Cyber Breach – It will happen to you!

By Michael McCartney (michael.mccartney@digitsllc.com) is President/CEO of DIGITS LLC, in Buffalo, NY.

Vulnerability Assessment - web

We have all seen the national news reports lead with the all too familiar story of another company being the victim of a cyber attack. Target, Neiman Marcus, eBay, Goodwill, Stubhub, and many more, have all fallen victim to this alarmingly increasing trend. Of course, these are all name brand companies that are worthy of national media attention. However, yearly reporting of data breach statistics prove that no one is immune from this risk.

 One of the most widely respected annual data breach publications is the Verizon Data Breach Investigative Report (DBIR). The 2014 report is the tenth (10th) annual report, which aggregates data security incidents and breaches from 50 organizations across 95 countries. This provides for trending and matrix of breach statistics by industry. The report shows that every industry is affected and highlights the motivations behind the attacks. While financial gain is still the highest motivator for most threat actors, espionage is on an alarming increase. The report also shows that no industry is safe from these attacks.

Reference : http://www.verizonenterprise.com/DBIR/2014

 At the Annual Meeting in Boston on August 12, 2014 the American Bar Association ABA House of Delegates passed a resolution that encourages all private and public sector organizations to develop, implement, and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations.  The report goes into great detail outlining the severity of this data breach crisis, not only to law firms, but to private industry and our critical infrastructure. The government includes the following industries as critical infrastructure: Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial, Food and Agriculture, Government Facilities, Healthcare and Public Health, Information Technology, Nuclear Reactors, Materials and Waste, Transportation, and Water and Wastewater Systems.  The private sector owns about 85% of this infrastructure in the US.

 American Bar Association encourages these organizations conduct regular risk-based assessments as well as to develop and test a Incident Response Plan for possible cyber attacks, including disclosure of data breaches, notification of affected individuals, and the recovery and restoration of disrupted operations.

Reference : http://www.americanbar.org/content/dam/aba/administrative/house_of_delegates/resolutions/2014_hod_annual_meeting_109.authcheckdam.pdf

  In February 2013, President Barack Obama issued Presidential Policy Directive – 21 together with Executive Order 13686 acknowledging the alarming increase in cyber security incidents and calling for the U.S Department of Commerce to develop a Baseline Framework to Reduce Cyber Risk to Critical Infrastructure. In February 2014, the National Institute of Standards and Technology (NIST) published their Framework for Improving Critical Infrastructure Cybersecurity working paper.

Reference :

http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity

 http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf

 These reports and government initiatives demonstrate a significant trend in awareness around the need to proactively address our cyber security and cyber response readiness. DIGITS LLC offers a full suite of proactive and reactive services t assist companies confront these challenges head-on!

 

SCCE Web Conference: Data Breaches- No Stranger to Small Firms

Michael McCartneyMichael McCartney, President/CEO of DIGITS LLC, will be presenting a SCCE Web Conference on the topic of: Data Breaches – No Stranger to Small Firms.

DIGITS LLC was founded in 2006 to fill the need in the legal and corporate communities for highly skilled digital forensics, proactive cyber security services, corporate computer investigations, cyber security incident response and advisory services, eDiscovery and litigation support services, and other investigation services.

SCCE Web Conference:

Data Breaches- No Stranger to Small Firms
February 19 , 2014
12pm CST | 1pm EST | 11am MT | 10am PST | 9AM AKST | 8AM HAST
Main Points Covered:
  • Be able to evaluate how secure your office network is
  • Identify gaps in your office’s data and network security.
  • Understand risk and liabilities to insecure network infrastructure
 
DIGITS LLC

Vulnerability Assessment in Response to Cyber Attacks

Vulnerability Assessment - web

DIGITS LLC offers a complete suite of vulnerability assessment services that enable companies to identify critical security threats.

DIGITS LLC’s President and CEO, Michael McCartney, explains that “Congressman Chris Collins, Chairman of the Small Business Subcommittee on Health and Technology, outlined statistics that show that nearly 60 percent of small businesses will close within months after a cyber-attack. A recent report shows nearly 20 percent of all cyber-attacks are targeting small firms with less than 250 employees.”

In response to this alarming trend, DIGITS LLC released a complete suite of vulnerability assessment services that assist companies to identify critical security threats that may expose their data to an unauthorized third party.

McCartney continues to explain “Many companies are poorly equipped to take on the task of identifying their infrastructure pain-points and therefore, find themselves at a high risk for cyber-attacks and data breach.”

DIGITS LLC’s experts leverage their decades of information technology, computer security and investigative experience to assist their clients in identifying security vulnerabilities and help them develop a road map for remediating those threats.  DIGITS LLC provides a 3rd party security assessment and validation that follows a proven methodology and leverages industry best practices.  These types of assessments also reduce unauthorized access, data exfiltration and data manipulation as well as assist companies to comply with regulations such as PCI DSS, HIPAA / HITECH and NIST.

Examples of the services provided include: External Network Perimeter Vulnerability Assessment, Internal Network Vulnerability Assessment, Active Directory Reviews, WLAN Assessments, VoIP Assessments, OS Patch Management Assessment, Device Configuration Management Review, and Source Code Review of Company Developed Applications.

Additional information about DIGITS LLC’s Vulnerability Assessment Services can be found at http://www.digitsllc.com/vulnerability-assessment.

Digital Forensic Articles

DIGITS LLC was founded in 2006 to fill the need in the legal and corporate communities for highly skilled digital forensics, proactive cyber security services, corporate computer investigations, cyber security incident response and advisory services, eDiscovery and litigation support services, and general digital forensic consulting needs.

In conjunction to our services, the principles of DIGITS LLC have authored many articles about the digital forensic industry.  Click the link below to read articles in which DIGITS LLC has been published in various media sources.

DIGITS LLC Articles in the News

DIGITS LLC

www.digitsllc.com

DIGITS to Speak at Homeland Security Management Institute Cyber Conference

We are excited to have Michael McCartney, President/CEO of DIGITS LLC, presenting at the HSMI Cyber Conference on Wednesday, July 31, 2013! The conference will be held at the Public Safety Training Facility, 1190 Scottsville Road, Rochester, New York 14624 in room 117.  Find the conference agenda below.  For any questions, please contact:

Sheila Manns: 585.753.3921, email: smanns@monroecc.edu
Glenn Greibus: (Day of Conference): Cell 585.721.7071, email: ggreibus@monroecc.edu

Homeland Security Management Institute

AGENDA
8:15 – 9:00
Registration and Continental Breakfast
9:00 – 9:15
Welcome……………..……………………….……………………………………….John J. Perrone Jr.
Director
Homeland Security Management Institute
Opening Remarks……………..……………….…………………………………………….Todd Oldham
Vice President
Economic Dev. & Innovative Workforce Svc.
9:15 – 10:15
…………….…………….………………………………………………………………….…Edward Suk
Executive Director
National Center for Missing & Exploited Children
10:15– 10:30
Break
10:30 – 11:15
…………….…………….………………………………………………………………….…Edward Suk
Executive Director
National Center for Missing &Exploited Children
11:15 – 12:15
…………….…………….……………………………………………………………Michael McCartney
President/CEO
DIGITS LLC
12:15 – 1:30
Lunch
1:30– 2:45
……………………………………………………………………………………………SA Kevin Parker
FBI Buffalo Division/Rochester RA
2:45 – 3:00
Break
3:00 – 4:00
………………………………………………………………………………………………..Ryan Peck
Assured Information Security
4:00
Closing Remarks John J. Perrone Jr.
Director, Homeland Security Management Institute

DIGITS LLC

www.digitsllc.com

Mobile Forensics & Data Breach Repercussions

Buffalo Law Journal

DIGITS LLC, Digital Forensics Investigators, were featured twice this this weeks publication of the Buffalo Law Journal and Buffalo Business First.  Articles featured include:

DIGITS LLC fills the need in the legal and corporate communities for highly skilled digital forensics, proactive cyber security services, corporate computer investigations, cyber security incident response and advisory services, eDiscovery and litigation support services, and general digital forensic consulting needs.

Click the links below to read each of these articles from the source:

DIGITS LLC

www.digitsllc.com

Mobile Forensics

DIGITS LLC Mobile Forensics Over the last several years, the world of mobile forensics has seen a rapid evolution. The way in which the mobile devices has evolved has also increased the amount of evidence forensic examiners can retrieve from devices such as cellphones, tablets and portable GPS units. Mobile devices and their operating systems are changing every day so this evolution is far from over. As mobile devices get smaller it seems they are becoming more complex. Most smartphones and tablet devices can now perform the same functions as a laptop or desktop computer and in many cases they outperform their larger counterparts in both functionality and speed!

Our cellphones are very personal to us. We keep them close and use them often. We take family pictures, store our appointments and communicate with those dear to us; however this personal nature is no different for those who would use the devices for nefarious purposes.  Forensic examiners can capitalize on this feeling of safety and extrapolate additional data which may not be found on other devices such as a laptop or desktop computer.

mobile-phonesClients should not overlook company owned mobile devices when considering DIGITS to conduct a digital forensic investigation. These devices can contain a wealth of evidence involving proprietary company information, inappropriate activity and much more. A company’s future may literally be in someone’s pocket.

Deleted data on mobile devices is not a problem for DIGITS. Our forensic techniques allow us to delve into areas of the phone that typical users cannot access to find deleted data which may be absolutely critical to an investigation.

All is not lost if our client has a mobile device that is missing. With certain mobile devices, forensic examiners may not even need the device to conduct their investigation. For example, Apple and BlackBerry devices often back their data up onto an individual’s computer giving examiners the opportunity to see vital evidence such as text messages, media files, contacts and more from the back up files on laptops, desktops or the cloud.

Companies who utilize mobile devices need to think about the potential risk these devices could pose. If you, or your company has a mobile device which requires high-tech forensic examination, don’t wait a moment longer, call DIGITS today.

By: Christopher Nowak, Forensic Specialist

DIGITS LLC

www.digitsllc.com

DIGITS LLC Introduces Accident Reconstruction Unit

Christopher PuckettInternationally known digital forensic examiners at DIGITS LLC, are now offering Accident Reconstruction Services.  Christopher Puckett has been hired as DIGITS LLC’s Manager of Accident Reconstruction Unit.  Mr. Puckett attended the New York State Police Academy, as well as the Institute of Police Technology and Management (IPTM), in which he specialized in Collision Reconstruction Training.

During his 20 year Law Enforcement career as an Investigator with the New York State Police, Mr. Puckett investigated the states most complicated motor vehicle accidents involving property damage, physical injury, and death.

CDR Systems - Accident Reconstruction“We are excited to add Accident Reconstruction Unit and welcome Christopher Puckett to DIGITS LLC,” said Michael McCartney, President/CEO, DIGITS LLC.  “Mr. Puckett is an expert at forensic mapping and diagramming of any incident to include: motor vehicle collisions, crime scenes, and various non-collision related incidents.”

> Click here to learn more about DIGITS LLC’s Accident Reconstruction Unit

DIGITS LLC

www.digitsllc.com

International Program on Information Assurance and Management – 2013

University at BuffaloDIGITS LLC is excited to be a part of the International Program on Information Assurance and Management – 2013.  This event will take place at University at Buffalo, The State University of New York, Davis Hall, from June 14th to June 19th.

One of the missions of the Center of Excellence in Information Systems Assurance Research and Education (CEISARE) is to increase awareness in information assurance (IA) by arranging seminars, conferences and workshops. The goal of this five and half-day workshop is to educate executives in banking and financial institutions in the area of IA and management so that they are better prepared to deal with malicious attacks targeted at their systems and network. The workshop features experienced instructors from academia and industry, interactive sessions, and visits to corporate network operations centers.

Michael McCartney will be presenting the topic Proactive Forensics and Compliance 101 on Tuesday, June 18, from 2:45 p.m. to 4:15 p.m.

Visit this website for additional information about the event: http://www.cubs.buffalo.edu/IPIAM/

This event is organized by:

Shambhu Upadhyaya
Director, CEISARE
Professor, CSE
Email: shambhu@buffalo.edu

Venugopal Govindaraju
Director, CUBS
SUNY Distinguished Professor, CSE
Email: govind@buffalo.edu

Srirangaraj Setlur
Principal Research Scientist, CUBS
Email: setlur@buffalo.edu

B. Sambamurthy
Director, IDRBT
Email: bsambamurthy@idrbt.ac.in

B. M. Mehtre
Associate Professor, IDRBT
Email: bmmehtre@idrbt.ac.in

Please contact any of the above names for additional details about the International Program on Information Assurance and Management – 2013.

DIGITS LLC

www.digitsllc.com

Webinar Presentation with SCCE

On May 15, 2013, Michael McCartney, President/CEO of DIGITS LLC, will be presenting a webinar titled “Computer Forensics 101: Proactive Compliance” for the audience of SCCE.

Computer Forensics 101: Proactive Compliance
MAY 15, 2013
12pm CST | 1pm EST | 11am MT
10am PST | 9AM AKST | 7AM HAST

Brochure

Topics Covered
Real life case studies will be used to highlight what the computer forensic expert looks for on computers, smart phones and tablets. Identification of Electronically Stored Information (ESI) and how computer forensics is used to identify fraud as well as proactive compliance programs and regulatory inquires. You will learn what you can expect to gather from computers and smart phones whose contents become evidence in your cases.
  • Understand the practical use of Computer Forensics in Data Loss Prevention (DLP).
  • Understand what ESI is available from computers and smartphones.
  • How to implement Proactive Computer Forensics into Human Resource, Regulatory, Compliance, FCPA and other regulatory, compliance and Audit Programs.
Pricing:
$99.00 Member Rate
$119.00 Non Member Rate
DIGITS LLC