH distractions combined with
18,000,000 spear-phishing emails per day
is creating a perfect storm
➢ The recession created by COVID makes it
more difficult for companies to recover
from an attack
2016
2017
2008
2009
2010
2011
2012
2013
2014
2007
2015
HackingTeam
2018
2020
11. citrincooperman.com11
TRAC EXPERIENCE- CYBER THREAT LANDSCAPE
Incidents/Breaches TRAC has been involved with by year:
➢ Compared to 3 in 2017 and 2018 combined
➢ 17 in 2019
➢ 15 in 2020 (through October 10th)
Breaches are more sophisticated, on a large scale, and have greater impact
Average business downtime during a breach:
➢ One to two weeks (longest just over a month)
Average cost of breach response:
➢ Incident/breach response for small business range from $10,000 - $100,000+
➢ Exponentially higher for downtime, legal fees, tech expenditures, etc.
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
12. citrincooperman.com12
WHO ARE THE PLAYERS
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
13. citrincooperman.com13
WHAT DO THEY WANT
Defense, National
Security, Critical
Infrastructure
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
14. citrincooperman.com14
2020 – A Hacker’s Playground
The Path Forward
➢ Preparation, planning, and strong leadership is crucial to address the new cybersecurity and privacy
landscape
➢ Developing a comprehensive playbook to navigate change will be necessary
It all starts with understanding your risk!
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
15. TRACOn Business walks a fine line between risk and reward
Let us help you stay OnTRAC
TRACOn Business walks a fine line between risk and reward
Let us help you stay OnTRAC
A HACKER’S PLAYGROUND
HACKING DEMOS
19. citrincooperman.com19
PHISHING IN THE COVID ERA
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
DEMO #1
PASSWORD HACKING DEMO
20. citrincooperman.com20
How password hashing works
Business walks a fine line between riskand reward. This set of services helps you manage uncertainty around IT Risk, Cybersecurity & Privacy,so you can focus on what
counts – your business. Let us help you stay OnTRAC!
Shared drive
Ub3rc00lPa$svvord1
186bf85b2b979e777628edabb5869929
Employee using a
shared drive
Hash algorithm
Can I have
access?
Yes!
21. citrincooperman.com21
How password stealing works
Business walks a fine line between riskand reward. This set of services helps you manage uncertainty around IT Risk, Cybersecurity & Privacy,so you can focus on what
counts – your business. Let us help you stay OnTRAC!
Shared drive
Ub3rc00lPa$svvord1
186bf85b2b979e777628edabb5869929
Employee using a
shared drive
Hash algorithm
Can I have
access?
Yes!
186bf85b2b979e777628edabb5869929
Yes, also!
22. citrincooperman.com22
PHISHING IN THE COVID ERA
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
DEMO #2
RANSOMWARE DEMO
23. citrincooperman.com23
PARTING TIPS FROM THE HACKER
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
➢ Rapidly deployed solutions are rarely secure solutions
➢ Solutions that were good a year ago may no longer viable
➢ Daily monitoring of activity logs is required to detect initial malicious activity
➢ Your security is only as strong as your third-party service providers security
24. TRACOn Business walks a fine line between risk and reward
Let us help you stay OnTRAC
TRACOn Business walks a fine line between risk and reward
Let us help you stay OnTRAC
CLOSING REMARKS
WHERE DO WE GO
FROM HERE?
25. citrincooperman.com25
WHERE DO I START?
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
➢ UNDERSTAND your cyber-risk profile
26.
27.
28.
29. citrincooperman.com29
WHERE DO I START?
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
➢ UNDERSTAND your cyber-risk profile
➢ Be PROACTIVE in your approach to data security
30. 6
Vulnerability Management Services
• Simulated “Bad-guy”
• Test your network and system controls before the
Hackers do
• Search for vulnerabilities which can allow for
potential attack vectors (penetration testing and
vulnerability assessments)
• Average rate per hour: $150 - $300
• Incident or breach response:
▪ Detection, forensics and analysis
▪ Containment, eradication and recovery
▪ Post incident remediation
▪ Average rate per hour: $350 - $500+
31. citrincooperman.com31
WHERE DO I START?
Michael Camacho (mcamacho@citrincooperman.com)● Matt Wagenknecht (mattw@citrincooperman.com)
➢ UNDERSTAND your cyber-risk profile
➢ Be PROACTIVE in your approach to data security
➢ Trust, but VERIFY
➢ Don’t forget COMPLIANCE
➢ EDUCATE your employees and clients
33. citrincooperman.com33
IT RISK, CYBERSECURITY & PRIVACY SERVICES
IT Risk and Cybersecurity Programs
• Virtual Chief Information Security Officer
(vCISO)
• IT Policy and Procedure Development
• Third-Party Risk Management
• Disaster Recovery / BCP
• IT / Cybersecurity Due Diligence
Cybersecurity & Privacy Business Risk and
Maturity Assessment
• SCORE Report
• Cybersecurity & Privacy Business Risk and
Maturity Assessment
• IT Risk Assessment
Threat and Vulnerability Management
• External and InternalNetwork Attack and
PenetrationTesting
• Spear-Phishing Campaign
• PhysicalSecurity Assessment
• Wireless Network Security Assessment
• Server Security Assessment
• Web ApplicationSecurity Assessment
• Network Device ConfigurationReviews
Incident Breach Preparedness and Response
• Incident Response Preparedness
• CyberSecure Incident Response and Forensics
Business walks a fine line between riskand reward. This set of services helps you manage uncertainty around IT risk, cybersecurity,and privacy, so you can focus on what
counts – your business. Let us help you stay OnTRAC!
Compliance and Frameworks
• Cyber ComplianceServices
▪ PCI, HIPAA, GDPR, NIST, GLBA, CMMC
• Third-Party Assurance
▪ SSAE18 (SOC 1, 2, 3, Cybersecurity)
Data Mapping and Other Data Services
• Data Mapping
• DatabaseCreation and Other Data Services
• Data Analytics
34. citrincooperman.com34
CONTACT US
Michael Camacho, CPA, CIA
Partner, Citrin Cooperman
TRAC Practice
mcamacho@Citrincooperman.com
401.567.2126
Matt Wagenknecht, CISSP, CEH, CREA
Director, Citrin Cooperman
TRAC Practice
mattw@Citrincooperman.com
401.421.4800
WOULD YOU LIKE ADDITIONAL INFORMATION ON HOW CITRIN
COOPERMAN CAN HELP PROTECT THE PEOPLE, DATA, AND TECHNOLOGY
AT YOUR COMPANY?