Speak to one of our professionals about your organizational needs
"*" indicates required fields
"*" indicates required fields
Highlights of the July edition of the HBK Risk Advisory Services webinar series hosted by William J. Heaven, CPA/CITP. CISA, CSCP, Senior Director, HBK Risk Advisory Services.
Practical advice for protecting yourself and your company from cybersecurity attacks.
How hackers obtain personal identifiable information (PII): the most sensitive personal informatio.n
www.haveibeenpwned.com – Use the site to check for breaches from data bases and learn where you might have compromised data or what has been compromised, such as email or phone number. The site also provides recommendations.
Biggest takeaway about responding to emails, etc: Be skeptical.
Key takeaways from the 2023 Verizon Data Breach Investigations Report (DBIR).
Key components of a data breach:
Hacker motivations:
Pretesting on the rise:
Ransomware involved in 24 percent of cyber attacks in 2022:
The PII Market
Surface Internet equals about 5.5 billion pages, only 4 percent of total internet.
The Deep Web: typically not searchable by general public, such as healthcare or academic records, legal documents; equals 90 percent of data on internet.
Dark Web: about 6 percent of internet pages
Hygiene Habits to Mitigate Risk
Passwords:
Password composition and length:
Phishing/Smishing/Vishing:
Ways employed to trick you:
Antivirus and antimalware:
Be careful:
Online Accounts:
Identity Protection:
If you are hacked, report it to the Internet Crime Complaint Center at www.ic3.gov.
"*" indicates required fields
The Verizon Data Breach Investigations Report (DBIR) is an annual report based on data provided by cybersecurity firms around the world. The primary purpose of the DBIR is to inform organizations about cybersecurity threats and how to protect against them. The DBIR is considered the “go-to resource” by many in the cybersecurity field.
"*" indicates required fields
Highlights of the July 19, 2023, HBK Risk Advisory Services webinar hosted by William J. Heaven, CPA/CITP. CISA, CSCP, Senior Director, HBK Risk Advisory Services.
The Verizon Data Breach Investigations Report (DBIR) is based on data reported to Verizon by global expert cybersecurity firms. The primary purpose of the DBIR is to inform organizations about the cybersecurity threats they face and how to protect against them. The DBIR is considered a “go-to resource” by many in the cybersecurity field. It is a global snapshot of what’s going on in terms of cybersecurity incidents and breaches in various industries.
Background
The 2023 Report is the 16th annual edition; was released in June.
Categorized by VERIS system: Vocabulary Event Recording and Incident Sharing.
Phishing is number one attack relative to lost and stolen assets, becoming more prevalent.
Definitions:
For selected industries—financial, healthcare, manufacturing, information, and professional—the top three threats are social engineering, system intrusion, and web applications.
Why pay attention to DBIR?
Find the report via Google search or the Verizon.com/DBIR.
Takeaways from the 2023 Report:
Ways attackers get to your information:
Advice: Educate employees about phishing, and scan for and patch your vulnerabilities: 74% of all breaches includes human element (errors, privilege misuse, or social engineering)
Ransomware is still a big problem:
Social engineering: incidence of pretexting rose
Errors continue as a trend:
Small and medium-size businesses
"*" indicates required fields
Section 174 has been a popular topic for manufacturers, as changes to the amortization of certain expenses can affect the R&D credit and other aspects of a company’s tax return. Manufacturers have been anxiously watching for legislation to see if a repeal or delay to the amortization requirement is passed. Join HBK Manufacturing Solutions and Source Advisors to learn more about the amortization of Section 174 expenses and an update on pending legislation.
"*" indicates required fields
"*" indicates required fields
Highlights of the May 24, 2023, HBK Risk Advisory Services webinar hosted by William J. Heaven, CPA/CITP. CISA, CSCP, Senior Director, and featuring Justin Krentz, Principal, Business Development, Vertilocity, and Chris Bowman, Director of Security Service, Vertilocity
Purposes of a cybersecurity risk assessment:
Start with a framework:
Cybersecurity risk assessment refers to the process of identifying, estimating, and prioritizing security risks. Covers technology but also includes policies, processes, and employee training used to protect users and data. Involves a deep dive into how are the organization is accessing data, who is accessing data—all the components that make up a risk posture.
Network assessment includes:
Security assessment includes:
Vulnerability assessment includes:
The dark web is where hackers exchange information they’ve stolen from an organization. Need to determine if information or credentials have been stolen and close those gaps.
Integration of people, processes, and technology:
Risk assessment outcomes:
Recovery Plan:
Any risk assessment should include a disaster recovery plan and testing the plan to ensure you understand all the implications of a recovery if it needs to be done, including how it actually happens, what can be expected, and who is in charge of what.
Recovery testing:
Cybersecurity culture refers to the people in the organization and their behavior relative to cybersecurity. Make sure that individuals are taking a defensive posture and have the tools to recognize threats. It involves continuous education for every part of the organization.
Why do I need to do a risk assessment?
Summarily, know where you stand and never become complacent. Make a point to go through this risk assessment exercise minimally on an annual basis.
"*" indicates required fields
Highlights of the April 26, 2023, HBK Risk Advisory Services webinar hosted by William J. Heaven, CPA/CITP. CISA, CSCP, Senior Director, and featuring Greg Kelley, BS, EnCE, DFCP, Chief Technology Officer and Founder, Vestige Digital Investigations.
Today’s Cybersecurity landscape:
Phishing: Plays on unaware victims who fail to scrutinize where email is coming from.
Poor passwords/credential stuffing: Use complex, long passwords with uppercase, lowercase, symbols, and numbers.
Good cyber hygiene
9-step program for good cyber hygiene
"*" indicates required fields
Highlights from the April 26, 2023, HBK Manufacturing Solutions webinar featuring Brian Sommers, Principal, Chief Investment Officer of HBKS Wealth Advisors; and hosted by James Dascenzo, CPA, Principal, National Director of HBK Manufacturing Solutions, and Amy Reynallt, MBA, CMA, HBK Senior Manager, Regional Director of HBK Manufacturing Solutions.
Banking Crisis Background
In March 2023, the Federal Deposit Insurance Company (FDIC) took control of three banks – Silicon Valley Bank (SVB), Signature Bank, and Silvergate Bank. Around the same time, Credit Suisse, the second largest bank in Switzerland, also failed and was purchased by a competitor. The failures were all exposed by similar issues, including narrowly focused customer markets or exposure to cryptocurrency. However, one common factor is critical in each situation – each bank was mismanaging its balance sheet. Therefore, it is unlikely that we will see a large number of additional banks fail.
However, we may see broader consequences of these recent failures. For instance, the banking industry is tightening lending standards and maintaining higher levels of liquidity. This may lower loan volumes which could make it more challenging to borrow. Note: Since the airing of this webinar, First Republic bank was also shut down and subsequently purchased by JPMorgan Chase.
Manufacturers Action Items
Manufacturers may consider:
For more information on this topic, contact us as follows:
Brian Sommers, Principal, Chief Investment Officer – HBKS Wealth Advisors – bsommers@hbkswealth.com
Jim Dascenzo, Principal, National Director – HBK Manufacturing Solutions – jdascenzo@hbkcpa.com
Amy Reynallt, Senior Manager, Regional Director – HBK Manufacturing Solutions – areynallt@hbkcpa.com
"*" indicates required fields
Highlights of the March 22, 2023, HBK Risk Advisory Services webinar hosted by William J. Heaven, CPA/CITP. CISA, CSCP, Senior Director
The webinar opens by defining terms associated with risk assessment:
Why do a risk assessment?
Steps to take if you decide to do a risk assessment (ISO 27001 steps)
Establish a framework
Identify the risks: add threats and vulnerabilities for each inventory item.
Analyze risk: determine risk appetite and scale and do a calculation, which is: risk equals impact multiplied by likelihood.
Evaluate risks: the number on the scale that refers to the level of damage that can be done gives you a picture of what needs to be addressed.
Put controls in place:
Apply Risk Management Options
What action should you take?
"*" indicates required fields