false
Catalog
Life in the Cloud: What Heavy Equipment Dealers Ne ...
Webinar Recording
Webinar Recording
Back to course
[Please upgrade your browser to play this video content]
Video Transcription
All right, hello and welcome to today's webinar. Our speakers today are Jeff Jenkins, Network Security Advisor at CDK Global, and John Ayers, Chief Product Officer at Newspire. Before I turn it over to them, I'd like to let those of you who are live with us know that you may submit questions during the webinar via the Q&A tab at the bottom of the screen. The slide deck from today's presentation will be made available to you also, and the webinar will be recorded so that you may watch or re-watch on demand at your convenience. With that, I will turn it over to Jeff and John. Thank you, Liz. This is Jeff Jenkins. I'm the Network Security Advisor for Heavy Equipment in the commercial construction arena for CDK Global. I'm excited to be here today as the commercial construction market becomes more and more mobile, getting more done with mobile services and cloud-based solutions, CDK and Newspire rolling out an expansive portfolio of customized network solutions that meet and exceed compliance standards. CDK IntelliDealer has dedicated immense time and product enablement, and thus established my role as a Network Security Advisor, and I'm dedicated to assisting every client that CDK has, and even if you're not a client of CDK, and giving you insight and support from the small dealer to multi-manufacture enterprises with 100-plus locations. CDK is in partnership with Newspire. I'm excited today to introduce you to John Ayers. He is Newspire's Chief Product Officer. John Ayers is responsible for organizational leadership specific to technology and security, innovation operations, and threat intelligence. Boy, that's a lot, John. John ensures the alignment of business-managed security product strategy across all of the networking and security infrastructure portion. I am extremely excited to turn things over to John and what Newspire and CDK are seeing in the world and learning the direction of cybersecurity that's challenging our marketplace. With that, go ahead, John, and take it away. Hey, thanks, Jeff. Thanks for the kind words. Thanks for everyone taking the opportunity to sit down with us today. As Jeff said, we're going to talk a little bit about dealerships in the cloud, really the whole aspect of this is kind of the straight talk, right, around cybersecurity essentials and what's happening in the world today as it relates to the organization. So we'll focus on a few things today. Understand the top dealership, the threat actors, who's attacking and why. Understand some of those attack methods. We'll go through some examples of some use cases and things around that. And then we're going to wrap up on how do we help or provide some, how do we reduce the cybersecurity risk? And that's a challenge in itself, knowing that the threat landscape itself is changing drastically every day, as a matter of fact. So who's attacking and why? The basics, there's really three major groups today that are really attacking. This is the hacktivists. These are the people who are trying to make a point, right? They're going out there and really trying to spread a message. The other is the organized crime, right? This is where people are using ransomware and things of that nature as a way to make money. But then there's the last one, right? There's the nation states. Can't forget about that. Those are the people out there like China and others that are really attacking. And there's kind of a running joke in the cybersecurity space. Russia thinks of us as a piggy bank. China thinks of us as the infrastructure Holy Grail. And why is that, right? Because, you know, 75 to 76% of all breaches have some type of financial or espionage motive, like case in point, example, IoT, right, IoT is being used as a way to do breaches, right? There's a way to alter a lot of what's going on in the farming and agricultural space, right? It has a motive of what's happening in our infrastructure. The other is 80% of confirmed breaches have involved weak or default or stolen passwords. Over the last few months, we have actually seen a huge amount of database dumps being sold on the darknet. That includes a lot of companies emails, and includes a lot of companies emails and their passwords that have been in clear text. And why is that the biggest reason why is it's using it as a way to go out and attack these companies because security awareness, or some type of process around changing passwords has become a pastime because of the COVID, because of the pandemic, security has been not top of mind. So they're using that against us. And the last is about 35% of phishing emails were open, meaning people actually clicked on us a third of the emails out there that people actually open. And a lot of those were targeted clicks, meaning that they had an attachment, they had a link that really allows you to do that. So one of the things that's important to note here is while phishing has become a necessity for targeting, the aspect of what we call whaling is really what's taking place today. And so what is whaling? Whaling is they're targeting an industry, a vertical like, you know, this vertical here today in this industry today, and finding out what is your weakness, right? And then what they're doing is then they're doing spear phishing, then they're targeting that specific industry, and getting after because they've used this whaling to figure out what, what is your weak points? What are you susceptible to? What will you click on? Will you click on a text? Will you click on an email? Will you click on an attachment? And it seems that a third of those messages were being open. It's giving the bad guys more opportunity than ever to really build up a plan. Now, one thing I want you to walk away from today is just don't think that there's a someone down in a hoodie in a basement, you know, creating all these ransomware, these malwares and things that attack. This is a business, much like your business. This is a business. So they are using, they have probably one of the best refined collaboration in the world of sharing information more so than we do here in cybersecurity, in the industry, in the public and private industry. The bad guys share information so much. They also have incredible and incredible development process of testing. That's why they start with whaling before they get to the target spearfishing, because they want to test their market. And they actually sell this stuff time and time again. So let's understand some of the threats that are happening today in the dealerships, right? We talked a little bit about who's attacking, why they're attacking, but let's talk about a little bit from, you know, the methods that they may be using. Phishing, of course, starts at the top, right? Right now, 90% of all emails have some type of spam or virus or some component of trying to learn information about you. The biggest piece here is social engineering. Today, unfortunately, we're a world of social. We are on Facebook. We're in industry. Businesses are on Facebook, Instagram. Businesses are on Instagram. Every time we share something on social media, it is intelligence. And it's an intelligence that's even down to what you're doing, what kind of business you're in, who are you partnered with, what kind of employees. I mean, go on LinkedIn today and find out so much intelligence about somebody that you can use that as a way to start targeting spearfishing to the top of your C-levels, to your CFO, to your COO, to try to get wire transfers and things of that nature. Most of these right now are all about links, right? The most common phishing attack is trying to mimic a banking institution to charge something, maybe transfer funds, things of that nature, because they're compromising your website. And today, more now than ever, because we're moving to IoT, we're looking to smart technology, people are learning or trying to figure out ways to do it. So I'll give you kind of a use case example. I have a friend of mine who recently went out to Nebraska in the agricultural space and was working on farming, on helping smart milking, how machines of how smart milking. And what they were doing, what he was able to do was actually change the feeding concept of the cows to the point where it changed the milking. It actually stopped the cows from milking. And all he was able to do was getting to the root, and actually it was root password. And no one changed it because they took it from the manufacturer. And the manufacturer will tell you to change passwords, but most people don't because it's easy to remember, and it's easy to just set it and forget it. But the point what he made here was, is that we cannot just set it and forget it. Because ransomware and the ability to compromise the uncontrolled devices or the inability to look over those devices is more prevalent now than ever, right? Because it's impersonation. The aspect of this right now is not only are we going from phishing to phishing to impersonation, is that people are trying to impersonate you. They're trying to impersonate the company you may have been working with, impersonating the industry you're in. And the whole idea of that is what? To gain some type of intelligence, to gain millions of dollars because they're looking for that information from you replying to a text, to a call that number that you actually picked up and talked to, like the big one that's going on right now that's targeting the elderly as they're calling him and saying, hey, your Amazon account has been put on hold. And they don't even know if they've even got an Amazon account. But then they send out and give them all this information on the telephone. Because why? That's how they communicate. More like us today where we can communicate through email and text and things of nature. So these bad guys are learning ways to communicate. So let's talk about a few things. We talked a little bit of why and who. Now we understand what they're doing. So let's talk a little bit about a scenario, about privileged users, the owners, the finance, the IT. You know, how are they targeting people? What are they motivated by? Well, I'm not going to go through all the line here. But I think what's important to understand is the gain, right? One is a financial gain. One is the fact. How do I get that information? Now, what are they utilizing to get that? They're maybe using social media or social engineering against you, the privileged users, trying to go to your CFO. Maybe they get into your O365, your email accounts. And they actually are sending an email that looks and impersonates the CFO and says, hey, I need such and such to send over this money. The other is the ransomware, where they're taking over your machines. So they're getting in your environment. And this is where it gets a little crazy, because this is where it can spread, right? Is that someone can click on something, they send an email to someone else, and then they click on it, and they click on it. And then everybody next thing you know, every PC is now infected, right? But the whole idea here is that they're actually using this for financial gain to take over your organization, or in essence, hold your organization hostage for a certain amount of money. And this is why Bitcoin is going through the roof. You know, this is where phishing becomes an interesting piece. This is where your websites that you may be using today for ordering information, for you going out there and saying, hey, this is what we can actually do. And you access all your information in the cloud. Now they do a DDoS, which is a disturbance denial of service attack, where they actually are holding your website hostage, because everything you're doing is in the internet. But look, I don't want you to walk away from this scenario saying, wow, holy cow, what am I going to do? You know, this is where all my business is. This is how I actually run money. This is how I pay for equipment. This is how people finance. There is opportunities to solve for these scenarios. So scenario number two, flaws in your software. This is important to understand, because this is where people take advantage of faulty software or old software. The problem we have here in the United States, and unfortunately this is in the world, is we have never changed our foundation of our software. It's still the same software that we've been building layers and layers and layers, and the bad guys have figured out. Stuff's net. So if it's something you ever really want to think about and go and research, stuff that showed us that we haven't changed much. All we're doing is what they're doing. This is a big word for an early morning is polymorphic. They're changing things. They're changing the firmware. They're changing the software. Wi-Fi is just the same way. I would bet you right now most of you who are using Wi-Fi today are using your home Wi-Fi to access this webinar with no idea that your home Wi-Fi now has access to all your personal information, everything you have. Without having it segmented, the bad guy now has access and is using your Wi-Fi or the cable modem or DSL router that you got from your provider, which you assume has some type of security, which I'm betting you right now, I bet you a Coke, that the last time it was updated from firmware was the first time it was actually installed. So this is where these guys are using these compromised and uncontrolled device like the DNS attack that happened a few years back where they took over all these people's personal DSL routers. They didn't even know it and they were using them to attack other people because that's how they were utilizing a phishing attack. So it's really important to understand how opportunistic. Now, the one thing that's important to note with everything we talk about here today, the harder you make it for the bad guy, the less interest they get. So it's important to note that the harder you make it, it's less interest they have. There was no difference back to the time of we had castles and boats and they had oil where they poured on the bad guys. They were attacking it. Why did they do that? Because they made it hard for someone. It was a big stone castle. No one wanted to attack a stone castle. So the easier it was to attack, the easier for them to take over. Same goes in the cybersecurity world today. Hence why we call that defense in depth. So moving on to the third scenario, misconfiguration. This is actually probably a little bit like we just talked about on the Wi-Fi. This happens a lot, right? Property, the criminal. This is the physical. Do you have the right chain link fence? You have the right locks where you keep all your information. This is where they make quick cash. This is where they utilize the ability to log into your information or physically take over your information because they've been able to steal a laptop where you may not have something to remote wipe it. Now they've got your PC. They maybe have your mobile device. But your IoT devices right now are probably the most susceptible attack vector they have because everybody's got an Alexa. Everyone's got some type of Google at home device. They're listening to everything they have. Would you even know if someone was on your Amazon today? Would you even know that someone was listening to your information? There's actually Google today. Go out on the internet and actually see applications on how to log into someone's IoT device because most people, and it's not a bad thing, they just don't change things. Same goes with the IoT device like smart cultivating and things of that nature where you're going out and selling field equipment that's delivered because they want to manage it through their iPhone. That's all great. But the idea of not changing the password, understanding your IoT device, what is it communicating? What part of the network is it on? Who is it talking to? Those are all targets, right, for targets of opportunity. So let's talk about scenario four. These are flaws in your security gaps of Wi-Fi. And if you're hearing a common thread here, it's Wi-Fi, it's IoT, it's bringing your own device. It's because these are the most susceptible pieces. And this scenario is a disgruntled employee, right? This is someone who, you know, how would you know if you have an employee who left tomorrow, did everything they could to copy everything on your network and put it on a thumb drive and walk it out? Would you know that they were copying information? Would you know if they're copying any type of intellectual information about your company or data about your company that they could actually go out and sell? Like pack files and things about how your devices from telematics and things by nature about your devices, how they work, how they communicate, how are you actually going to plug in and actually get information around, you know, information about how the engine is working, what it does, the computer, the onboarding system of all these devices. Would you know? It all starts back to, unfortunately, the people. The people are the biggest risk that we have today because we can't read their minds. And if you don't have someone monitoring or visibly watching your network for spikes and things of that nature, would you know? Because then they have revenge. They can utilize it. They could physically take your information. They could post it on the darknet. They could go sell it. They could actually, you know, basically take anything they wanted, right? They can actually then disrupt your business. And sometimes businesses can never, ever recover from a disgruntled employee. And it's happened more times than a lot of people know around people taking information and using that and even going back to the banking accounts because now they have information where they can go sell it on darknet and the darknet actually pays for it. I bet a lot of people would not understand how much a credit card, if someone stole your credit card today, how much you think it's worth on the darknet versus information about your company or the individuals of your company. Does anybody have an idea? Maybe that's a question I would ask all of you as we wrap up. Tell me how much you think your credit card is worth on the darknet versus your identity or the identity of your employees on the darknet. So let's talk about the framework and mitigations around how to solve for a lot of this. The number one thing you're going to see on this is train your users. Look, this is the biggest thing. We're moving fast. The industry that we're in today, agriculture, heavy equipment, everything, we're moving fast, right? We're getting ready to come into our season and this is an important piece. You need to train your users. One of the biggest problems we see today is there's no lack of multi-factor authentication. What does that mean? This is a two-step verification that says, yep, somebody is validating that this is the person that needs to come in there. They're giving you a pin. They're giving you a secret question. Something that allows you to verify that that's that user. The other is tighten up your procurement processes. Tighten up your approval procedures. Who can approve? This is no different than having multi-authentication. Have a two-step authentication of someone validating who has approved something because you want to make sure it's coming from there. The biggest problem we have today and a lot of people why it's number four and it's overlooked a lot because no one's watching. No one has visibility into your critical system. Do you know what is critical? What I mean by this, are these the crown jewels of your environment? If they went down, what would you do? How would you react? How would you operate? Do you know what kind of data you have today? Have you sat back and thought about if this data was stolen tomorrow or ransom tomorrow, how would it impact your environment? It's no different if someone stole your credit card, your banking account information. They stole your personal banking account information. What would that do to you as a person? Same thing you have to think about as a business if someone was able to get there. So who's watching and who's looking out for that? And then lastly, it's the response. It touches a little bit what I was talking about number four was the process. It's if this, then what? What do I do and have you practice that? So like an example, if one of your employees was hit with a ransomware today, what would you do? Would you be able to just reimage that machine and move on? Or was the information taken and sold on a Dartnet? Would you put multi-factor authentication? Would you have everybody change their passwords? So these are the kinds of little bit of steps that you don't have to do a lot, but there should be an instant response plan that you have or at least a template that you should do. And we call these tabletop exercises. And I recommend everybody at least once a year running through a scenario like ransomware, malware, things of that nature, because that way you kind of keep it top of mind. And the other piece is you have these steps in place for something that should happen. So let's talk about phishing mitigation, right? Again, another one, train your users. Common theme here, multi-factor authentication. The other piece here is configure sender for all prevention. This is something you can get as part of O365. Most of you probably have Outlook. It's one of the most common emails out there today. They have these little things that you can put in place for very inexpensive things of that nature. The other is firewall. Do you have a firewall? And when I say a firewall, it is not your DSL router. It's not your cable modem. Those are not firewalls. Those are networking devices that are connecting and allow that. Do you have an independent device that's acting as your firewall that's doing some type of unified threat management? Are they actually subscribed to some type of threat intelligence? And the whole idea of that is that you want to have some type of intrusion prevention, some type of detection. Because people are trying to harvest information about your environment. Would you know that someone's coming in using a Tor browser or a Tor device that's trying to access a device that may have been compromised? Myself, personally, I've got things that I'm watching everywhere where even someone came up in a proximity in my environment wanting to get to my Wi-Fi, I would be alerted that they were trying to get on my Wi-Fi. Now I'm paranoid. I'm a cybersecurity guy. So I do a lot of different things. But the other thing I do do, and I recommend everyone, is monitor your email security. Monitor who's accessing your email. Was there an invalid login to an email? This is usually the most important piece because we are in the cloud and O365. And we can't see everything in the cloud when we think about the cloud. It's that vague piece. But can you monitor lateral movement? Can you monitor someone trying to access or brute force attack an email account that maybe you weren't thinking about? How many email accounts do you have out there? Have you created some out there for troubleshooting and support and things of that nature that link back to some type of admin access? Again, the last piece here, develop an incident response plan. One of the things I know CDK does extremely well with partnership with us is helping people develop those plans, working on those plans, exercising those plans, or having some type of retainer that says, hey, if but this, who do I call? Can I call somebody? Can I get on the phone? And if I think I'm under attack, can someone triage and get visibility to determine if I'm under attack? So those are very cool things there. Ransomware. This is the big one, right? This is what everybody fears about having is getting malware attacked, getting some type of little email that says, hey, I've got this. Now I want this in order to get that. And some people say, I don't care. And other people say, you know what, I don't want that information. The one thing I will tell everybody right now, never, ever pay the ransom. Never. Because the FBI has, if you go out to the InfraGard, I'm part of the federal government's InfraGard FBI team, they actually have a checklist of things around what to do if you get hit with a ransomware. And one of the things they'll tell you right away, do not pay the ransom. Work in partnership with someone. But the other big thing is, let's talk about prevention. Today, a lot of people do not, or they think they have antivirus. The problem with antivirus is it's a signature-based protection, not an AI type of protection. And what I mean by the difference is signatures are after the fact. AI is real time. So it's important to work with someone like a CDK for an endpoint detection response service that's constantly looking for process changes and things of that nature, not just for signature things. So don't just rely on the AVE aspect of it. Now, while that's good, it could miss the fact, because how we do this in the threat intelligence world is if a ransomware gets through, we see that, we capture it, we detonate it, we write a new signature for that, which is AVE. But when we have EDR, we see the process, we stop the process before it actually begins. So there's no need to write a signature for that. So that's an important piece. Take care of your vulnerabilities on your servers. One of the things that's important to know is understand what are your critical devices? What are your servers? It goes back to my earlier comment. Do you know what your critical devices are? Have you ever thought about? If this server went down, what would it do to my company? The other piece is backups. A lot of people don't realize that if you just back up your endpoints, you back up your servers and do those regularly, that could help you prevent and help you mitigate through a ransomware. Now, the problem happens, and it just can happen, is the bad guys can get to your backups, right? And then they encrypt those, and then you're really kind of out of luck, right? But if you put these other advanced firewalls, you can start to detect these things and actually prevent these things. Again, develop an instant response procedure. Test that instant response readiness plan. Like the example of SolarWinds attack, how many would have thought through that supply chain type tool, the RMM tool, that it would ever got hit? It's not if, but when. So practice what happens around these types of things. Compromise. What happens if a device is taken over? Do you know if your device has been taken over? This is an interesting piece here, because you need to maintain the inventory. And why this is important? Because sometimes when a device is taken over, they rename that device, and they'll change the name of that device. And that's your first evidence that somebody has taken over that device, because now they've made it a part of their network, so they're using it. So maintain the inventory. Maintain the naming of that inventory. Segment your network. What I mean by that is that a lot of you probably have your Wi-Fi at home, and you have a guest. Well, that's segmentation. Create yet another one that says, hey, it's for work. And put it on a different IP. Put those endpoints that are just for work just on that segment. That alone, just as you've done for guests, people coming to your home using your Wi-Fi where you can kind of control them, you now have an ability to segment your home information versus your work information versus your guests. That's all segmentation is. And that's an important piece, because when you segment your computers, you can actually start to use different program, industrial remote controls, things of that nature. Even at work, you have your IoT devices in one segment. I mean, in the hospital world, this is something we do a lot with hospitals, is patient care type devices are on a different network. Another on this, on this, this. No different than in your industry today is that you've got a lot of devices that are using IoT, using the cloud. They're updating information, pushing information back and forth. Put them on a different segment. That way you control them. You know where they're at. You know what they're doing. Monitor some of the vendor security bulletins. One of the things I just saw today, I was looking at some of the intelligences around smart, smart cultivating, how it's become an interesting piece because people are using the IoT aspect to attack those. So when they actually get online, they're taking over those devices. It's really interesting to see how IoT has now become so or the smart business has become so much part of our day-to-day work that it's important that we actually scan these devices. We monitor these devices and really understand the bulletins that are taking place because these are patches or gaps in the software that allow the bad guys to get in there because they're using tools to scan them, look at them and do that. So this goes back to do breach assessments. What I mean by that is scan your environments. One of the things that CDK has is a vulnerability management service. They can actually help you scan your external facing IPs and your internal. Is there a breach? Is there a bad guy looking? Because these are what the bad guys are doing. Try to think like a bad guy. A bad guy is doing a recon of your environment to look at that. And the other piece here is implement rogue detection. This is meaning that someone's trying to copy your IP address. Now I'll give you kind of a use case example. I'm a certified ethical hacker. So we did some things in the day where we go out and we'll go into an environment and we'll copy, look at a website or a wireless Wi-Fi and we'll change the word a little bit. And we'll launch our own Wi-Fi device. Guess what? We're now man in the middle. Now the people are connected to my Wi-Fi and I'm capturing all this information. So be careful about what wireless network you connect to and make sure you have some type of rogue detection that would alert you that somebody has done that. And that can happen a lot. So be ready. But again, develop an instant response plan. How are you going to respond to something that happens like that? Are you ready? Are you ready to actually do all that? So I want to kind of wrap this up and then turn it back to Jeff on a few things. So how do I reduce my risk? And a lot of this is customize your risk assessments, right? Do one. If you haven't done one, get one to understand your risk. The other thing is just industry framework. The one thing I want you to walk away from here today is just because you think you're compliant with PCI or GBLA or any other type of NIST or SANS or ISO does not equal security. That's an important piece. A lot of people feel like that. You know, I'm compliant. I check the box. I'm secure. As far as from the point, you've now only done one thing, which is establish a framework. Now execute, implement the controls to meet that compliance. 24 by 7, you know, monitoring. There's a little typo there. It says 265. It should be 365. All your network and your endpoints. Make sure you're watching. Who's watching? What are they doing? Where are they going? Especially today in our environment with agriculture and heavy equipment. You want to be able to connect. If you are pushing firmware updates to a smart device, you want to know how you're doing it. And the other piece is develop some type of process to specialize in threat intelligence. Understand what's happening out there on the dark net. What are the bad guys doing? What are they reconning? Because you can actually see some of the battleships that may be forming on the horizon and working with a partner like CDK and Newspire to say, hey, I need to get ready for this. Because look, the bad guys are very seasonal. They take vacations, but they also know when the most work is going to be done. And they want to take advantage because why? It's a peak. I recently wrote a blog around the COVID-19 supply chain. It's where we're going through the roof with vaccinations and things. Now the targets are more susceptible to risk. So make sure you're looking. Manage detection response. This is an important piece. Fairly young in the industry since 2014. But detection and response is important to a piece. You need to be able to, the faster you detect, the faster you respond, the faster you can contain. That's an important piece. That's something that CDK has. Probably under some different type of nomenclature, like security event monitoring or something of that nature. But get a detection and response service. Because this is an important piece to ensure that you're seeing everything. You'll want tier three security operations. You need someone to help you on the keyboard time. You need someone to take a calm mind. One of the things that Newspire offers with CDK is a CERT team. We call it security answer response team. One of our number one goals is provide you with a calm voice. As being a former law enforcement, when you roll into a situation, you want to have someone who's taking over as a commander and taking everybody through the process of what do we need to do? Get visibility. Get intelligence. What happened? Why did it happen? Who did it happen to? That's an important piece. The fastest we've actually deployed is under 15 minutes. So it's something important to have. And the other is that experience response team. We talked a little bit about that. But you want to have a SOC that backs that up. You want to have threat analysts. You want to have somebody who's threat hunters. Because one of the things that's lost in a lot of this conversation is having a team who's hunting on your network. Why is that important? Because you are doing your business. You're running your business. And you need to focus on your business. So you don't have time to see if someone's shaking your doorknob or peeking in your windows and things of nature. This is what these hunters are for. They're designed to look for those types of things to kind of get ahead of that and provide you information around that. I like the recent incident that happened with a ransomware with one of the car dealerships, right? That one, while they're saying it didn't happen, we've actually gone out and looked across our entire network to say, hey, did this incident, this ransomware, actually exist in anybody else's? Because we're the threat hunters. We're looking for that information. So in conclusion, and thanks for the opportunity, is protect your dealership, protect your customers, and ultimately protect yourself and your employees. Understand the threat attack method. We talked a lot about that. The other piece is do some security evaluations. One of the biggest things that a lot of people don't feel like is needed, or sometimes they do do it, is a pen test. Just do a pen test. Find out where your weak points are. The other is a risk assessment. Have you ever done that? And the biggest one, which is the cheapest of all, is just awareness training, where you actually can actually simulate phishing emails. And that's something we offer as well with CDK, is the ability to test your employees. And it's not to trick them. It's to educate. Security, in my mind, is around education. The more we educate, the better we are prepared. Plan for those security functions. And this is where CDK can come in and help with a partnership with you and other providers you may have in your environment, because you need to have someone that can provide you a holistic, right? You need someone to help you prepare for this evolving threat landscape, because it is changing. It is changing rapidly. I mean, I keep up with it. I try to keep up with it every day. But look, nation states are attacking. Organized crime is attacking. Cyberterrorism is here, and it's here to stay. It's not going to go away. If anything, it's going to get worse. Now that we're remote and we're home, it's going to even get bigger. And they're looking for ways. And you, you are the target now, because they know that your network at home is not protected. It's not being monitored. It's not being seen. It's not, no one's doing anything with it. It's the easiest way to get to your business is through your home network. So I want to take this opportunity to say thank you. I'll open it for Q&A. So Jeff, I'll turn it back to you. Thanks, John. Liz, do you have any of our questions that have came in? Yeah, yeah, we do have a few. So first one, and thank you both, John and Jeff. We really appreciate you being here with us today. So you've discussed a lot of great remediation strategies, but the list is almost overwhelming. If I can only do one thing, where should I start? If I was, if you were going to do one thing, and one thing only, put in multi-factor authentication. Bingo, stop right there. And that reason for that, if that is just making it harder for the bad guy to get your password. If you do anything today, just do multi-factor. Implement some type of two-factor authentication using a Google Authenticator, using Microsoft's, you know, Authenticator, just put in multi-factor authentication. The number one problem I see today for a lot of businesses is they don't have it. And that is the easiest path to hacking you is without having multi-factor authentication. So that would be my most number one thing I would do. Okay, excellent. And just a reminder for anybody who's live, if you want to throw a question down, just use that Q&A tab at the bottom of your screen. But I do have another question. You talked about training employees to help prevent against threats. Do you have any recommendations for that training? Sure, sure. So there's actually quite a bit. I mean, so one of the vendors we leverage to help and we have our own team that does this as well is called KnowBefore. So we do have a security awareness training program that comes in and establishes, you know, scenarios based on your industry and it changes and things of that nature or you can customize it. And that's something that CDK Newspire actually can give to you. But KnowBefore is a great one. If you really can't afford one, then Symantec's got some great training videos on YouTube that you can go out there and look at. Now, again, that's just training. The problem with training is now I've got to execute on the training. Now I got to, you know, how do I now test my employees? But, you know, if you just want to have education, there's some great ones there. But with our security awareness training service, we actually provide tests and things of that nature, simulations, that we run, you know, off and on throughout the year at peak points. We can, you know, we can actually customize it based on the industry. So, but we use it and we also have what we call FISHER, which is a phishing emergency response service where we have automation, where you think if you've got a phishing email, you can actually submit it to us. And then we actually analyze it and tell you, it wasn't right or was it wrong? And we can actually make that as part of your outlook so that all you have to do is highlight the email and click on the button and make it easy so that if you think it's phishing, we'll investigate and inspect it and come back and tell you whether it is or not. So- John, I actually had that happen this morning. So I use that service as we speak. There you go. So not only do we offer to our customers, but we eat our own dog food as they refer to that as. That's a great point. Yeah. Great questions. It looks like one more just came through. My dealership knows we need to put a formalized incidents response plan in place, but how do we start? I'm going to give you a great one. I'm going to give you a free resource. Go to newsfire.com, download our security and response plan. We actually have a free template that we want to offer to our clients. Those clients are CDK clients. I don't care who you are. Something Jeff said earlier, I love the comment. We don't care who it is. Our job is to help educate and provide people, but we have an incident response readiness template. You can take a look at it. It's free of charge on newsfire.com and take a look at it. Yeah, and that's exactly what my role is. If you want to talk about security and you want to talk about your situation, talk about some of the ideas that you have. Even if you're not a CDK customer and you just want to sit down and have a good thoughtful discussion, that's what my job is 100% to do, is to provide folks with a resource to be able to bounce things off of, be able to supply you with the support that you need, whether you're a business owner or if you're an IT director, being able to supply the amount of support that you need to get your job because your job's not getting any easier each and every day. It's getting more difficult. So that's what we're here for. All right, looks like those are all the questions that have come through the chat, but do you have contact information or anything like that where any attendees or anybody who catches the recorded webinar, if they have questions, how they can reach you? Go right there. There we go. So I appreciate everybody's time. Hopefully, I've taken a lot out of this. It's not very often we get a person of John's credentials to be able to come on and talk with us. So I appreciate all that you've done, John. And by the way, we just found out just a little trivia, but both John and I are Army MP veterans and it was our 30th anniversary for Operation Desert Storm. So we were kind of going over that. So thank you for your service, John. I appreciate that. You as well, Jeff. Thank you. Thanks for everyone for having given me the opportunity to chat with you today. It was really a pleasure. All right, guys. Thank you. Thank you. Bye.
Video Summary
In this webinar, Jeff Jenkins, Network Security Advisor at CDK Global, and John Ayers, Chief Product Officer at Newspire, discuss the importance of cybersecurity in the commercial construction market. They emphasize the need to protect businesses from cyber threats, especially as the market becomes more mobile and reliant on cloud-based solutions. They highlight the three major groups involved in attacks, hacktivists, organized crime, and nation states, and explain their motivations. The speakers then discuss common attack methods such as phishing, social engineering, ransomware, and compromised devices. They recommend strategies for reducing cybersecurity risks, including multi-factor authentication, training employees, establishing incident response plans, and implementing detection and response services. They advise employers to assess their security vulnerabilities, monitor their networks, and stay informed about industry-specific threats. Lastly, they emphasize the importance of customization, staying up to date with industry frameworks, and working with trusted partners to develop comprehensive security solutions.
Keywords
cybersecurity
commercial construction market
cyber threats
mobile
cloud-based solutions
hacktivists
organized crime
nation states
×
Please select your language
1
English