Search...

Search
Log in 

Download presentation

We think you have liked this presentation. If you wish to

download it, please recommend it to your friends in any social
system. Share buttons are a little bit lower. Thank you!

Buttons:

15

Cancel
Download

27 / 27

 Similar presentations
Cybersecurity Roadmap for 2018  151
Published by Osborne Mills Modified over 2 years ago

15

 Embed
 Download presentation

Presentation on theme: "Cybersecurity Roadmap for 2018"—

Presentation transcript:

1
Cybersecurity Roadmap for 2018

Lester Godsey and Ihaab Dais

City of Mesa, AZ
 2
Introduction Lester Godsey, CISM, PMP – CISO, City of Mesa

Ihaab Dais, CISSP, GSEC –Download

Security Architect, City of Mesa 
presentation

3
Do You Need to Worry About
We think you Cybersecurity?

have liked this presentation. If you wish to

Yes download it, please recommend it to your friends in any social
system. Share buttons are a little bit lower. Thank you!

4
“When compared Buttons:
to the cybersecurity performance of 17 other major
industries, government organizations ranked at the bottom of all major
performers, coming in below information services, financial services,
transportation and healthcare.”
15
Source: Security Scorecard, 2016 Cybersecurity report

5
Closer to Home . . . Cancel
Download
100% of government entities see their own employees as the biggest threat
to security

6
What About the Paper in Front of Me?

The handout is a simplified version of a cybersecurity maturity assessment

What you should do with it:
If you don’t know the answers, start a conversation with those in charge of
Cybersecurity or IT in your organization
Answer honestly and hopefully this talk with give you some options for
maturing your cybersecurity program
Onto the trends for 2018!

7
Threat:
will continue being the largest threat vector for all organizations
The  Radicati  Group reports that the  number of s transmitted per day will
reach billion by 2021—and with 88 percent of pretexting attacks using as the
top method of communication according to  Verizon’s 2017 Data Breach
Investigations Report, employees are an obvious vulnerability and a
preferred business attack vector.

8
Options: Email Don’t host email yourself

For those O365 customers, both built-in protections and ATP (Advanced
Threat Protection) may not meet needs
Look at 3rd party spam filtering services
Employee training

9
Threat: Malware/Ransomware

This isn’t going to get better – it’s going to get a lot worse
The number of s infected by  ransom software  went up 6,000 percent from
2016 to 2017, according to a review by IBM Security. 
Research by IBM reveals that 59%  of ransomware attacks  originate with
phishing s and a remarkable 91% of all malware is delivered by .
 10
Options: Malware/Ransomware

See previous slide 

Download presentation
User education!
Look into options for Advanced End Point solutions
Traditional AV is signature-based and thus ineffective against zero day and
We think you have liked this presentation. If you wish to
fileless malware
download it, please recommend it to your friends in any social
There are options via the State Contract for very reasonable pricing
system. Share buttons are a little bit lower. Thank you!
Controversial topic – to Bitcoin or not to
Buttons:

11
Threat: Encryption/Decryption

Decrypting traffic in and out of your network isn’t an option anymore

By 2019, Gartner believes, more than 80 percent of enterprise web traffic15will
be encrypted. . . This means encryption brings a bit of a double-edged sword
-- the bad guys can use it too.  Encryption can hide malware just as well as it
can hide your own secrets.  Cancel
Download

12
Options: Encryption/Decryption

Next-Gen Firewalls
You need to be careful – you don’t want to store sensitive/legitimate data,
like HIPAA or financial data
You just want to see what is coming in and leaving your network
For small/medium organizations that don’t have the Next-Gen firewall
investment consider IaaS
This shifts your investment from infrastructure to ISP

13
Threat: Lack of Insight

How do you know if you’ve been compromised? Someone reports it?

According to the Ponemon 2017 Cost of a Data Breach Study US companies
took an average of 206 days to detect a data breach.
While there is no way to guarantee 100% self-awareness there are things you
can do

14
Options: Lack of Insight

SIEM (Security Information and Event Management) software

Takes log information from all your systems and allows you to correlate
activities
It is very time and labor intensive, as well as complicated to set up
Can be expensive
For small/medium shops that don’t have the resources for a on-prem SIEM
consider an MSSP (managed security service provider) or a MDR (managed
detection and response) company

15
Threat: The Human Factor

Without a doubt, the employee is the biggest risk to any organization

The volume of spam s increased 4x in 2016.
Source: IBM Threat Intelligence Index 2017
Reports of W-2 phishing s increased 870% in 2017.
Source: IRS Return Integrity Compliance Services
These attacks are increasing because they work. They work because people
fall for them.


Download presentation
16
Options: The Human Factor

Educate your users

Mandatory cybersecurity awareness training
We think you have liked this presentation. If you wish to
Simulated phishing campaigns
download it, please recommend it to your friends in any social
All size organizations can and should do this
system. Share buttons are a little bit lower. Thank you!
Tell a story
No one likes the overhead of having additional security measures in place
Buttons:
Remind your staff that the greater need is to safeguard the data and services
of residents and businesses

15
17
Threat: The Cloud
50 percent of US Government agencies use the cloud at present.
Cloud Computing is up to 40 times more cost-effective for an SMB Cancel
compared

Download
to running its own IT system or department
Source: SysTweak
So where’s the threat?:
Visibility
Cloud vendor security
Attack surface has changed

18
Threat: The Cloud

19
Options: The Cloud Evaluate your Cloud Vendors

Manual/Automated log aggregation and monitoring

If you want to successfully manage your cloud vendor, you need data
CASB (Cloud Access Service Broker)
MSSP
A better option for small/medium organizations
Outsource security monitoring and logging

20
Threat: IoT
When computers talk directly to other computers with no human input or
judgment expected, data security becomes a priority.
The Smart Cities America Challenge states that more than $41 billion will be
spent on integrating IoT concepts into urban infrastructures over the next 10
years
Remember the Dyn Attack in 2016? It was launched by an estimated 100,000
IoT devices

21
Options: IoT Software to find IoT devices Update
policy/standards

Technology exists to help with this but it is very expensive

Update policy/standards
Is cheap to do but then it becomes an issue of enforcement
Segment devices in your network
This will minimize impact of compromised IoT devices but . . .
This doesn’t address enterprise management and oversight
From a technology perspective, this is probably the hardest problem your org
will face in 2018


Download presentation
22
Threat: Cybersecurity Staff and Skills Shortage

Every year in the U.S., 40,000 jobs for information security analysts go
unfilled, and employers are struggling to fill 200,000 other cyber-security
We think you have liked this presentation. If you wish to
related roles, according to cyber security data tool CyberSeek.
download it, please recommend it to your friends in any social
No, you may not poach our Security Architect 
system. Share buttons are a little bit lower. Thank you!

Buttons:
23
Threat: Cybersecurity Staff and Skills Shortage

Cybersecurity Analyst
Average salary: $75,118
High point: $117,948 15
Cybersecurity Engineer
Average salary: $96,359
High point: $136,158 Cancel
Download

24
Options: Cybersecurity Staff and Skills Shortage

HR Departments need to accept this reality

Market studies/Job classifications
Managers/Directors
Find diamonds in the rough and invest in them
Yes, you run the risk of them leaving but don’t give them reasons to do so
either
MSSP/MDR
Cybersecurity Organizations and Associations
Join organizations such as ACTRA (Arizona Cyber Threat Response Alliance) to
augment your cyber resources

25
Tying It Altogether
We’ve covered a lot this afternoon but the biggest improvement you can
make for your org (if you don’t have one already) is to create a cybersecurity
plan

26
If You’re Interested in Security

Source Security and Training conference

February 28 – March 1, 2018
Mesa Convention Center (Conference Venue)
263 N Center St, Mesa, AZ 85201

27
Thank You! Lester Godsey, CISO Ihaab Dais, Security Architect

Ihaab Dais, Security Architect

Download ppt "Cybersecurity Roadmap for 2018"

 Similar presentations


Download presentation

We think you have liked this presentation. If you wish to

download it, please recommend it to your friends in any social
system. Share buttons are a little bit lower. Thank you!

Buttons:

15

Cancel
Download
 
Download presentation

We think you have liked this presentation. If you wish to

download it, please recommend it to your friends in any social
system. Share buttons are a little bit lower. Thank you!

Buttons:

15

Cancel
Download

© 2021 SlidePlayer.com Inc. Feedback Do Not Sell

About project
All rights reserved.
Privacy Policy
My Personal
SlidePlayer

Feedback Information Terms of Service

Search...
Search