Yesterday I attended a joined seminar with Virtuit Systems & FBI Cyber Division.
Focal areas: Ransomeware and Zero-Day Attacks and How to fight against them
Opening with a one (1) hour discussion:
Guest Speaker:
Philip Frim, Supervisory Special Agent with the FBI’s Newark Division.
Topics
- Development of FBI’s Cyber Division Program
- Computer Analysis and Response Team (CART)
- Security Threat: Ransomeware
- Educating the workforce on security
- Building relationships with FBI
FBI’s Cyber Division Program
Developed to address cyber-crime in a coordinated and cohesive manner with specially trained personal at the FBI headquarters with a total of 56 field offices.
Cyber-Task-Force travel around the world to assist in computer intrusion cases, gathering vital intelligence to identify dangers to national security and our economy.
Security Threat: Ransomeware
Examples of how catastrophic the loss of sensitive or proprietary information can and does disrupt regular operations and cause financial losses to organizations.
Reputation impacts to organizations due to Ransomeware and security breaches
The FBI doesn’t support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee an organization that it will get its data back
Paying a ransom not only emboldens current cyber criminals to target more organizations, it offers incentive for criminals to continue this illegal activity. Paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals such as human trafficking, and terrorism.
Recommendations
Prevention by the use of awareness training for employees, the addition of technical controls (NGFW, threat prevention), and development of business continuity plan covering Ransomeware attacks.
Tips:
- Develop communication to make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
- Patch operating system, software, and firmware on digital devices regularly.
- Ensure antivirus and anti-malware solutions are set to automatically update and scan.
- Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and is necessary.
- Configure access controls, including file, directory, and network share permissions.
- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations.
- Back up data regularly and verify the integrity of those backups.
- Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.
Building relationships with FBI
Focused on companies building relationships with their local FBI Cyber division field offices to establish a channel of communication, reporting structure and a Contact to reach out to in the case of a security incident.
Introduce and develop into corporate incident policy, areas covering liability of sharing data with law enforcement such as the FBI. Corporations to work with lawyers or legal team in doing such.
In addition to the talk there was a demonstration of:
- Dell’s threat protection and endpoint security suite
- Network threat visualizer “DarkTrace” https://www.darktrace.com
I would like to give a big thanks to John Rovito over at VirtuIT Systems for having me out this week.