Seminar Ins�tute – Commissioner Training Master Class on Cybersecurity September 16 – 18, 2024 Tulalip Resort Casino - Tulalip, Washington
September 16, 2024
8:00 am – 9:00 am
Breakfast
9:00 am – 9:30 am
Welcome/Course Introduc�ons:
“ Threat Landscape- Overview 2024 Trends and Forecast to 2025” Billy David, Bo-Co-Pa & Associates
9:30 am – 10:30 am
10:30 am – 10:45 am
BREAK
“Why Should We Consider Cyber Insurance” Abe Mar�n, CFE, Casino Cryptology
10:45 am – 12:30 pm
12:30 pm – 2:00 pm
BREAK
“Cybersecurity is a Board Level Leadership Impera�ve for Building the Security Culture” Abe Mar�n, CFE, Casino Cryptology
2:00 pm – 3:15 pm
3:15 pm – 3:30 pm
BREAK
“Who Is Responsible for Regula�ng Cybersecurity?” Billy David, Bo-Co-Pa & Associates & Abe Mar�n, CFE, Casino Cryptology
3:30 pm- 5:00 pm
September 17, 2024
8:00 am – 9:00 am
Breakfast
How to conduct great tabletop exercises and take them to the next level Chris Janke and Eric Onderdonk, Wiplfi CPAs and Consultants
9:00 am – 10:30 am
10:30 am – 10:45 am
BREAK
How to structure and oversee a “Purple team” engagement that validates a casino’s visibility to malicious cyber ac�vity and block a�acks like ransomware Chris Janke and Eric Onderdonk, Wiplfi CPAs and Consultants
10:45 am – 12:15 pm
12:15 pm – 1:15 pm
BREAK
How to plan and include incident response in the overall business con�nuity strategy Chris Janke and Eric Onderdonk, Wiplfi CPAs and Consultants
1:15 pm – 2:45 pm
2:45 pm – 3:00 pm
BREAK
Securing the human and how to increase a casino’s resistance to social engineering a�acks Chris Janke and Eric Onderdonk, Wiplfi CPAs and Consultants
3:00 pm – 4:30 pm
September 18, 2024 8:00 am – 9:00 am
Breakfast
Is my Casino at Risk from a Ransomware A�ack? Billy David, Bo-Co-Pa & Associates
9:00 am – 10:30 am
10:30 am – 10:45 am
BREAK
Top 20 Security Controls for Maximum Casino Cyber Security Billy David, Bo-Co-Pa & Associates
10:45 am – 11:45 pm
Resources, Takeaways, Recap of Events, and next steps for your organiza�on Billy David, Bo-Co-Pa & Associates
11:45 am – 12:15 pm
2
4/20/24
Threat Intelligence Sources
• Verizon Data Breach Investigations Report (Annual) • Sophos • Cisco/Splunk • Cybersecurity and Infrastructure Security Agency (CISA) • Federal Bureau of Investigation (FBI)
3
Splunk – A Cisco Company The CISO Report
4
2
4/20/24
Verizon Data Breach Investigations Report 2023
16,312 Incidents – 5,199 Confirmed Breaches
5
Verizon Data Breach Report, 2023
6
3
4/20/24
Backup Compromise • 75% of attempts were successful when the attack started with an exploited vulnerability • 54% of attempts were successful when the attack started with compromised credentials Data Encryption • 67% of attacks resulted in data encryption when the attack started with an exploited vulnerability • 43% of attacks resulted in data encryption when the attack started with compromised credentials
Sophos Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector
7
Paid the Ransom • 71% of organizations that had data encrypted paid the ransom when the attack started with an exploited vulnerability • 45% of organizations that had data encrypted paid the ransom when the attack started with compromised credentials
8
4
4/20/24
Recovery Time
9
Median Recovery Cost • $3M median overall recovery cost for ransomware attacks that start with an exploited vulnerability. That’s four times greater than … • $750K for those that begin with compromised credentials
10
5
4/20/24
Trends & Predictions
• 3.5 million unfilled cybersecurity jobs by 2025 • CISO’s will report to the CEO • Zero Day Exploits Doubling • Social Engineering will become #1 • AI will surge as a top attack vector
11
Questions????
12
6
4/20/24
Why We Should Consider Cyber Insurance
Abe Martin abe@casinocryptology.com 931-CRYPTIC (279-7842) www.casinocryptology.com
April 9, 2024
1
Is insurance STILL a sucker bet?
2
1
4/20/24
3
Cyber Insurance brokers…
• not to be confused with Agents, who work for an insurance company • help businesses find providers and policies that fit their specific needs • are intended to be independent of insurance companies, therefore able to offer unbiased input • may charge a commission, a broker fee, or both (ASK!) • might not know every detail of every policy or provider
4
2
4/20/24
What is Cyber Insurance?
• AKA “cyber liability insurance” • May provide financial protections and/or resources to policy holders in the event of cyber attacks, data breaches and other technology related risks • Types of coverage are critical
5
Types of coverage:
First-Party Coverage focuses on your organization’s data, including customer and employee information. Look for coverage that (at least) includes: • Investigation fees • legal obligations • Recovery/replacement of data • Communication with customers and PR • Lost income and money lost to extortion and fraud • Crisis management • Fees, fines and penalties
6
3
4/20/24
Types of coverage:
Third-Party Coverage focuses on liability claims against your organization. Look for coverage that (at least) includes: • Payments to affected customers • Claims & settlements • Defamation and copyright or trademark infringement • Litigation and regulatory responses • Accounting costs • Other settlements, damages or judgements
7
Policy components:
• Premiums • Policy limits • Deductibles • Exclusions (zero day/third party) • Loss ratio • Application process • Policy changes • Material misrepresentation • Monitoring remote workers
8
4
4/20/24
Pricing and cost Factors:
Generally speaking, a few factors that influence cyber insurance prices: • Type of industry: nature and level of information the business handles • Company size: more employees = more vendors, devices, customers = more “attack surfaces” • Company revenue: yep • Company security: better security = better rate, generally speaking
9
Claims handling/reporting:
• Clarify input from in-house experts (quickly) • Notify provider sooner that later • Identify and connect with [cyber] specialists provided by coverage • Be ready to work with external experts; insurance, investigators and maybe even negotiators • Maintain detailed documents • Overestimate the road to recovery
10
5
4/20/24
Best practices: • Risk assessments/penetration testing • Incident response plans • Cybersecurity training • GOOD data backups • Multi-Factor Authentication (MFA) • Data classification • Identity access management • Strong password policies • Firewalls • Antivirus or Endpoint Detection and Response software Insurance Risk Assessment: • Consider the probability that a given scenario could occur • Consider the impact of that scenario taking place • Intersection of probability and impact can help to guide decisions for insurance coverage as well as other efforts
11
12
6
4/20/24
RISK Assessment exercise:
INSIDER THREAT
The potential for an insider to use their authorized access or understanding of an organization to harm that organization
13
RISK Assessment exercise:
DATA BREACH
A security incident that exposes confidential, sensitive or protected information to an authorized person
14
7
4/20/24
RISK Assessment exercise:
RANSOMWARE
Ransomware blocks the owner from accessing a computer system (network) until a sum of money has been paid.
15
Key Takeaways:
• Perform risk assessments, include local/industry factors • Audit systems/operations against known security framework(s); NIST, ISO-2700 – changes as needed • Consider using an insurance broker • Be VERY careful, and brutally honest in application • Make claims part of incident response planning
16
8
4/20/24
Abe Martin, CFE, CSP abe@casinocryptology.com 931-CRYPTIC (279-7842) www.casinocryptology.com
17
9
4/20/24
Cybersecurity is a Board Level Imperative for Building the Security Culture
Abe Martin abe@casinocryptology.com 931-CRYPTIC (279-7842) www.casinocryptology.com
April 9, 2024
1
Cybersecurity strategy? Is our strategic goal to outrun the bear?
Or just one person?
2
1
4/20/24
Cybersecurity strategy?
Theoretically, the longer we go without seeing a black swan, the more likely it is to happen.
3
Change management:
Top 5 considerations for changing culture: 1. Leadership – people in positions of authority AND the peoples’ champions 2. Involvement – every workgroup with an interest in the operation plays a part 3. Training – consider engagement; fun, game style 4. Metrics – every goal must be measurable, evaluated, discussed and adjusted 5. TIME!
4
2
4/20/24
Top-Down Approach:
We gotta walk the talk!
Consider a few options for tech-challenged leadership: • Independent training • Leadership/peer learning groups • A tech coach • Informational content in leadership meeting agendas
5
Challenge:
During presentation watch for emoji puzzles.The solution to each puzzle is a cybersecurity term. Blurt out answers!
6
3
4/20/24
Security methodology:
Controlling access and permissions are perhaps the two most critical elements.Two common approaches are:
Principles of Lease Privilege (PoLP)
OR
Zero Trust
7
Strong Authentication:
• Passwords: ISO 27001 requires organizations to create strong passwords that have a mix of letters, numbers, and special characters.The passwords must be at least 8 characters long and should not contain personal information such as first names, last names, or dates of birth. Passwords must also be renewed regularly; at least every 90 days. • MFA – Multi-factor Authentication: access requires something we know (password) and something we have (phone, email, etc. • Should we hold vendors/service providers to the same standards?
8
4
4/20/24
Observation skills:
The majority of all (recent) breaches have been attributed to human error. Regardless of a vast array of security tools and precautions a single click can open the door for cyber attacks.
Being observant and cautious has never been more important to an organization’s security!
9
Smishing & Vishing:
• Remember JDLRs • Save known vendors & service provider info to your contacts and only reply through those channels
10
5
4/20/24
Phishing:
11
Phishing – email headers:
12
6
4/20/24
Phishing – email headers:
13
Phishing – email headers:
14
7
4/20/24
Phishing – email headers:
15
Phishing – email headers:
16
8
4/20/24
Phishing – email headers:
17
Phishing – email headers:
18
9
4/20/24
Spoofing:
Access important sites via saved bookmarks
19
Key Takeaways:
• 5 ways to improve change: leadership, involvement, training, metrics and time • Walk the walk, leadership training/resources • Push those authentication rules • Work your observation skills and defenses: • Phishing, Smishing & Spoofing
20
10
4/20/24
Abe Martin, CFE, CSP abe@casinocryptology.com 931-CRYPTIC (279-7842) www.casinocryptology.com
21
11
Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20 Page 21 Page 22 Page 23 Page 24 Page 25 Page 26 Page 27 Page 28 Page 29 Page 30 Page 31 Page 32 Page 33 Page 34 Page 35 Page 36 Page 37 Page 38 Page 39 Page 40 Page 41 Page 42 Page 43 Page 44 Page 45 Page 46 Page 47 Page 48 Page 49 Page 50 Page 51 Page 52 Page 53 Page 54 Page 55 Page 56 Page 57 Page 58 Page 59 Page 60 Page 61 Page 62 Page 63 Page 64 Page 65 Page 66 Page 67 Page 68 Page 69 Page 70 Page 71 Page 72 Page 73 Page 74 Page 75 Page 76 Page 77 Page 78 Page 79 Page 80 Page 81 Page 82 Page 83 Page 84 Page 85 Page 86 Page 87 Page 88 Page 89 Page 90 Page 91 Page 92 Page 93 Page 94 Page 95 Page 96 Page 97 Page 98 Page 99 Page 100 Page 101 Page 102 Page 103 Page 104 Page 105 Page 106 Page 107 Page 108 Page 109 Page 110 Page 111 Page 112 Page 113 Page 114 Page 115 Page 116 Page 117 Page 118 Page 119 Page 120 Page 121 Page 122 Page 123 Page 124 Page 125 Page 126 Page 127 Page 128 Page 129 Page 130 Page 131 Page 132 Page 133 Page 134 Page 135 Page 136 Page 137 Page 138 Page 139 Page 140 Page 141 Page 142 Page 143 Page 144 Page 145 Page 146 Page 147 Page 148 Page 149 Page 150 Page 151 Page 152 Page 153 Page 154 Page 155 Page 156 Page 157 Page 158 Page 159 Page 160 Page 161 Page 162 Page 163 Page 164 Page 165 Page 166 Page 167 Page 168 Page 169 Page 170 Page 171 Page 172 Page 173 Page 174 Page 175 Page 176 Page 177 Page 178 Page 179 Page 180 Page 181 Page 182 Page 183 Page 184 Page 185 Page 186 Page 187 Page 188 Page 189 Page 190 Page 191 Page 192 Page 193 Page 194 Page 195 Page 196 Page 197 Page 198 Page 199 Page 200Made with FlippingBook - Online catalogs