Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
TedKozenko
Newcomer I
‎07-27-2022 07:21 PM
‎07-27-2022 07:21 PM

April 2022 Meeting Minutes

Meeting Announcement / Invite Message:

Let’s get together - IN PERSON

We’re hosting a new event, and we’d love to see you there. Join us for April 26th, 2022 (ISC)2 Cleveland Chapter Meeting - InfoSec – The State of Data Protection

Every organization needs to address how to protect its Data, whether its PHI, PII, Structured or Unstructured data. Join us where Bridget Bratt from Protiviti will discuss the current Data Protection Landscape, Challenges facing data stewards, how to develop sound data architecture strategies and DLP capabilities. Bridget has over 20 years of data security experience working with some of the largest organizations in the world to help design and protect their data.

We will be gathering at the Wild Eagle in Broadview Hts. Ohio (NW "sector," Rt. 82 & I-77 - the official address is: 5001 East Royalton Rd., Broadview Heights, OH 44147).

 

Sponsor: ISC2 Cleveland Chapter

 

Start: 17:33

Attendees: 29

Sponsor: chapter

Security Friends

  • FBI Warning of BlackCat ransomware
  • Intuit lawsuit for MailChimp phishing attack
    • Insider actor caused the phishing
    • LinkedIn users being targeted for phishing attacks
    • 52% of attacks leverage LinkedIn
    • Internal audit & cyber should be talking
  • Cyber criminals still targeting Ohio unemployment system
    • Reports of fraud increasing in 2022 again
    • Ransomware gang getting quicker at encrypting
    • Phin12 gang
    • Tracked by Mandiant's 2022 report
    • Time dropped from 5 to 2 days to encrypt a network
  • Cisco Umbrella virtual appliance allow attack
    • Unauthenticated attacker to gain DNS access in static ssh connection
    • Attacker can gain access and change systems
    • Hackers putting malware in HR resumes
    • Bogus resumes as an infection vector
    • MoreEggs operations gets into HR hiring managers
    • Businesses in several countries attacked
    • GoldenChickens/VenomSpider behind the attacks
  • MS Exchange Server hacked to deploy hive ransomware
    • Colbaltstrike attack sent from Exchange Server and then encrypted
    • ProxyShell is the vector
    • Combatted through dedicated IP addresses only and not open networks
  • Lenovo Unified Extensible Firmware Interface (UEFI) firmware vulnerabilities
    • Execute from exploits used during the manufacturing process
    • Permit ability to disable protections and survive system reboots
    • MS cunning Windows malware
    • Chinese groups hack them through hidden scheduled tasks
    • Dart group exploiting tooling and hidden tasks
    • Manually (or through PowerShell) inspect windows registry for tasks
  • Cyber-attack thwarted by Hawaii DHS
    • Targeted Oahu undersea cable infrastructure
    • HSI spokesman agent followed tip
  • Spring4shell flaw to spread malware
    • Exploit to spread
    • Not quite as dire as Log4j
  • Gov workers rely on MS instead of Google
    • Google bought Mandiant and going after gov cloud contracts
  • Static web apps are using Azure to lure phishing
    • Use features for static landing pages that look almost official

Topic 1 - Protecting Data - Bridgette Brant, presenter

  • What s being seen in other companies
    • Data privacy and Data security are different
    • Insider ignorance is a big issue
    • Every group has different agenda and needs
    • Business doesn’t understand because bridge is too far to close the gap
    • How to better equip business users on what is needed for privacy and security
    • Spend time training the business, marathon not a sprint
  • Basic things have to do
    • Write effective controls
    • Implement controls
    • Firewall review
    • Cannot protect all your data - determine what is important
    • Classify data
    • Assign data ownership outside of security
  • Business process makes business data
    • HR usually has their own data and data of other owners
  • Data breach after incident = what was on the server
    • Training = every server is compromised, not just one for the tabletop
    • Know where your open ports are and what is being sent and if the companies still need / have the data
    • Have asset management to know what you have and what was impacted
    • Companies have gone to pencil + paper after breaches for over month
    • Every day biz is down it costs some high dollar and not necessarily a fine
  • Sometimes the best thing is to get breached
  • Just enough governance program
  • How does the end user react?
  • Define the data - what is important
  • No regulatory agency will tell you how to meet the requirement
  • Generally easier to hack the cloud than on-prem environments
  • DLP vs CASB-- they are different
  • Without people and processes in place, the tech will never do what you need it to do or it can do
  • Don't rely on the magic quadrant - it might not be the best for the company
  • The greater motivator is fear over doing the right thing
  • Change the narrative - need support of the business
  • Take ownership in letting go and turning over to the business
  • Find the allies in the company - many are in the same situation just a different silo
  • Quantify the risk - what is the value of our record on the dark web
  • People are responsive to different things, and it's not always fear
  • Bridgette Bratt on LinkedIn

End: 19:37

 

Reply
0 Kudos
0 Replies