https://community.isc2.org/t5/Cleveland-Chapter-Discussion/2023-04-25-meeting-notes/m-p/58805#M22 <P># ISC2 Meeting Notes</P><P>&nbsp;</P><P>Date: 2023/04/25<BR />Start Time: 5:30 PM EST</P><P>Location: TrustedSec</P><P>&nbsp;</P><P>## Board Attendees</P><P>&nbsp;</P><P>-[X] President - Christopher Hartley<BR />-[X] Treasurer - Ted Kozenko<BR />-[X] Membership Chair - Troy Sheley<BR />-[X] Secretary - Geoff Sternecker<BR />-[ ] Emeritus - Robert Nettgen</P><P>&nbsp;</P><P>## Sponsors</P><P>&nbsp;</P><P>Dell - Primary financial sponsor<BR />TrustedSec - Meeting room &amp; facilities<BR />Improving - ?</P><P>&nbsp;</P><P>## Topics</P><P>&nbsp;</P><P>* Chatham House Rule<BR />* Officer Introductions for 2023<BR />Five (5) new attendees<BR />* ISC2 surveys have been sent out from the mothership.<BR />* ISS upcoming at the IX center, Last Week of October 26th Early Bird is now open.<BR />* NEO Cyber Security Day, ISC2, ISACA, INFRAGARD at the Galaxy May 12th 300 person limit $65.<BR />* Budget coverage<BR />$9,596.79 as of 4.25.23<BR />Catering, ~$600<BR />Eventbrite, $15.00<BR />Carry out containers, $20.00</P><P>Summer Family cookout, June $10 per person<BR />Need volenteers, need raffle items</P><P>I think, we should send out a survey. Leaned maybe to yes.</P><P>&nbsp;</P><P>## Security in the wild with Tyler Hudak @secshoggoth</P><P>&nbsp;</P><P>IC3 Annual reports coverage, large numbers may not be reported.<BR />Investment fraud was the top in 2022.<BR />180 million in losses reported by companies in Ohio.<BR />If you have computers or money, you can be a target.<BR />Not "OT" heavy.</P><P>&nbsp;</P><P>Number 3: Insider threat<BR />Violence/Sabotage/Databreach &amp; Theft/Attack Collusion<BR />Someone that falls for a phishing attack is considered an insider threat.</P><P>&nbsp;</P><P>Number 2: Ransomware<BR />The Russia - Ukraine conflict decreased the levels of ransomware.</P><P>$8 million is not an unusual cost for a ransomware remediation.<BR />It is a top tabletop exercise scenario. The attacks go on for months.<BR />IR will start at 120 hours. Their highest is 300 hours.<BR />IT and Legal expenses, Communications expenses.</P><P>&nbsp;</P><P>Number 1: BEC, Business Email Compromise<BR />We changed our account, and then sends out new invoices.</P><P>MFA is key, but not foolproof.<BR />Check if legacy protocols is still enabled on M365.<BR />Check the enabled applications.<BR />They set up email rules to hide the emails. Pull everyones email rules and look at forwarding or emails moved to RSS folder.<BR />Don't delete the rules, disable them. So forensics can evaluate timelines.</P><P>&nbsp;</P><P>## Speakers</P><P>&nbsp;</P><P>J.R. Cunningham: EVP &amp; Chief Security Officer from nuspire<BR />"By any measure your industry has failed and continues to fail. I feel bad for you all because you can never get it right."</P><P>2017 conversation on a plane with a Top 25 CEO<BR />Is my industry a failure?<BR />The history of our Industry and measures of success.<BR />Bad thing happens, company gets started, money spent. Repeat.<BR />iPhone changed every regulation in 2007, HIPAA, FISMA, PCI didn't address mobile.<BR />New things happening every single year from 2018 forward, so the trend didn't change.<BR />Used SSCMM maturity model for tracking, evaluating.<BR />Vulnerability management is still the issue, combined with asset inventory.<BR />Nobody can do DLP, Network segmentation is too difficult, nobody messes with phones.<BR />Random people from the org buying cloud infrastructure.<BR />Comparison to the history of fire fighting.<BR />Where do we go from here slide.</P><P>&nbsp;</P><P>## End Time</P><P>&nbsp;</P><P>8:15 PM</P> Mon, 09 Oct 2023 10:31:02 GMT GeoffS 2023-10-09T10:31:02Z https://community.isc2.org/t5/Cleveland-Chapter-Discussion/2023-04-25-meeting-notes/m-p/58805#M22 <P># ISC2 Meeting Notes</P><P>&nbsp;</P><P>Date: 2023/04/25<BR />Start Time: 5:30 PM EST</P><P>Location: TrustedSec</P><P>&nbsp;</P><P>## Board Attendees</P><P>&nbsp;</P><P>-[X] President - Christopher Hartley<BR />-[X] Treasurer - Ted Kozenko<BR />-[X] Membership Chair - Troy Sheley<BR />-[X] Secretary - Geoff Sternecker<BR />-[ ] Emeritus - Robert Nettgen</P><P>&nbsp;</P><P>## Sponsors</P><P>&nbsp;</P><P>Dell - Primary financial sponsor<BR />TrustedSec - Meeting room &amp; facilities<BR />Improving - ?</P><P>&nbsp;</P><P>## Topics</P><P>&nbsp;</P><P>* Chatham House Rule<BR />* Officer Introductions for 2023<BR />Five (5) new attendees<BR />* ISC2 surveys have been sent out from the mothership.<BR />* ISS upcoming at the IX center, Last Week of October 26th Early Bird is now open.<BR />* NEO Cyber Security Day, ISC2, ISACA, INFRAGARD at the Galaxy May 12th 300 person limit $65.<BR />* Budget coverage<BR />$9,596.79 as of 4.25.23<BR />Catering, ~$600<BR />Eventbrite, $15.00<BR />Carry out containers, $20.00</P><P>Summer Family cookout, June $10 per person<BR />Need volenteers, need raffle items</P><P>I think, we should send out a survey. Leaned maybe to yes.</P><P>&nbsp;</P><P>## Security in the wild with Tyler Hudak @secshoggoth</P><P>&nbsp;</P><P>IC3 Annual reports coverage, large numbers may not be reported.<BR />Investment fraud was the top in 2022.<BR />180 million in losses reported by companies in Ohio.<BR />If you have computers or money, you can be a target.<BR />Not "OT" heavy.</P><P>&nbsp;</P><P>Number 3: Insider threat<BR />Violence/Sabotage/Databreach &amp; Theft/Attack Collusion<BR />Someone that falls for a phishing attack is considered an insider threat.</P><P>&nbsp;</P><P>Number 2: Ransomware<BR />The Russia - Ukraine conflict decreased the levels of ransomware.</P><P>$8 million is not an unusual cost for a ransomware remediation.<BR />It is a top tabletop exercise scenario. The attacks go on for months.<BR />IR will start at 120 hours. Their highest is 300 hours.<BR />IT and Legal expenses, Communications expenses.</P><P>&nbsp;</P><P>Number 1: BEC, Business Email Compromise<BR />We changed our account, and then sends out new invoices.</P><P>MFA is key, but not foolproof.<BR />Check if legacy protocols is still enabled on M365.<BR />Check the enabled applications.<BR />They set up email rules to hide the emails. Pull everyones email rules and look at forwarding or emails moved to RSS folder.<BR />Don't delete the rules, disable them. So forensics can evaluate timelines.</P><P>&nbsp;</P><P>## Speakers</P><P>&nbsp;</P><P>J.R. Cunningham: EVP &amp; Chief Security Officer from nuspire<BR />"By any measure your industry has failed and continues to fail. I feel bad for you all because you can never get it right."</P><P>2017 conversation on a plane with a Top 25 CEO<BR />Is my industry a failure?<BR />The history of our Industry and measures of success.<BR />Bad thing happens, company gets started, money spent. Repeat.<BR />iPhone changed every regulation in 2007, HIPAA, FISMA, PCI didn't address mobile.<BR />New things happening every single year from 2018 forward, so the trend didn't change.<BR />Used SSCMM maturity model for tracking, evaluating.<BR />Vulnerability management is still the issue, combined with asset inventory.<BR />Nobody can do DLP, Network segmentation is too difficult, nobody messes with phones.<BR />Random people from the org buying cloud infrastructure.<BR />Comparison to the history of fire fighting.<BR />Where do we go from here slide.</P><P>&nbsp;</P><P>## End Time</P><P>&nbsp;</P><P>8:15 PM</P> Mon, 09 Oct 2023 10:31:02 GMT https://community.isc2.org/t5/Cleveland-Chapter-Discussion/2023-04-25-meeting-notes/m-p/58805#M22 GeoffS 2023-10-09T10:31:02Z