CERT-MUComputer Emergency Response Team ofMauritius
Mr. Manish Lobin Information Security Consultant
CYBERSECURITY:
WHAT’S IT GOT TO DO WITH SMES?
SMEs in Mauritius
• Contribute around 40% to GDP
• Employ over 280,000 people (representing 54% of total employment) in
some 125,500 establishments
2www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Source: http://enterbusiness.govmu.org/English/Documents/SME%20Master%20Plan_Full%20Version_FINAL.pdf
3www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU Challenges faced by SMEs
• Lack of robust Organisational structures
• Limited access to Resources – Finance, Human, infrastructure
• Framework – administrative structures often restrictive, bureaucratic
• Adoption of Information Security
SMEs & Cybersecurity
What is Cybersecurity?
Cyber security is about protecting your computer-based
equipment and information from unintended or unauthorised
access, change or destruction.
4www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
5www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
What is directly at risk?• Your money
• Your IT equipment
• Your IT-based services &
• Your information: • client lists & customer databases,
• your financial details & your customers’ financial details,
• deals you are making or considering & your pricing information,
• product designs or manufacturing processes6www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
7www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Who could pose a threat to your assets?Ø Current or former employees, or people you do business with• Compromising your information by accident, through negligence,
or with malicious intent
Ø Criminals/Hackers• Out to steal from you, compromise your valuable information or
disrupt your business because they don’t like what you do
Ø Business competitors• Wanting to gain an economic advantage
8www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
9www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU What form could the threat take?
• Theft or unauthorised access of computers, laptops, tablets, mobiles
• Remote attack on your IT systems or website
• Attacks to information held in third party systems e.g. your hosted services or company bank account
• Gaining access to information through your staff
What impact could an attack have?
• Financial losses from theft of information, financial and bankdetails or money
• Financial losses from disruption to trading and doing business– especially if you are dependent on doing business online
• Costs from cleaning up affected systems and getting them upand running
10www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
What impact could an attack have? (contd)
• Costs of fines if personal data is lost or compromised
• Costs of losing business through damage to your reputation andcustomer base
•Damage to other companies that you supply or are connected to
11www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
12www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
HOW BAD COULD IT BE?
A single successful attack could seriously damage your business.
Attack Vectors
•Email is the number 1 Attack vector • 92.4% of malware is delivered via email (Source: Verizon 2018 Data Breach
Investigations Report)
• Attackers see email as a direct line to the most vulnerable part of any network — end users
• In the vast majority of cases, malicious emails rely on tricking users into opening attachments
13www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Attack Vectors (contd.)• As per the 2019 Symantec Internet Security Threat Report (ISTR), the most common
malicious email disguises are:
• Bill / invoice (15.7%)
• Email delivery failure notice (13.3%)
• Package delivery (2.4%)
• Legal/law enforcement message (1.1%)
• Scanned document (0.3%)
• According to the ISTR, 48% of malicious email attachments are Office files, which
typically aren’t blocked by email filters14www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Attack Vectors (contd.) - Ransomware
• Ransomware via Email attachments
• As per Q4 2018 Global Ransomware Marketplace Report (Coveware),
84.5% of ransomware infections have been initiated via RDP
15www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Attack Vectors (contd.) - Malware
16www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
• 4 out of 5 SMEs reported that malware has evaded their antivirus solutions &intrusion detection system
Source: 2018 State of Cybersecurity in Small & Medium Size Businesses report (Ponemon/Keeper Security)
Insufficient Personnel to fight cyber attacks
17www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Source: 2018 State of Cybersecurity in Small & Medium Size Businesses report (Ponemon/Keeper Security)
3 out of 4 SMEs say they don’t have sufficient
personnel to address IT security
18www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Source: 2018 State of Cybersecurity in Small & Medium Size Businesses report (Ponemon/Keeper Security)
How to manage the Risks?
19www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Ø Planning• Consider whether your business could be a target - this will indicate the level
of risk your business is exposed to
• Know whether you need to comply with personal data protection legislationetc.
• Identify the financial and information assets that are critical to your business,and the IT services you rely on
• Assess the level of password protection required to access your equipmentand/or online services by your staff, third parties and customers, and whether itis enough to protect them
How to manage the Risks?
20www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Ø Planning (contd.)• Ensure that your staff have appropriate awareness training, so that
everyone understands their role in keeping the business secure
• Decide whether you need to make an investment, or seek expertadvice, to get the right security controls in place for your business
• Consider who you could turn to for support if you are attacked, or ifyour online services are disrupted in some way
How to manage the Risks?
21www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Ø Implementing• Network security: increase protection of your networks,
including wireless networks, against external attacks through theuse of firewalls, proxies, access lists and other measures
• Secure configuration: maintain an inventory of all IT equipmentand software. Identify a secure standard configuration for allexisting and future IT equipment used by your business. Changeany default passwords
How to manage the Risks?
22www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Ø Implementing (contd.)• Managing user privileges: restrict staff and third-party access to IT
equipment, systems and information to the minimum required.Keep items physically secure to prevent unauthorised access.
• Home and mobile working, including use of personal devices forwork: ensure that sensitive data is encrypted when stored ortransmitted online so that data can only be accessed by authorisedusers.
How to manage the Risks?
23www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Ø Implementing (contd.)• Removable media: restrict the use of removable media such as USB
drives, CDs, & DVDs, and protect any data stored on such media tohelp stop data being lost and to prevent malware from beinginstalled.
• Monitoring: monitor use of all equipment and IT systems, collectactivity logs, and ensure that you have the capability to identify anyunauthorised or malicious activity.
How to manage the Risks?
24www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Ø Reviewing• Test, monitor and improve your security controls on a regular basis to
manage any change in the level of risk to your IT equipment, servicesand information
• Remove any software or equipment that you no longer need, ensuringthat no sensitive information is stored on it when disposed of. Reviewand manage any change in user access, such as the creation of accountswhen staff arrive and deletion of accounts when they leave
How to manage the Risks?
25www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Ø Reviewing (contd.)• If your business is disrupted or attacked, ensure that the response
includes removing any ongoing threat such as malware, understandingthe cause of the incident and, if appropriate, addressing any gaps in yoursecurity that have been identified following the incident
• If you fall victim to online fraud or attack, you should report theincident on the Mauritian Cybercrime Online Reporting System(MAUCORS) which is an online reporting platform. You may need tonotify your customers and suppliers if their data has been compromisedor lost
26www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
27www.cert-mu.org.mu | Hotline: 800 2378 | Email: [email protected] | Incident Reporting: [email protected]
CERT-MU
Remember, there is no such thing as 100 % Security. At some point in time someone will
find a way to bypass a particular defense, often in ways you never thought of.
ThankYou
28
CERT-MU
ComputerEmergencyResponseTeamofMauritius(CERT-MU)
Tel:2105520|Hotline:8002378
GeneralEnquiry:[email protected]:[email protected]
IncidentReportingportal:http://maucors.govmu.orgIncidentReportingemail:[email protected]
CybersecurityPortal:http://cybersecurity.ncb.muWebsite:www.cert-mu.org.mu
CONTACTUS