Insights

Cybersecurity: It's 2AM. Do you know where your data is? Come to speak with our expert: Patrick Kelley Principal Security Engineer Critical Path Security Your Hosts – Eileen Greenspan, Greg Feigenbaum and Mark Deters Sentinel Benefits & Financial Group. We are looking forward to seeing you. Please Join Us! Time: 8:15am – 10:00am Coffee and Breakfast will be provided Location: Sentinel Benefits & Financial Group 1250 Broadway, 24th floor New York, NY 10001 Please RSVP to Daria Oterin at Daria.Oterin@sentinelgroup.com Roundtable PDF Announcement

  Cyber security has been a concern for the government and private sector for over a decade. The growth in the Information Technology sector in the United States has given rise to cyber crimes that leave huge losses in their wake. Data breaches have gained more attention in the news with each breach seemingly being larger than the ones that came before it. The cost of the data breaches have increased considerably with the record breaking breaches occurring in 2017 at Equifax and Uber leaking information on more than 200 million American citizens. The United States cyber security regulation comprises of directives from the Executive Branch and legislation from Congress forcing companies and organizations to protect their systems and information from cyber-attacks such as viruses, phishing, denial of service (DOS) attacks, unauthorized access (stealing intellectual property or confidential information) and control system attacks. There are three main federal cybersecurity regulations:…

We live in an era of increasingly prevalent cybercrime. The first wave of hacking seemed to only target large companies that stored masses of sensitive data. Stories about credit card numbers and contact information being stolen from retail stores made major news headlines. These days, unfortunately, it looks as if cybercriminals have discovered the gold mine that is business data. That’s the bad news. The worse news is that too many businesses are unprepared for the size of the threat we’re now facing. Surveys show that over 50% of have no cyber protection protocols in place and 60% did nothing to increase their security after being attacked. Patrick Kelley joined Robert Frost, Scott Saugenbaum, Melody McAnally, and Barbara Allen-Watkins to discuss discovery, response, and recovery from cyber and wire fraud.

When I work with enterprise organizations in regards to their security posture, I usually run into the same scenario. The Information Security has a reduced budget and a more traditional approach to security.  Unfortunately, as the global landscape of enterprise networks continues to evolve, it’s clear this approach won’t be applicable.

In a new generation of adversarial attacks, inside-out attacks are becoming more common and lateral movement through leaked exploits is the new game. As we’ve seen in the past with XP exploits – MS08-067, unpatched workstations and servers are the new “norm”.

With the new ransomware, “BadRabbit”, the attackers used EternalRomance, an exploit that bypasses security over Server Message Block (SMB) file-sharing connections, enabling remote execution of instructions on Windows clients and servers. This attack leverages the same methods revealed in the Shadowbrokers code release. NotPetya also leveraged this exploit.

(more…)