Sign up for our weekly TRU Snacks webinars here: https://www.citrincooperman.com/infocus/tru-snacks-webinar-series
Our TRU Snacks webinar series provides the middle market with brief, strategic, and tactical business improvement information from Citrin Cooperman’s Transition Response Unit (TRU) live every Thursday at noon.
In this TRU Snacks Webinar session, Technology, Risk Advisory, and Cybersecurity (TRAC) Partner Michael Camacho reviewed strategies to help combat the relentless attempts by hackers to infiltrate your business during these uncertain times.
2. MICHAEL CAMACHO, CPA, CIA
Partner, Technology, Risk Advisory & Cybersecurity (TRAC) Practice
Citrin Cooperman
mcamacho@citrincooperman.com
401-742-0478
Welcome &
Introduction
3. TABLE OF CONTENTS
T h e Mo r p h i n g C yb er R i sk L an d scap e
01
C h an g in g th e Gam e 02
Wh er e to B eg i n 03
Qu esti o ns? 04
4. 2020: A Hacker’s
Playground
The FirstThreeMonths of2020
• Disruption,innovation,and change were commoncybersecurity and privacy themes
• Cyber risk awareness was on the rise
Enter COVID-19
• Focus switchedto remote workforce and ensuring connectivity and sustained operations
▪ VPN networks setup recently “in a rush” to allow employees to work from home
▪ Vulnerabilities from the usage of unsecured personal computers and home networks
▪ A remote workforce can make it more difficultfor IT staff to monitor and contain threats
• Socialengineeringon the rise
▪ Attacks are up over 600% since February 2020
▪ Potential distractions increase likelihood of successfulspear-phishing and malware
attacks
• Other risks
▪ Workforce reductions could lead to disgruntled employees
▪ Privacy concerns (e.g., Family, Amazon Echo, Unsecured video conferencing,Ad hoc
remote access)
5. Today’s Cyber Threat Landscape
Global Average Cost per
Breach:
$3.86M
Average Cost per Record
Compromised: $146
Detection & Escalation: 28.8%
Notification: 6.2%
Ex-post Response: 25.6%
Lost Business Cost: 39.4%
15.1 Billion Records Were
Lost, Stolen, or Exposed in
2019
Increase In the Number of
Breaches in 2019 vs 2018:
284%
Average Cost of a Breach is
39.5% Higher When
Unprepared
Sources: Ponemon Institute/IBM Cost of a Data Breach Report -2020 & Verizon 2020 Data Breach Investigation Report
6. Today’s Cyber Threat Landscape
There is a Cyber Attack Every
39 Seconds
43% of Cyber Attacks Target
Small Businesses
91% of Breaches are the
Result of Phishing Attacks
Average Days to Detect a
Breach: 207
Average Days to Contain a
Breach: 73
Sources: Ponemon Institute/IBM Cost of a Data Breach Report -2020 & Verizon 2020 Data Breach Investigation Report
7. Once More into the Breach
• Hackers are industry agnostic
• COVID-19increased the likelihood of a data
breach at a time when companies are ill-
equipped to deal with the repercussions
• WFH distractions combined with 18,000,000
spear-phishing emails per day is creating a
perfectstorm
• The recessioncreated by COVID-19makes it
more difficultfor companies to recoverfrom an
attack
8. Incidents/Breaches TRAC has been involved with by year:
• Compared to 3 in 2017 and 2018 combined
• 17 in 2019
• 19 in 2020 (through December 14th)
Breaches are more sophisticated, on a large scale, and
have greater impact
Average business downtime during a breach:
• One to two weeks (longest just over a month)
Average cost of breach response:
• Incident/breach response for small business range from $10,000 -
$100,000+
• Exponentially higher for downtime, legal fees, tech expenditures,
etc.
TRAC Experience - Cyber Threat
Landscape
9. TRAC Experience - Cyber Threat
Landscape
Office 365 Exploit Morphs into
an Internal Control Deficiency
The Quiet Observer
A Phishing Tale
Seek and Destroy
“I Can’t Believe I Clicked It
…Again”
The Weakest Link
A Picture Worth a Thousand
Words
Facebook Blunders
10. Cost of a Breach
• Fines and penalties
• Technology expenditures
• Forensics
• Legal counsel
• Notification
• Downtime
• Reputational
11. COMMON THEMES:
• Almost all of the breaches were avoidable
▪ Log Reviews
▪ Automated Tools
▪ Employee Education
THE PATH FORWARD:
• Preparation, planning, and strong leadership is crucial to
address the new cybersecurity and privacy landscape
• Developing a comprehensive playbook to navigate
change will be necessary
• It all starts with understanding your risk!
in the Hacker’s Playground
Changing the Rules
12. UNDERSTAND YOUR RISK
BE PROACTIVE
TRUST, BUT VERIFY
DON’T FORGET COMPLIANCE
EDUCATE YOUR EMPLOYEES
Where Do I Start?
13.
14.
15.
16. Where Do I Start?
UNDERSTAND YOUR RISK
BE PROACTIVE
TRUST, BUT VERIFY
DON’T FORGET COMPLIANCE
EDUCATE YOUR EMPLOYEES
17. 6
Vulnerability Management Services
• Simulated “Bad-guy”
• Testyour network and system controls beforethe Hackers do
• Search for vulnerabilities which can allow forpotential attack
vectors (penetration testing and vulnerability assessments)
• Average rate per hour: $150 - $300
• Incidentor breach response:
▪ Detection,forensics and analysis
▪ Containment, eradication and recovery
▪ Postincident remediation
▪ Average rate per hour: $350 - $500+
18. Where Do I Start?
UNDERSTAND YOUR RISK
BE PROACTIVE
TRUST, BUT VERIFY
DON’T FORGET COMPLIANCE
EDUCATE YOUR EMPLOYEES
19. Final Thoughts on Risk
• Rapidly deployed solutions are rarely
secure solutions
• Solutions that were good a year ago may
no longer viable
• Daily monitoring of activity logs is required
to detect initial malicious activity
• Your security is only as strong as your third-
party service providers security
• Educate, educate, educate!!
22. Thank You
For Watching & Listening
MICHAEL CAMACHO, CPA, CIA
Partner, Technology,RiskAdvisory& Cybersecurity (TRAC)Practice
Citrin Cooperman
mcamacho@citrincooperman.com
401-742-0478