SlideShare ist ein Scribd-Unternehmen logo

Holiday Prep for Ecommerce & Retail: Latest Cyber Threats & Strategies

Als PPTX, PDF herunterladen
Hostway|HOSTING
Hostway|HOSTING

In preparation for one of the biggest revenue seasons of the year for ecommerce and Retail, Tricia Pattee, Security Product Manager from HOSTING and Paul Fletcher, Security Evangelist from Alert Logic will provide insight into the latest cyber security trends related to ecommerce and retail as well as the following: · Examine the attack vectors and the profile of the threat actors of cyber attacks · Provide an understanding of the weaknesses and vulnerabilities that are affecting retail and ecommerce companies · Discuss defenses against the retail and ecommerce-related breaches to help detect and prevent copycat attackers

Technologie
1 von 30
HOLIDAY PREP FOR ECOMMERCE & RETAIL: LATEST CYBER THREATS & STRATEGIES Paul Fletcher – Cyber Security Evangelist @_PaulFletcher
• This webinar is being recorded and an on-demand version will be available at the same URL at the conclusion of the webinar • Please submit questions via the button on the upper left of the viewer - If we don’t get to your question during the webinar, we will follow up with you via email • Download related resources via the “Attachments” button above the viewing panel • On Twitter? Join the conversation: @HOSTINGdotcom, @AlertLogic 2 Housekeeping
Industry Analysis – 2014 Data Breaches - Mandiant
Threats by Customer Environment 40.55 % 28.01 % 18.75 % 10.60 % 1.96 % 0.13 % 0.02 % 40.79 % 22.36 % 15.67 % 7.40 % 5.29 % 0.03 % 0.02 % Cloud Environment On Premise Environment Source: Alert Logic CSR 2015
Changes in the Traditional Solutions Application attack Brute force Recon Suspicious DoS 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Recent Payment-Related Breaches • Village Pizza Pub - Vendor (TransformPOS) - Malware gained access to active transactions • Utah Food Bank - 10k donators exposed PII and payment card data - Poor website security • Genworth Insurance - Agent social engineered on the phone - Exposed (PII) Personal Identifiable Information and (PHI) Personal Healthcare Information
Threats to Retail On-going threats Newer threats • Point of sale (POS) • Vendors • Web applications • eCommerce infrastructure • Employees • Denial of service - DoS - DDoS • Advanced persistent threat (APT) • Hacking groups • Supply chain • Manufacturing process • Business details • Insiders
Understand your Adversaries
Underground Economy
TECHNOLOGY
Technology Plan • Assessments • External penetration tests • Internal vulnerability scans • Application security review • Configuration management • Data integrity • Analyze and optimize • Gather system utilization data • Understand resource requirements/limitations • Establish threshold capacities • Plan for the best
Technology Scale • Prepare to Scale • Properly sized and tested images • Instance efficiency • Identity and access management • Security tools • DDoS options
Technology Tactics • Network segmentation • Isolate from operational network/web • Block all, then only allow documented exceptions • Security logging & monitoring on each segment • Firewall (NGFW) • Intrusion Detection/Prevention System • Deep packet inspection • Two factor authentication • Patch management
Technology Tactics • Full mobility security plan • Require passwords • Enforce timeouts • Provide software updates • Eradicate “jail broken” devices • Encryption first approach • Security over functionality • Re-direct to appropriate web site • Email security • Spam • Phishing TRAIN EMPLOYEES
PEOPLE AND PROCESS
People and Process • Communications list • Prepare online and offline references • Multiple ways to contact • Expected response • Escalation path • Review IAM • Ensure least privilege concept • System tests after modification • Establish “normal” activity for system accounts • Review log systems
Data Correlation is the Key
PCI 3.1 • Compliance - Unprotected primary account numbers (PANs) o SMS (text message) - Eliminate old versions of SSL and TLS • Security - Never send account information in the clear - Obfuscation is an easy solution - Encryption is best - Patch management to update SSL and TLS TRAIN EMPLOYEES
INCIDENT RESPONSE
Incident Response • Test the plan • Self assessment • Incident response director • Team walk through • Everybody with a role in the plan • Walk through a recent breach • Use the plan as a guide • Edit the plan as needed • Executive assessment • Walk through of scenario • Validate priorities • Live exercise
Incident Response • Revise the plan • Roles and responsibilities • Externalize the plan • Forensics experts • Technical consultants • Legal • Public relations • Partners • Vendors • Law enforcement
Incident Response • Cloud considerations • Clearly defined resources • Include when you test the plan • Pristine content ready to re-deploy • Test this capability • Test the plan…again
PROACTIVE PURSUIT
Proactive Pursuit • Assume you are breached and act accordingly • Established the baseline • Understand normal system behavior • Use existing sources • Net flow • Log activity • Inbound and outbound connectivity • File integrity • Configuration settings • Use new technology • Tools to find zero day attacks • Short term engagement
Monitoring the Social Media Accounts
Forums to Follow – Exploit.in
Threat to Threat Intelligence Wassenaar Proposal • 2013 Amendment • Prevent the selling of surveillance technology to governments known to abuse human rights • Surveillance technology includes - Intrusion Detection Systems - Zero Day exploits • Punishment - $250k fine - Five years in prison
Threat to Threat Intelligence Wassenaar Proposal – The Problem • Read about the proposal • Share it within your sphere of influence • Make sure your legal team is informed • Keep the conversation going • Be specific about how this proposal will impact your ability to do your job • Prevents information sharing of vulnerabilities • Prevents us from knowing our enemy • Prevents research sharing…even within the same organization • Hackers gonna hack – so it really only impacts law abiding security professionals Wassenaar Proposal – The Fix
To Follow our Research • Twitter: - @AlertLogic - @StephenCoty - @_PaulFletcher • Blog: - https://www.alertlogic.com/resources/blog • Newsletter: - https://www.alertlogic.com/weekly-threat-report/ • Cloud Security Report - https://www.alertlogic.com/resources/cloud- security-report/ • Zero Day Magazine - http://www.alertlogic.com/zerodaymagazine/ Websites to follow • http://www.securityfocus.com • http://www.exploit-db.com • http://seclists.org/fulldisclosure/ • http://www.securitybloggersnetwork.com/ • http://cve.mitre.org/ • http://nvd.nist.gov/ • https://www.alertlogic.com/weekly-threat- report/
30 Q&A Paul Fletcher | Alert Logic Cyber Security Evangelist Tricia Pattee| HOSTING Product Manager For more information about security solutions by HOSTING, please contact our team at 888.894.4678.

Empfohlen

FASTpdf PROFILE
FASTpdf PROFILEFASTpdf PROFILE
FASTpdf PROFILEOmar Farooq
 
Succeeding in the European eCommerce Market
Succeeding in the European eCommerce Market Succeeding in the European eCommerce Market
Succeeding in the European eCommerce Market webwinkelvakdag
 
Group Deals Aggregation / eCommerce website & CMS by iLead Digital
Group Deals Aggregation / eCommerce website & CMS by iLead DigitalGroup Deals Aggregation / eCommerce website & CMS by iLead Digital
Group Deals Aggregation / eCommerce website & CMS by iLead DigitaliLead Digital
 
Branded Facebook Advertising Proposal for Organo Gold
Branded Facebook Advertising Proposal for Organo GoldBranded Facebook Advertising Proposal for Organo Gold
Branded Facebook Advertising Proposal for Organo GoldKevin James
 
Presentación José Saavedra - eCommerce Day Lima 2016
Presentación José Saavedra - eCommerce Day Lima 2016Presentación José Saavedra - eCommerce Day Lima 2016
Presentación José Saavedra - eCommerce Day Lima 2016eCommerce Institute
 
CV-Lazada & Philips - Marketing Partnership Proposal V4
CV-Lazada & Philips - Marketing Partnership Proposal V4CV-Lazada & Philips - Marketing Partnership Proposal V4
CV-Lazada & Philips - Marketing Partnership Proposal V4Ngoc Thao
 
E-Commerce Website Designing Proposal Form E solutions india
E-Commerce Website Designing Proposal Form E solutions indiaE-Commerce Website Designing Proposal Form E solutions india
E-Commerce Website Designing Proposal Form E solutions indiaE Solutions India
 
Marketing Services Case Study Scenario
Marketing Services Case Study ScenarioMarketing Services Case Study Scenario
Marketing Services Case Study ScenarioMelanie Hannasch
 

Empfohlen

FASTpdf PROFILE
FASTpdf PROFILEFASTpdf PROFILE
FASTpdf PROFILEOmar Farooq
 
Succeeding in the European eCommerce Market
Succeeding in the European eCommerce Market Succeeding in the European eCommerce Market
Succeeding in the European eCommerce Market webwinkelvakdag
 
Group Deals Aggregation / eCommerce website & CMS by iLead Digital
Group Deals Aggregation / eCommerce website & CMS by iLead DigitalGroup Deals Aggregation / eCommerce website & CMS by iLead Digital
Group Deals Aggregation / eCommerce website & CMS by iLead DigitaliLead Digital
 
Branded Facebook Advertising Proposal for Organo Gold
Branded Facebook Advertising Proposal for Organo GoldBranded Facebook Advertising Proposal for Organo Gold
Branded Facebook Advertising Proposal for Organo GoldKevin James
 
Presentación José Saavedra - eCommerce Day Lima 2016
Presentación José Saavedra - eCommerce Day Lima 2016Presentación José Saavedra - eCommerce Day Lima 2016
Presentación José Saavedra - eCommerce Day Lima 2016eCommerce Institute
 
CV-Lazada & Philips - Marketing Partnership Proposal V4
CV-Lazada & Philips - Marketing Partnership Proposal V4CV-Lazada & Philips - Marketing Partnership Proposal V4
CV-Lazada & Philips - Marketing Partnership Proposal V4Ngoc Thao
 
E-Commerce Website Designing Proposal Form E solutions india
E-Commerce Website Designing Proposal Form E solutions indiaE-Commerce Website Designing Proposal Form E solutions india
E-Commerce Website Designing Proposal Form E solutions indiaE Solutions India
 
Marketing Services Case Study Scenario
Marketing Services Case Study ScenarioMarketing Services Case Study Scenario
Marketing Services Case Study ScenarioMelanie Hannasch
 
Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic CommerceDarlene Enderez
 
Web site proposal
Web site proposalWeb site proposal
Web site proposalNavneet Mishra
 
Website Development and Design Proposal
Website Development and Design ProposalWebsite Development and Design Proposal
Website Development and Design ProposalCreative 3D Design
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesInderjeet Singh
 
SEO for Ecommerce: A Comprehensive Guide
SEO for Ecommerce: A Comprehensive GuideSEO for Ecommerce: A Comprehensive Guide
SEO for Ecommerce: A Comprehensive GuideAdam Audette
 
Sample Website Proposal Presentation
Sample Website Proposal PresentationSample Website Proposal Presentation
Sample Website Proposal PresentationReach China Holdings Limited
 
Compliance-as-a-Crisis: Managing Cloud Compliance
Compliance-as-a-Crisis: Managing Cloud ComplianceCompliance-as-a-Crisis: Managing Cloud Compliance
Compliance-as-a-Crisis: Managing Cloud ComplianceHostway|HOSTING
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsHostway|HOSTING
 
KPIs: Aligning Your IT and Business Objectives
KPIs: Aligning Your IT and Business ObjectivesKPIs: Aligning Your IT and Business Objectives
KPIs: Aligning Your IT and Business ObjectivesHostway|HOSTING
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationHostway|HOSTING
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Hacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHostway|HOSTING
 
5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be Repeated5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be RepeatedHostway|HOSTING
 
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You Sign
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You SignCaveat Emptor: 10 Questions to Ask a Managed Service Provider Before You Sign
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You SignHostway|HOSTING
 
Cloud Migration: Tales from the Trenches
Cloud Migration: Tales from the TrenchesCloud Migration: Tales from the Trenches
Cloud Migration: Tales from the TrenchesHostway|HOSTING
 
Protecting Against Disaster: Plan for the Inevitable Before it Happens
Protecting Against Disaster: Plan for the Inevitable Before it HappensProtecting Against Disaster: Plan for the Inevitable Before it Happens
Protecting Against Disaster: Plan for the Inevitable Before it HappensHostway|HOSTING
 
Don’t Get Caught with An Out of Support MS SQL Server…
Don’t Get Caught with An Out of Support MS SQL Server…Don’t Get Caught with An Out of Support MS SQL Server…
Don’t Get Caught with An Out of Support MS SQL Server…Hostway|HOSTING
 
Content Delivery in an On-Demand Age
Content Delivery in an On-Demand AgeContent Delivery in an On-Demand Age
Content Delivery in an On-Demand AgeHostway|HOSTING
 
High Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
High Performance Security: Mitigating DDoS Attacks Without Losing Your EdgeHigh Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
High Performance Security: Mitigating DDoS Attacks Without Losing Your EdgeHostway|HOSTING
 
Finding Success with Managed Services in the Azure Environment
Finding Success with Managed Services in the Azure EnvironmentFinding Success with Managed Services in the Azure Environment
Finding Success with Managed Services in the Azure EnvironmentHostway|HOSTING
 
DR in the Cloud: Finding the Right Tool for the Job
DR in the Cloud: Finding the Right Tool for the JobDR in the Cloud: Finding the Right Tool for the Job
DR in the Cloud: Finding the Right Tool for the JobHostway|HOSTING
 
Safeguarding PCI Data in the Cloud
Safeguarding PCI Data in the CloudSafeguarding PCI Data in the Cloud
Safeguarding PCI Data in the CloudHostway|HOSTING
 

Weitere ähnliche Inhalte

Andere mochten auch

Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic CommerceDarlene Enderez
 
Website Development and Design Proposal
Website Development and Design ProposalWebsite Development and Design Proposal
Website Development and Design ProposalCreative 3D Design
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesInderjeet Singh
 
SEO for Ecommerce: A Comprehensive Guide
SEO for Ecommerce: A Comprehensive GuideSEO for Ecommerce: A Comprehensive Guide
SEO for Ecommerce: A Comprehensive GuideAdam Audette
 

Andere mochten auch (6)

Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic Commerce
 
Web site proposal
Web site proposalWeb site proposal
Web site proposal
 
Website Development and Design Proposal
Website Development and Design ProposalWebsite Development and Design Proposal
Website Development and Design Proposal
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and Challenges
 
SEO for Ecommerce: A Comprehensive Guide
SEO for Ecommerce: A Comprehensive GuideSEO for Ecommerce: A Comprehensive Guide
SEO for Ecommerce: A Comprehensive Guide
 
Sample Website Proposal Presentation
Sample Website Proposal PresentationSample Website Proposal Presentation
Sample Website Proposal Presentation
 

Mehr von Hostway|HOSTING

Compliance-as-a-Crisis: Managing Cloud Compliance
Compliance-as-a-Crisis: Managing Cloud ComplianceCompliance-as-a-Crisis: Managing Cloud Compliance
Compliance-as-a-Crisis: Managing Cloud ComplianceHostway|HOSTING
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsHostway|HOSTING
 
KPIs: Aligning Your IT and Business Objectives
KPIs: Aligning Your IT and Business ObjectivesKPIs: Aligning Your IT and Business Objectives
KPIs: Aligning Your IT and Business ObjectivesHostway|HOSTING
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationHostway|HOSTING
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Hacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHostway|HOSTING
 
5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be Repeated5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be RepeatedHostway|HOSTING
 
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You Sign
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You SignCaveat Emptor: 10 Questions to Ask a Managed Service Provider Before You Sign
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You SignHostway|HOSTING
 
Cloud Migration: Tales from the Trenches
Cloud Migration: Tales from the TrenchesCloud Migration: Tales from the Trenches
Cloud Migration: Tales from the TrenchesHostway|HOSTING
 
Protecting Against Disaster: Plan for the Inevitable Before it Happens
Protecting Against Disaster: Plan for the Inevitable Before it HappensProtecting Against Disaster: Plan for the Inevitable Before it Happens
Protecting Against Disaster: Plan for the Inevitable Before it HappensHostway|HOSTING
 
Don’t Get Caught with An Out of Support MS SQL Server…
Don’t Get Caught with An Out of Support MS SQL Server…Don’t Get Caught with An Out of Support MS SQL Server…
Don’t Get Caught with An Out of Support MS SQL Server…Hostway|HOSTING
 
Content Delivery in an On-Demand Age
Content Delivery in an On-Demand AgeContent Delivery in an On-Demand Age
Content Delivery in an On-Demand AgeHostway|HOSTING
 
High Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
High Performance Security: Mitigating DDoS Attacks Without Losing Your EdgeHigh Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
High Performance Security: Mitigating DDoS Attacks Without Losing Your EdgeHostway|HOSTING
 
Finding Success with Managed Services in the Azure Environment
Finding Success with Managed Services in the Azure EnvironmentFinding Success with Managed Services in the Azure Environment
Finding Success with Managed Services in the Azure EnvironmentHostway|HOSTING
 
DR in the Cloud: Finding the Right Tool for the Job
DR in the Cloud: Finding the Right Tool for the JobDR in the Cloud: Finding the Right Tool for the Job
DR in the Cloud: Finding the Right Tool for the JobHostway|HOSTING
 
Safeguarding PCI Data in the Cloud
Safeguarding PCI Data in the CloudSafeguarding PCI Data in the Cloud
Safeguarding PCI Data in the CloudHostway|HOSTING
 
Understanding Your Cloud Service Provider’s BAA
Understanding Your Cloud Service Provider’s BAAUnderstanding Your Cloud Service Provider’s BAA
Understanding Your Cloud Service Provider’s BAAHostway|HOSTING
 
How to Spend Your Cloud Security Dollar
How to Spend Your Cloud Security DollarHow to Spend Your Cloud Security Dollar
How to Spend Your Cloud Security DollarHostway|HOSTING
 
Azure: Finding Success Beyond Test/Dev
Azure: Finding Success Beyond Test/DevAzure: Finding Success Beyond Test/Dev
Azure: Finding Success Beyond Test/DevHostway|HOSTING
 
New Business Models in Behavioral Health IT
New Business Models in Behavioral Health ITNew Business Models in Behavioral Health IT
New Business Models in Behavioral Health ITHostway|HOSTING
 

Mehr von Hostway|HOSTING (20)

Compliance-as-a-Crisis: Managing Cloud Compliance
Compliance-as-a-Crisis: Managing Cloud ComplianceCompliance-as-a-Crisis: Managing Cloud Compliance
Compliance-as-a-Crisis: Managing Cloud Compliance
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite Things
 
KPIs: Aligning Your IT and Business Objectives
KPIs: Aligning Your IT and Business ObjectivesKPIs: Aligning Your IT and Business Objectives
KPIs: Aligning Your IT and Business Objectives
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through Preparation
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
Hacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHacking Airwaves with Pineapples
Hacking Airwaves with Pineapples
 
5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be Repeated5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be Repeated
 
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You Sign
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You SignCaveat Emptor: 10 Questions to Ask a Managed Service Provider Before You Sign
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You Sign
 
Cloud Migration: Tales from the Trenches
Cloud Migration: Tales from the TrenchesCloud Migration: Tales from the Trenches
Cloud Migration: Tales from the Trenches
 
Protecting Against Disaster: Plan for the Inevitable Before it Happens
Protecting Against Disaster: Plan for the Inevitable Before it HappensProtecting Against Disaster: Plan for the Inevitable Before it Happens
Protecting Against Disaster: Plan for the Inevitable Before it Happens
 
Don’t Get Caught with An Out of Support MS SQL Server…
Don’t Get Caught with An Out of Support MS SQL Server…Don’t Get Caught with An Out of Support MS SQL Server…
Don’t Get Caught with An Out of Support MS SQL Server…
 
Content Delivery in an On-Demand Age
Content Delivery in an On-Demand AgeContent Delivery in an On-Demand Age
Content Delivery in an On-Demand Age
 
High Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
High Performance Security: Mitigating DDoS Attacks Without Losing Your EdgeHigh Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
High Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
 
Finding Success with Managed Services in the Azure Environment
Finding Success with Managed Services in the Azure EnvironmentFinding Success with Managed Services in the Azure Environment
Finding Success with Managed Services in the Azure Environment
 
DR in the Cloud: Finding the Right Tool for the Job
DR in the Cloud: Finding the Right Tool for the JobDR in the Cloud: Finding the Right Tool for the Job
DR in the Cloud: Finding the Right Tool for the Job
 
Safeguarding PCI Data in the Cloud
Safeguarding PCI Data in the CloudSafeguarding PCI Data in the Cloud
Safeguarding PCI Data in the Cloud
 
Understanding Your Cloud Service Provider’s BAA
Understanding Your Cloud Service Provider’s BAAUnderstanding Your Cloud Service Provider’s BAA
Understanding Your Cloud Service Provider’s BAA
 
How to Spend Your Cloud Security Dollar
How to Spend Your Cloud Security DollarHow to Spend Your Cloud Security Dollar
How to Spend Your Cloud Security Dollar
 
Azure: Finding Success Beyond Test/Dev
Azure: Finding Success Beyond Test/DevAzure: Finding Success Beyond Test/Dev
Azure: Finding Success Beyond Test/Dev
 
New Business Models in Behavioral Health IT
New Business Models in Behavioral Health ITNew Business Models in Behavioral Health IT
New Business Models in Behavioral Health IT
 

Kürzlich hochgeladen

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Kürzlich hochgeladen (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Holiday Prep for Ecommerce & Retail: Latest Cyber Threats & Strategies

  • 1. HOLIDAY PREP FOR ECOMMERCE & RETAIL: LATEST CYBER THREATS & STRATEGIES Paul Fletcher – Cyber Security Evangelist @_PaulFletcher
  • 2. • This webinar is being recorded and an on-demand version will be available at the same URL at the conclusion of the webinar • Please submit questions via the button on the upper left of the viewer - If we don’t get to your question during the webinar, we will follow up with you via email • Download related resources via the “Attachments” button above the viewing panel • On Twitter? Join the conversation: @HOSTINGdotcom, @AlertLogic 2 Housekeeping
  • 3. Industry Analysis – 2014 Data Breaches - Mandiant
  • 4. Threats by Customer Environment 40.55 % 28.01 % 18.75 % 10.60 % 1.96 % 0.13 % 0.02 % 40.79 % 22.36 % 15.67 % 7.40 % 5.29 % 0.03 % 0.02 % Cloud Environment On Premise Environment Source: Alert Logic CSR 2015
  • 5. Changes in the Traditional Solutions Application attack Brute force Recon Suspicious DoS 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
  • 6. Recent Payment-Related Breaches • Village Pizza Pub - Vendor (TransformPOS) - Malware gained access to active transactions • Utah Food Bank - 10k donators exposed PII and payment card data - Poor website security • Genworth Insurance - Agent social engineered on the phone - Exposed (PII) Personal Identifiable Information and (PHI) Personal Healthcare Information
  • 7. Threats to Retail On-going threats Newer threats • Point of sale (POS) • Vendors • Web applications • eCommerce infrastructure • Employees • Denial of service - DoS - DDoS • Advanced persistent threat (APT) • Hacking groups • Supply chain • Manufacturing process • Business details • Insiders
  • 11. Technology Plan • Assessments • External penetration tests • Internal vulnerability scans • Application security review • Configuration management • Data integrity • Analyze and optimize • Gather system utilization data • Understand resource requirements/limitations • Establish threshold capacities • Plan for the best
  • 12. Technology Scale • Prepare to Scale • Properly sized and tested images • Instance efficiency • Identity and access management • Security tools • DDoS options
  • 13. Technology Tactics • Network segmentation • Isolate from operational network/web • Block all, then only allow documented exceptions • Security logging & monitoring on each segment • Firewall (NGFW) • Intrusion Detection/Prevention System • Deep packet inspection • Two factor authentication • Patch management
  • 14. Technology Tactics • Full mobility security plan • Require passwords • Enforce timeouts • Provide software updates • Eradicate “jail broken” devices • Encryption first approach • Security over functionality • Re-direct to appropriate web site • Email security • Spam • Phishing TRAIN EMPLOYEES
  • 16. People and Process • Communications list • Prepare online and offline references • Multiple ways to contact • Expected response • Escalation path • Review IAM • Ensure least privilege concept • System tests after modification • Establish “normal” activity for system accounts • Review log systems
  • 18. PCI 3.1 • Compliance - Unprotected primary account numbers (PANs) o SMS (text message) - Eliminate old versions of SSL and TLS • Security - Never send account information in the clear - Obfuscation is an easy solution - Encryption is best - Patch management to update SSL and TLS TRAIN EMPLOYEES
  • 20. Incident Response • Test the plan • Self assessment • Incident response director • Team walk through • Everybody with a role in the plan • Walk through a recent breach • Use the plan as a guide • Edit the plan as needed • Executive assessment • Walk through of scenario • Validate priorities • Live exercise
  • 21. Incident Response • Revise the plan • Roles and responsibilities • Externalize the plan • Forensics experts • Technical consultants • Legal • Public relations • Partners • Vendors • Law enforcement
  • 22. Incident Response • Cloud considerations • Clearly defined resources • Include when you test the plan • Pristine content ready to re-deploy • Test this capability • Test the plan…again
  • 24. Proactive Pursuit • Assume you are breached and act accordingly • Established the baseline • Understand normal system behavior • Use existing sources • Net flow • Log activity • Inbound and outbound connectivity • File integrity • Configuration settings • Use new technology • Tools to find zero day attacks • Short term engagement
  • 25. Monitoring the Social Media Accounts
  • 26. Forums to Follow – Exploit.in
  • 27. Threat to Threat Intelligence Wassenaar Proposal • 2013 Amendment • Prevent the selling of surveillance technology to governments known to abuse human rights • Surveillance technology includes - Intrusion Detection Systems - Zero Day exploits • Punishment - $250k fine - Five years in prison
  • 28. Threat to Threat Intelligence Wassenaar Proposal – The Problem • Read about the proposal • Share it within your sphere of influence • Make sure your legal team is informed • Keep the conversation going • Be specific about how this proposal will impact your ability to do your job • Prevents information sharing of vulnerabilities • Prevents us from knowing our enemy • Prevents research sharing…even within the same organization • Hackers gonna hack – so it really only impacts law abiding security professionals Wassenaar Proposal – The Fix
  • 29. To Follow our Research • Twitter: - @AlertLogic - @StephenCoty - @_PaulFletcher • Blog: - https://www.alertlogic.com/resources/blog • Newsletter: - https://www.alertlogic.com/weekly-threat-report/ • Cloud Security Report - https://www.alertlogic.com/resources/cloud- security-report/ • Zero Day Magazine - http://www.alertlogic.com/zerodaymagazine/ Websites to follow • http://www.securityfocus.com • http://www.exploit-db.com • http://seclists.org/fulldisclosure/ • http://www.securitybloggersnetwork.com/ • http://cve.mitre.org/ • http://nvd.nist.gov/ • https://www.alertlogic.com/weekly-threat- report/
  • 30. 30 Q&A Paul Fletcher | Alert Logic Cyber Security Evangelist Tricia Pattee| HOSTING Product Manager For more information about security solutions by HOSTING, please contact our team at 888.894.4678.