SlideShare ist ein Scribd-Unternehmen logo

One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data Breaches

Als PPTX, PDF herunterladen
Forcepoint LLC
Forcepoint LLC

This 20 minute talk was delivered by Forcepoint Principal Security Analyst Carl Leonard at Infosecurity Europe 2018. Delivered to the Strategy track this talk provides a review of the macro trends affecting businesses today, reviews root cause of standout data breaches, highlights the security risk presented by employees, and offers guidance on how to protect your business from specific root causes.

Technologie
1 von 14
Carl Leonard, Principal Security Analyst Forcepoint One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data Breaches
ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES We have to ask why… • Are attackers improving? • Are businesses getting worse (at protecting data)? It seems the likelihood of a breach is increasing…. HaveIBeenPwned.com now holds >5bn accounts. Review your spend to minimise risk. Cyber Security Is Failing
ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Define: breach
ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES • A breach begins as an incident • Not all incidents become breaches GDPR: …‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;… Breach vs Incident
ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Cast your mind back 2500 years to the battle between the “300 Spartans” and the Persian Empire. An insider leaked details of an alternative route around the mountain pass, used by the 300, which ultimately led to their downfall. We need a way to adapt to risk as and when that risk increases – from whatever source. History Repeats Itself
ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Are We Focusing On The Wrong Priorities? Do we have our blinkers on when it comes to the threat posed by stolen credentials and malicious insiders? If we are aware do we lack the visibility and control that we must have? Forcepoint survey 2017 “What CISOs Need To Know”: • 11% of respondents admitted to sending data to a third-party. • 27% did not consider the security of cloud apps before uploading data.
ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Macro Trends Move to Cloud Poor Heath of Security Programs Remote Workers
ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Threat Landscape Mandatory Breach Notification Cloud Applications Cryptocurrency Miners Seeking CPU Power Accidental, Compromised & Malicious Employees
ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Data Breach RCA Industry Date Records Affected Information Lost Root Cause Credit Reference Agency 2017 147 million plus records. Email address, login credentials (username, password, secret questions), driving license number, phone number. Patching Failure. Mobile Telecoms Provider 2015 3 million customers, 1000 employees. Names, addresses, phone numbers, dates of birth, marital status, historical payment data. Multiple inc. Compromised Credentials. Startup 2017 Unknown. Intellectual Property. Malicious Insider Social Media 2018 Unknown. Plain text passwords. Process Error. Accounting 2017 Unknown. Data contained within emails. Lack of 2FA. Healthcare Insurance 2017 108,000 records. Names, DoB, contact info. Malicious Insider.
ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Data Breach RCA Industry Date Records Affected Information Lost Root Cause Protection Credit Reference Agency 2017 147 million plus records. Email address, login credentials (username, password, secret questions), driving license number, phone number. Patching Failure. Patch Management. Mobile Telecoms Provider 2015 3 million customers, 1000 employees. Names, addresses, phone numbers, dates of birth, marital status, historical payment data. Multiple inc. Compromised Credentials. NGFW, DLP, UEBA, Risk- Adaptive. Startup 2017 Unknown. Intellectual Property. Malicious Insider DLP, UEBA, Risk-Adaptive. Social Media 2018 Unknown. Plain text passwords. Process Error. Third-party tool. Accounting 2017 Unknown. Data contained within emails. Lack of 2FA. UEBA, 2FA. Healthcare Insurance 2017 108,000 records. Names, DoB, contact info. Malicious Insider. DLP, UEBA, Risk-Adaptive.
ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Cyber Continuum Of Intent Inadvertent Behaviors Poorly communicated policies and user awareness Broken Business Process Data where it shouldn’t be, not where it should be Rogue Employee Leaving the company, poor performance review Criminal Actor Employees Corporate espionage, national espionage, organized crime Malware Infections Phishing targets, breaches, BYOD contamination Stolen Credentials Credential exfiltration, social engineering, device control hygiene MALICIOUS INSIDER COMPROMISED INSIDERACCIDENTAL INSIDER
ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES 5 KEY TAKE AWAYS
ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES • 2018 is the “Year of Privacy Protection” • You must test your GDPR-readiness. Conduct a table-top War Game. • Do you have an insider threat blindspot? • Evaluate strengths at Identify-Protect-Detect-Respond-Recover. • Consider a free “Cloud Threat Assessment”, see https://forcepoint.com/cloud-threat-assessment 5 KEY TAKE AWAYS
Copyright © 2018 Forcepoint | 14 THANK YOU @carlLsecurity Carl Leonard, Principal Security Analyst

Empfohlen

AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIForcepoint LLC
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AIDexterJanPineda
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityDr. Umesh Rao.Hodeghatta
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurityscoopnewsgroup
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 

Empfohlen

AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIForcepoint LLC
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AIDexterJanPineda
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityDr. Umesh Rao.Hodeghatta
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurityscoopnewsgroup
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
Challenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityChallenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityTahseen Shabab
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?SahilRao25
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIRaffael Marty
 
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityInfosec
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtNUS-ISS
 
Security Chat 5.0
Security Chat 5.0Security Chat 5.0
Security Chat 5.0Raffael Marty
 
Machine Learning in Cyber Security
Machine Learning in Cyber SecurityMachine Learning in Cyber Security
Machine Learning in Cyber SecurityRishi Kant
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityMohammad Khreesha
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurSri Ambati
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousRaffael Marty
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsPECB
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain BGA Cyber Security
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Interset
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteOperationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteInterset
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Cybereason
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Allot Communications
 
Identity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementIdentity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementProlifics
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSRandall Chase
 

Weitere ähnliche Inhalte

Was ist angesagt?

Challenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityChallenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityTahseen Shabab
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?SahilRao25
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIRaffael Marty
 
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityInfosec
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtNUS-ISS
 
Machine Learning in Cyber Security
Machine Learning in Cyber SecurityMachine Learning in Cyber Security
Machine Learning in Cyber SecurityRishi Kant
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityMohammad Khreesha
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurSri Ambati
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousRaffael Marty
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsPECB
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain BGA Cyber Security
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Interset
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowMapR Technologies
 
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteOperationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteInterset
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Cybereason
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Allot Communications
 

Was ist angesagt? (20)

Challenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityChallenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise Cybersecurity
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
 
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
 
Security Chat 5.0
Security Chat 5.0Security Chat 5.0
Security Chat 5.0
 
Machine Learning in Cyber Security
Machine Learning in Cyber SecurityMachine Learning in Cyber Security
Machine Learning in Cyber Security
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith Barthur
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact Us
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteOperationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
Operationalizing Big Data Security Analytics - IANS Forum Toronto Keynote
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬
 

Ähnlich wie One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data Breaches

Identity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementIdentity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementProlifics
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSRandall Chase
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxSophia Price
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022SophiaPalmira1
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?Diaspark
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Lawley Insurance
 
BIS "Is Your Company at Risk for a Security Breach?"
BIS "Is Your Company at Risk for a Security Breach?"BIS "Is Your Company at Risk for a Security Breach?"
BIS "Is Your Company at Risk for a Security Breach?"ChristiAKannapel
 
Top 5 it security threats for 2015
Top 5 it security threats for 2015Top 5 it security threats for 2015
Top 5 it security threats for 2015Bev Robb
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 

Ähnlich wie One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data Breaches (20)

Identity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access ManagementIdentity intelligence: Threat-aware Identity and Access Management
Identity intelligence: Threat-aware Identity and Access Management
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
CTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptxCTEK Cyber Briefing - April 2022.pptx
CTEK Cyber Briefing - April 2022.pptx
 
CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022CynergisTek Cyber Briefing April 2022
CynergisTek Cyber Briefing April 2022
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
CyberDen 2020
CyberDen 2020CyberDen 2020
CyberDen 2020
 
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
 
Spo2 t17
Spo2 t17Spo2 t17
Spo2 t17
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
 
BIS "Is Your Company at Risk for a Security Breach?"
BIS "Is Your Company at Risk for a Security Breach?"BIS "Is Your Company at Risk for a Security Breach?"
BIS "Is Your Company at Risk for a Security Breach?"
 
Top 5 it security threats for 2015
Top 5 it security threats for 2015Top 5 it security threats for 2015
Top 5 it security threats for 2015
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 

Mehr von Forcepoint LLC

Rethinking the concept of trust (DoDIIS 2019 presentation)
Rethinking the concept of trust (DoDIIS 2019 presentation)Rethinking the concept of trust (DoDIIS 2019 presentation)
Rethinking the concept of trust (DoDIIS 2019 presentation)Forcepoint LLC
 
Sparking Curiosity to Change Security Behaviors
Sparking Curiosity to Change Security BehaviorsSparking Curiosity to Change Security Behaviors
Sparking Curiosity to Change Security BehaviorsForcepoint LLC
 
Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Informat...
Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Informat...Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Informat...
Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Informat...Forcepoint LLC
 
Using Language Modeling to Verify User Identities
Using Language Modeling to Verify User IdentitiesUsing Language Modeling to Verify User Identities
Using Language Modeling to Verify User IdentitiesForcepoint LLC
 
Driving the successful adoption of Microsoft Office 365
Driving the successful adoption of Microsoft Office 365Driving the successful adoption of Microsoft Office 365
Driving the successful adoption of Microsoft Office 365Forcepoint LLC
 
Securing Beyond the Cloud Generation
Securing Beyond the Cloud GenerationSecuring Beyond the Cloud Generation
Securing Beyond the Cloud GenerationForcepoint LLC
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint LLC
 
Top 5 Information Security Lessons Learned from Transitioning to the Cloud
Top 5 Information Security Lessons Learned from Transitioning to the CloudTop 5 Information Security Lessons Learned from Transitioning to the Cloud
Top 5 Information Security Lessons Learned from Transitioning to the CloudForcepoint LLC
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applicationsForcepoint LLC
 
GDPR is Here. Now What?
GDPR is Here. Now What?GDPR is Here. Now What?
GDPR is Here. Now What?Forcepoint LLC
 
Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsAddressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsForcepoint LLC
 
A Predictive “Precrime” Approach Requires a Human Focus
A Predictive “Precrime” Approach Requires a Human FocusA Predictive “Precrime” Approach Requires a Human Focus
A Predictive “Precrime” Approach Requires a Human FocusForcepoint LLC
 
Cyber Convergence, Warfare and You
Cyber Convergence, Warfare and YouCyber Convergence, Warfare and You
Cyber Convergence, Warfare and YouForcepoint LLC
 
Securing the Global Mission: Enabling Effective Information Sharing (DoD MPE-IS)
Securing the Global Mission: Enabling Effective Information Sharing (DoD MPE-IS)Securing the Global Mission: Enabling Effective Information Sharing (DoD MPE-IS)
Securing the Global Mission: Enabling Effective Information Sharing (DoD MPE-IS)Forcepoint LLC
 
Security Insights for Mission-Critical Networks
Security Insights for Mission-Critical NetworksSecurity Insights for Mission-Critical Networks
Security Insights for Mission-Critical NetworksForcepoint LLC
 
Maintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterMaintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterForcepoint LLC
 
Embracing the Millennial Tsunami
Embracing the Millennial TsunamiEmbracing the Millennial Tsunami
Embracing the Millennial TsunamiForcepoint LLC
 
Revolutionary, Not Evolutionary
Revolutionary, Not EvolutionaryRevolutionary, Not Evolutionary
Revolutionary, Not EvolutionaryForcepoint LLC
 
Cybersecurity and the Human Psyche
Cybersecurity and the Human PsycheCybersecurity and the Human Psyche
Cybersecurity and the Human PsycheForcepoint LLC
 

Mehr von Forcepoint LLC (20)

Rethinking the concept of trust (DoDIIS 2019 presentation)
Rethinking the concept of trust (DoDIIS 2019 presentation)Rethinking the concept of trust (DoDIIS 2019 presentation)
Rethinking the concept of trust (DoDIIS 2019 presentation)
 
Sparking Curiosity to Change Security Behaviors
Sparking Curiosity to Change Security BehaviorsSparking Curiosity to Change Security Behaviors
Sparking Curiosity to Change Security Behaviors
 
Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Informat...
Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Informat...Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Informat...
Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Informat...
 
Using Language Modeling to Verify User Identities
Using Language Modeling to Verify User IdentitiesUsing Language Modeling to Verify User Identities
Using Language Modeling to Verify User Identities
 
Driving the successful adoption of Microsoft Office 365
Driving the successful adoption of Microsoft Office 365Driving the successful adoption of Microsoft Office 365
Driving the successful adoption of Microsoft Office 365
 
Securing Beyond the Cloud Generation
Securing Beyond the Cloud GenerationSecuring Beyond the Cloud Generation
Securing Beyond the Cloud Generation
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware Detection
 
Top 5 Information Security Lessons Learned from Transitioning to the Cloud
Top 5 Information Security Lessons Learned from Transitioning to the CloudTop 5 Information Security Lessons Learned from Transitioning to the Cloud
Top 5 Information Security Lessons Learned from Transitioning to the Cloud
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
 
GDPR is Here. Now What?
GDPR is Here. Now What?GDPR is Here. Now What?
GDPR is Here. Now What?
 
Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsAddressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider Threats
 
A Predictive “Precrime” Approach Requires a Human Focus
A Predictive “Precrime” Approach Requires a Human FocusA Predictive “Precrime” Approach Requires a Human Focus
A Predictive “Precrime” Approach Requires a Human Focus
 
Cyber Convergence, Warfare and You
Cyber Convergence, Warfare and YouCyber Convergence, Warfare and You
Cyber Convergence, Warfare and You
 
Securing the Global Mission: Enabling Effective Information Sharing (DoD MPE-IS)
Securing the Global Mission: Enabling Effective Information Sharing (DoD MPE-IS)Securing the Global Mission: Enabling Effective Information Sharing (DoD MPE-IS)
Securing the Global Mission: Enabling Effective Information Sharing (DoD MPE-IS)
 
Security Insights for Mission-Critical Networks
Security Insights for Mission-Critical NetworksSecurity Insights for Mission-Critical Networks
Security Insights for Mission-Critical Networks
 
Maintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps ScatterMaintaining Visibility and Control as Workers and Apps Scatter
Maintaining Visibility and Control as Workers and Apps Scatter
 
Embracing the Millennial Tsunami
Embracing the Millennial TsunamiEmbracing the Millennial Tsunami
Embracing the Millennial Tsunami
 
Shift the Burden
Shift the BurdenShift the Burden
Shift the Burden
 
Revolutionary, Not Evolutionary
Revolutionary, Not EvolutionaryRevolutionary, Not Evolutionary
Revolutionary, Not Evolutionary
 
Cybersecurity and the Human Psyche
Cybersecurity and the Human PsycheCybersecurity and the Human Psyche
Cybersecurity and the Human Psyche
 

Kürzlich hochgeladen

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Kürzlich hochgeladen (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data Breaches

  • 1. Carl Leonard, Principal Security Analyst Forcepoint One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data Breaches
  • 2. ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES We have to ask why… • Are attackers improving? • Are businesses getting worse (at protecting data)? It seems the likelihood of a breach is increasing…. HaveIBeenPwned.com now holds >5bn accounts. Review your spend to minimise risk. Cyber Security Is Failing
  • 3. ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Define: breach
  • 4. ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES • A breach begins as an incident • Not all incidents become breaches GDPR: …‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;… Breach vs Incident
  • 5. ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Cast your mind back 2500 years to the battle between the “300 Spartans” and the Persian Empire. An insider leaked details of an alternative route around the mountain pass, used by the 300, which ultimately led to their downfall. We need a way to adapt to risk as and when that risk increases – from whatever source. History Repeats Itself
  • 6. ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Are We Focusing On The Wrong Priorities? Do we have our blinkers on when it comes to the threat posed by stolen credentials and malicious insiders? If we are aware do we lack the visibility and control that we must have? Forcepoint survey 2017 “What CISOs Need To Know”: • 11% of respondents admitted to sending data to a third-party. • 27% did not consider the security of cloud apps before uploading data.
  • 7. ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Macro Trends Move to Cloud Poor Heath of Security Programs Remote Workers
  • 8. ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Threat Landscape Mandatory Breach Notification Cloud Applications Cryptocurrency Miners Seeking CPU Power Accidental, Compromised & Malicious Employees
  • 9. ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Data Breach RCA Industry Date Records Affected Information Lost Root Cause Credit Reference Agency 2017 147 million plus records. Email address, login credentials (username, password, secret questions), driving license number, phone number. Patching Failure. Mobile Telecoms Provider 2015 3 million customers, 1000 employees. Names, addresses, phone numbers, dates of birth, marital status, historical payment data. Multiple inc. Compromised Credentials. Startup 2017 Unknown. Intellectual Property. Malicious Insider Social Media 2018 Unknown. Plain text passwords. Process Error. Accounting 2017 Unknown. Data contained within emails. Lack of 2FA. Healthcare Insurance 2017 108,000 records. Names, DoB, contact info. Malicious Insider.
  • 10. ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Data Breach RCA Industry Date Records Affected Information Lost Root Cause Protection Credit Reference Agency 2017 147 million plus records. Email address, login credentials (username, password, secret questions), driving license number, phone number. Patching Failure. Patch Management. Mobile Telecoms Provider 2015 3 million customers, 1000 employees. Names, addresses, phone numbers, dates of birth, marital status, historical payment data. Multiple inc. Compromised Credentials. NGFW, DLP, UEBA, Risk- Adaptive. Startup 2017 Unknown. Intellectual Property. Malicious Insider DLP, UEBA, Risk-Adaptive. Social Media 2018 Unknown. Plain text passwords. Process Error. Third-party tool. Accounting 2017 Unknown. Data contained within emails. Lack of 2FA. UEBA, 2FA. Healthcare Insurance 2017 108,000 records. Names, DoB, contact info. Malicious Insider. DLP, UEBA, Risk-Adaptive.
  • 11. ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES Cyber Continuum Of Intent Inadvertent Behaviors Poorly communicated policies and user awareness Broken Business Process Data where it shouldn’t be, not where it should be Rogue Employee Leaving the company, poor performance review Criminal Actor Employees Corporate espionage, national espionage, organized crime Malware Infections Phishing targets, breaches, BYOD contamination Stolen Credentials Credential exfiltration, social engineering, device control hygiene MALICIOUS INSIDER COMPROMISED INSIDERACCIDENTAL INSIDER
  • 12. ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES 5 KEY TAKE AWAYS
  • 13. ONE YEAR AFTER WANNACRY – HAS ANYTHING CHANGED? A ROOT CAUSE ANALYSIS OF DATA BREACHES • 2018 is the “Year of Privacy Protection” • You must test your GDPR-readiness. Conduct a table-top War Game. • Do you have an insider threat blindspot? • Evaluate strengths at Identify-Protect-Detect-Respond-Recover. • Consider a free “Cloud Threat Assessment”, see https://forcepoint.com/cloud-threat-assessment 5 KEY TAKE AWAYS
  • 14. Copyright © 2018 Forcepoint | 14 THANK YOU @carlLsecurity Carl Leonard, Principal Security Analyst