7 Steps to Defend Against the Ransomware WannaCry’s Potential Phase Two Attack

7 Steps to Defend Against the Ransomware WannaCry’s Potential Phase Two Attack


As of last Friday, Kaspersky recorded 45,000 detections of the variant malware in 74 countries. There were 1600 infections in the US, 11,200 in Russia and 6,500 in China. Victims were asked to pay $300 (and rises to $600 before destroying files) to remove the infection from PCs. Windows based systems are affected as a result of preexisting vulnerabilities. “WannaCry is coming through spam, in which fake invoices, job offers and other lures are being sent out to random email addresses. Within the emails is a .zip file, and once clicked, that initiates a WannaCry infection.”

It was expected this attack would worsen over the weekend, but Friday afternoon, in England, a 22 year old cyber researcher was able to accidentally locate the kill switch by registering the web domain name of the Ransomware.

It has been revealed that there are more variants of the replicating worm that do not include a kill switch and more malware infections are expected this week.

To prepare for the week:

  1. Malware Prevention – Make sure your anti-virus and anti-malware are updated.
  2. Redundancy – Ensure your data is backed up consistently throughout the day. The more often your data is backed up to a separate server or cloud source the less vulnerable you will be to ransomware (paying the amount asked for).
  3. Security Configuration – Microsoft has fixed the vulnerabilities. Install security patches for MS Windows.
  4. Network Security – Install updates and reboot for MS Windows. Monitor all system networks, test security controls and limit user privileges.
  5. Training and Education – Remind teams to be very careful about what emails they open and what links they click on.
  6. Mobile and Home Security – Install updates on your personal computer and mobile devices. Keep business email communication and data on company devices and personal devices separate.
  7. Incident Management – Establish a disaster recovery plan to respond to incidents and report criminal incidents to law enforcement.

Jessica Robinson is CEO of PurePoint International which focuses in bridging the gap between physical and cyber security.

 

Security in a Changed World: Cybersecurity Officially Meets Physical Security in the NY DFS Regulation

Security in a Changed World: Cybersecurity Officially Meets Physical Security in the NY DFS Regulation

Cybersecurity experts have long espoused that cybersecurity is an enterprise-wide, board-level concern, and not just an IT problem.  As evidenced by its new cybersecurity regulation, one of New York State’s top regulatory bodies fully agrees with that sentiment.  The first-in-nation mandate from the New York Department of Financial Services (DFS), which regulates financial institutions (including banks and insurance companies) doing business in New York, will require companies to take a comprehensive approach to cybersecurity, protecting the confidentiality, availability and integrity of nonpublic information and information systems.  But in addition to focusing on just the expected areas of information security, access controls and data privacy, DFS expressly called out “physical security and environmental controls” as a key area to be considered when developing a cybersecurity policy.

Overview of the Regulation 

Broadly speaking, financial institutions that are New York State chartered or licensed are directly regulated by DFS. Although the DFS cybersecurity regulation contains certain exemptions from enforcement, including for covered entities that do not exceed certain thresholds regarding number of employees, gross annual revenue and year-end assets, DFS’s regulatory scope extends to financial institutions domiciled outside of New York State, and even outside of the US. DFS maintains a publicly available database of entities it regulates, which is accessible here. Unless a covered entity falls within an exception, it will be covered by the new cybersecurity regulation and will have to certify compliance beginning in 2018.

Physical Security and Environmental Controls

In the age of constant cyber security attacks and IoT (Internet of Things) companies are more exposed than ever when it comes to the vulnerably of their data.  In the financial sector, as a high value target for malicious and state sponsored attackers, the threat is real that to obtain specific data the goal of a cyber-attacker would be to breach multiple forms of entry via social engineering, phishing, and physical security and environmental controls. According to SecurityScorecard’s 2016 Financial Cybersecurity Report:

  • 75% of the top 20 U.S. commercial banks (by revenue) are infected with malware, according to SecurityScorecard’s2016 Financial Cybersecurity Report.
  • 95 percent of the top 20 U.S. commercial banks (by revenue) have a Network Security grade of ‘C’ or below.
  • 75 percent of the top 20 U.S. commercial banks (by revenue) are infected with malware and a number of malware families were discovered within these banks, including Ponyloader, and Vertexnet

The new DFS cyber regulation now requires a CISO, or an individual who takes on the responsibility of that role, in most financial institutions. But the CISO role in the financial services industry, as in all industries, will not reach its full potential if there is not a holistic perspective of enterprise risk management, including full collaboration with physical security and crisis management leaders within the organization. All leaders should be communicating weekly on company strategy, vulnerability updates, security incidents, attempted breaches, and current investigations. Being on the front lines of physical and cyber security has never been more critical. Bridging the gap between physical and cyber security consist of 7 critical steps:

  1. Right strategy and protocols, efficient collaboration and information sharing: Have an integrated enterprise strategy that is executed from the top down. Information sharing and collaboration among the leaders of the IT, cyber security, physical security and crisis response teams is an imperative. This also includes the third party vendors of these teams. Collaborating on specific security incidents and elevated threats can identify a potential threat and certainly aid in a response to a risk.
  2. Pay attention to network and perimeter detection alarms: This includes the network security alarms that monitor network intrusions, as well as monitoring physical intrusion detection systems, digital video, temperature, HVAC, environmental, lighting alarms or sensors.
  3. Investigate perimeter vulnerabilities and hacks: All alarms, network or physical security related, should have a threshold that triggers when a specific alarm needs to be investigated. This requires consistent monitoring and evaluation of controlling entry to the physical property, assessing the legitimacy of a possible intrusion, reviewing if an intrusion was physical, technical or operational, and communicating to the appropriate channels.
  4. Conduct vulnerability tests: Network, physical perimeter, fire suppression system and other alarm sensors should be conducted regularly. Reports with follow up action steps, audits and monitoring for further remediation should be included.
  5. Containment of breaches: Segment company data on the network. If one area of a system is breached, then segmentation will ensure that the breach is isolated to that one area. Proper access controls, ID badges, and environmental design will assist in containing an attempt of a physical breach. Containment of a breach, physical or data, is a critical part of any security strategy.
  6. Have a good Vendor Management Program: This is an official requirement of the new NY DFS regulation. To see why this is important, institutions need to look no further than the Target Corporation breach, which was initiated by phishing attack on one of Target’s HVAC vendors. Having clear assessment and guidelines, as well as follow up audits that include physical and cybersecurity and consistent monitoring, is key.
  7. Train your employees: Train employees on best practices so they can identify physical and cyber security red flags. If they don’t work directly on these teams, they should know what to look for and who to contact if they believe a breach occurred. If they do work in security, a security guard at a data center for instance, they should be trained to promptly follow the appropriate protocol for identification and remediation of a security incident.

As recognized in the NY DFS regulation, physical security is a key component of every financial institution’s overall cybersecurity program.  The deadline for development of a cybersecurity program and policies under the regulation is August 28, 2017, so covered entities are urged to take immediate steps to assess their risks and remediate compliance gaps in order to achieve timely compliance with the regulation.

Jessica Robinson, CEO of PurePoint International which focuses in bridging the gap between physical and cyber security.

Judy Shelby, Insurance & Technology Advisory Services Leader in Cybersecurity at BDO.

Washington DC: Our Missing Black Girls — Race and Human Trafficking?

Though is it not clear why 22 young Black and Hispanic girls and boys have recently gone missing in Washington DC, it is garnering grassroots activism. Monday a neighborhood meeting was held by local pastors and activists. A local town hall meeting occurred on Wednesday in DC where the community demanded to know what was going on.

The Metropolitan Police Department stated there are no facts or a modus operandi to support increased trends or anomalies in missing children, but many fear one possibility is an increase in human trafficking.

The increase in hate crimes after the election, continued focus on hot-button issues like immigration that disproportionately affect minority communities, the controversy of the travel ban disproportionately affecting Muslim and refugee communities, decreased federal support and funding of women and girls programs specifically focused on the prevention of violence against women, and federal funding for the support and protection of the LGBT community have been decreased or eliminated with #45 in office. This all signals the lack of concern around the protection of vulnerable communities, particularly individuals affected at the intersection of gender and race. Now, with the spike in young women of color missing, its perceived that finding these young girls has not become a priority either.

Women of color have long been victims of human trafficking in the United States, yet, many still see Eastern European or South Asian women and girls as the primary victims. This is further perpetrated by the perception that human trafficking is a small issue in the United States.

Human trafficking is a form of slavery that includes the transport or trade of people for the purpose of work. According to Soroptimist, a global volunteer organization committed to improving the lives of women and girls, human trafficking is a $32 billion dollar business. According to the UN, 2.5 million people are involved in human trafficking at any given time. Nearly 80% of human trafficking is for sex, and 19% is for labor. In 2014, the US Senate estimates that 200,000 to 300,000 minors are at risk, or are trafficked, annually from and within the United States. Many of those trafficked come from vulnerable communities with low socioeconomic status, are runaways, or have come from an abusive environment.

Though race is not always documented in trafficking cases, what we know is that race does play a discriminating role. According to the FBI, over half of minors that are arrested for prostitution in the US are Black. Prostitution is a direct link to human trafficking, particularly for minors and young women. Advocates have long stated that the role of race and racism in making children vulnerable to trafficking still has not been addressed. The larger concern identified by Cheryl Nelson Butler is that “the racialized sexual exploitation of people of color that developed during slavery and colonization impacts cultural expectations and beliefs about the availability and use of children of color for commercial sex today.”

According to a UCLA Law Review article by Butler, “the U.S Bureau of Justice Statistics determined that between 2008 and 2010, nonwhite children accounted for about 358 of 460 cases of human trafficking investigated by the Department of Justice, and a majority of these 358 confirmed victims were reported to be Black and Latino. Likewise, a 2013 National Juvenile Prostitution Study found that a disproportionate number of child trafficking victims were African Americans.” According to the 2013 National Crime Victims Rights Week Resource Guide, Black individuals represent 40% of human trafficking victims and 23.9% are Hispanic (graphics pictured are 2011 statistics). Inner cities and southern states see the highest numbers. Local prosecutors identify a disproportionate number of human trafficking victims as women of color in places like Texas, Georgia, and New York.

We need to advocate to lawmakers for better statistics on human trafficking regarding people of color and a more sensitive response from law enforcement when arresting minors for prostitution. Polaris, one of the leading organizations on human trafficking is working to increase policy legislation in support of victims, and create a development of standards with more data-sharing. Polaris also provides current statistics on the National Human Trafficking Resource Center hotline and their BeFree Textline. If you, or someone you know, is a victim of human trafficking contact 1–888–373–7888; TTY: 711

Jessica Robinson, CEO of PurePoint International, is a cyber security consultant and security expert at the intersection of gender, race and vulnerable communities. You can reach her at jessica@purepoint-international.com.

Inauguration Day Protests — Your Updated Definitive Safety Guide to the Women’s March on Washington: 15 Tips You Need to Know

* Updates and additions to the original piece have been added to the end of this article.

Like many of you, I am thrilled to be attending the Women’s March on Washington as a show of solidarity that women’s voices, strength and essence of the divine feminine, can never be muted. I know many people felt discouraged after the Hilary Clinton election loss. This march is a way to show that even though the glass ceiling didn’t break and the country elected someone who many believe has publicly, and consistently, disrespected women, the commitment to inclusion is stronger than ever.

As a security consultant, I am frequently asked by parents how to keep their kids safe online, how to keep their daughters safe while away at college, or how to stay safe while protesting. I was recently ask how to keep teens attending the Women’s March on Washington safe. This article was written separately from the women’s march organizers and supports many of the questions I have received for those attending the march. There are many questions parents are asking: will one segment of the march keep you safer than another? What should they wear or bring?

Great news is the Women’s March leaders are collaborating with Washington DC Metropolitan Police Department, Capitol Hill Police, National Park Service, and Homeland Security.

Here are your safety tips for the Women’s March on Washington:

1. Location/Time: The updated rally time is (10am-1:15pm), and the full list of speakers have been announced. You will want to get there early, bring gloves, hats, layered clothing (to take off and put on as needed), and hand and toe warmers. The march will begin at 1:15.

2. Look at the map of the Capitol Hill lawn. Know where the closest metro stations (Capitol South Metro Station on the blue orange and silver line; Federal Center SW Station on the blue, orange and silver line), restaurants, banks (ATMs — or bring enough cash) are located. This will also assist with any bathroom breaks you may need. From my experience attending the first Obama inauguration, I imagine the Park Service will set up portable bathrooms. Just in case that doesn’t happen, you will want to review a map and know what options are available. This can easily be done by accessing Google Maps prior and during the march. You will also want to know where law enforcement officers are located and where are they standing around the park, so that if something happens you will know where to go in an emergency. I would suggest also keeping any valuables, large purses, and super expensive cameras at home. Be sure to check out other event details as well.

3. Is one location of the march safer than another part? My answer is no. The rally and march will begin at Independence Ave and Third Ave. Generally, in large crowds it’s safe to be on the sides for a quick exit if needed. Plan to have a meeting place if separated from your party in case an emergency occurs. Always pay attention to your surroundings; situational awareness is key. There may be barricades up allowing entry and exit from certain street locations for crowd control purposes, so if there is an active shooter, for example, the best thing to do is to remain calm, protect yourself behind an immovable object if possible, and leave the area immediately in the opposite direction.

4. How do I keep my teenager safe who is attending with friends? She should be with a group of people you know and trust. If you don’t know the friends she is going with, perhaps suggest everyone come over your house for dinner and have an “impromptu” review of safety tips. It doesn’t have to be dinner, just an opportunity for you to meet these friends. Get at least 1–2 of her friend’s phone number. Ask her to check in when she arrives to the march and to check in every 90 minutes. This should be easy by having a timer on her phone. Ask her to check in when she leaves and is safely in her transportation traveling back home.

5. Have a portable way to charge cell phones. If you are an Apple person, a mophi battery case would be a good option. If you have an android carry an extra charger. This is especially important if you plan to be out there all day. This is even more important for teens checking in with their parents throughout the morning.

6. In case something (assault, verbal argument) happens is there a way to make yourself less of a target? If an emergency erupts the best way to make yourself less of a target is to immediately walk away. Don’t run, just walk away quickly. Look for law enforcement and get out of the immediate general area. Additionally, make sure you don’t leave alone.

7. What do you do if you meet an agitator? As with many marches on Washington, or with many rallies or protests, there may be counter protests that occur. If this happens the most important thing is to be respectful. However, if an agitator were to come up to you, remain calm, keep far enough distance so that they don’t touch you, if they get too close ask them to step away. Say, “back up” in a firm voice. Ask for law enforcement support if needed.

8. General rules for staying safe while protesting: Don’t go alone. Travel in groups; I can’t stress this enough. First, it won’t be as much fun if you’re alone. Second, anything can happen — your phone battery can die, or you can fall and hurt yourself. These things will be much easier if you have someone by your side.

Be respectful with protest signs. Be mindful of signs being in people’s way and their visibility to see the stage. That could easily be an irritation that can evolve into a miscommunication.

One of the questions I’ve received frequently is how do I stay safe while protesting. If you happen to be in a position where things start to get out of hand, meaning people are pushing and shoving or someone produces a weapon, leave the area immediately. I’m sure there will be law enforcement all over the place. Be sure to keep your eye out for where they are and go up to them and let them know what is occurring. This will ensure the safety of everyone and will help to make sure that this march is a success.

9. What protest signs are appropriate? For the most part all protest signs will probably be appropriate. You do want to keep it upbeat and positive, something that can influence versus push people away. However, it’s up to the individual. I would say there’s probably aren’t too many restrictions here. If you’re going to bring a sign, sticking to the themes of what we’ve been hearing and talking about: reproductive rights, breaking the glass ceiling, sexual harassment, etc. I think you’ll be fine.

10. Social media safety: Just remember this is a march on Washington. Something many people will see as a political event whether you do or not. Only post pictures you would feel comfortable with everyone seeing. Be mindful of any pictures you wouldn’t want a boss or potential employer to see. This is important for your personal safety as well.

11. What if I am over 65 and I am attending the march? If you have attended many rallies before, especially in the 60s and 70s you will remember it can be exhausting. Be sure to bring all the medication you will need for the day. Bring enough warm clothes. Come with at least one friend; do not come alone. If you had any type of health condition be sure to wear your medical alert bracelet, or be sure to tell your friend so that he or she is aware.

12. What if I have a disability and I am attending the march? If you are attending the march and you have a disability I would stress that you should not attend alone, and that you carry something that lets people know what disability you have and indicates what medication that you’re taking. I’m sure that there may be a specific area for people with wheelchairs. For additional information, check out the official site for the Women’s March on Washington.

13. What is the best source of transportation to get to the march? To get to the march once you’re in DC the best source of transportation is the Metro. The Metro will open at 5am to accommodate the march. To get into DC you could always travel by car, however it’s possible that the 14th St. bridge into DC will be closed if you’re coming in on that day. So, the best bet if you’re driving is to try and come in the night before or have an alternate way to get into the city other than the 14th St. bridge. I’m sure taxis will also be available as well. Check road closures before driving in to the city, as well as Amtrak schedule accommodations.

14. Tips for handling mob mentality in emergency. Here are 5 tips for handling mob mentality when an emergency occurs.

15. Remember to leave weapons at home. Anything that could easily be used as a form of protection like mace or switchblades, could be viewed as weapon by law enforcement.

Also, don’t forget to check out this article — Woman’s March Washington: What You Need to Know

Addendum:

**Now that I am in Washington DC, I have been able to make some on the ground assessments. Here are a few safety updates in response to the protests from the Inauguration Day protests. Below of the updated Safety Guide with these additions includes!

1. With the protests from Inauguration Day there are expectations of more at than Women’s March as well as increase possibility of potential acts of violence. If you face counter protests, so not engage. If they get in your face, firmly ask them to “back up.” If the protestors get physically aggressive, leave the area immediately.

Also, expect the possibility of other movements protesting, that won’t directly relate to the Women’s March.

2. The Klu Klux Klan (KKK) is also in Washington DC and made there presence known on Thursday, but did not appear to be directly involved with the conflicts from the inauguration protests on Friday. Be alert of potential counter protests on Saturday.

Questions I received on Friday are:

3. What if certain actions increase confrontation with law enforcement (certain signs, specific protest chants, protesting without shirts or bras)?Deescalate direct confrontations with the police. This can include silence, sitting down, standing but not moving, essentially anything that represents non-violence.

4. What do you do if you get arrested?

Carry enough cash ($100) with you so can pay bail. Depending on the situation, the police may do an “arrest and release” versus an “arrest and hold.”

5. What if the police uses excess force?

Focus on non-violent actions. Sit-in, stand in silence, or record the non-violent protest with your phone. Don’t fight back, or resist an arrest. Let your non-violent actions be the answer.

6. Isn’t marijuana legal in DC?

Yes, marijuana use is legal in Washington DC, but you cannot smoke in public, or on government land or property. If you do, that will leave you open to a possible arrest. Please do keep this in mind for the march.

Enjoy, be safe and have fun!

Jessica Robinson is CEO of PurePoint International and writes frequently on safety and security topics related to holistic security, personal safety, and gender.