SlideShare ist ein Scribd-Unternehmen logo

Top 11 Ground-Breaking Data Breaches of 2011

Imperva
Imperva

Every year, motivations, tactics, and technologies shift as defenses change and attackers are forced to readjust. This presentation investigates what made 2011 data breaches different, novel, and innovative. The presentation examines the top eleven data breaches of 2011, compares data breach trends in 2011 versus 2010, and provides guidance for 2012 data security initiatives based on lessons from 2011.

Technologie
1 von 56
Downloaden Sie, um offline zu lesen
Top 11 Ground-Breaking Data Breaches of 2011 Robert Rachwald Director, Security Strategy, Imperva
Agenda  Compare data breach trends in 2011 versus 2010  Examine the top eleven data security breaches of 2011  Provide guidance for 2012 data security initiatives based on lessons from 2011
Today’s Presenter Rob Rachwald, Dir. of Security Strategy, Imperva  Research + Directs security strategy + Works with the Imperva Application Defense Center  Security experience + Fortify Software and Coverity + Helped secure Intel’s supply chain software + Extensive international experience in Japan, China, France, and Australia  Thought leadership + Presented at RSA, InfoSec, OWASP, ISACA + Appearances on CNN, SkyNews, BBC, NY Times, and USA Today  Graduated from University of California, Berkeley
Looking Back
Volume of Stolen Data 250,000,000 200,000,000 Volume of Data Taken 150,000,000 100,000,000 50,000,000 0 2009 2010 2011 Source: privacyrights.org
Volume of Stolen Data 250,000,000 200,000,000 VA Breach Volume of Data Taken 150,000,000 Heartland 100,000,000 Payment Systems Breach 50,000,000 0 2009 2010 2011 Source: privacyrights.org
Number of Data Breach Incidents 500 450 Number of Data Breach Incidents 400 350 300 484 250 424 200 150 250 100 50 0 2009 2010 2011 Source: privacyrights.org
Volume of Stolen Data by Type 3,000,000 2,500,000 2,000,000 Volume of Data Taken 2009 1,500,000 2010 2011 1,000,000 500,000 0 Insider Physical Loss Stationary Unknown Payment Device Fraud Source: privacyrights.org
Volume of Stolen Data by Type 140,000,000 120,000,000 Volume of Data Taken 100,000,000 80,000,000 2009 60,000,000 2010 40,000,000 2011 20,000,000 0 Hack Portable Device Source: privacyrights.org
The Insider Threat Hacker Malicious Insider 29% 33% Non Malicious Insider 38% Source: Securosis 2010 Data Security Survey
Data Records Taken by Vertical I 140,000,000 120,000,000 100,000,000 Volume of Data Taken 2009 80,000,000 2010 60,000,000 2011 40,000,000 20,000,000 0 Financial/Insurance Government Source: privacyrights.org
Data Records Taken by Vertical II 14,000,000 12,000,000 10,000,000 Volume of Data Taken 8,000,000 2009 2010 6,000,000 2011 4,000,000 2,000,000 0 Medical Education Other Retail Nonprofit Source: privacyrights.org
Data Records Taken by Vertical II 14,000,000 12,000,000 10,000,000 Volume of Data Taken 8,000,000 2009 2010 6,000,000 2011 4,000,000 2,000,000 0 Medical Education Other Retail Nonprofit Source: privacyrights.org
Number of Data Breach Incidents by Vertical 500 450 Number of Data Breach Incidents 400 350 300 250 200 2009 150 2010 100 2011 50 0 Source: privacyrights.org
Software Security Spend Growth $16.50 $16.00 11% increase $15.50 Billion $USD $16.50 $15.00 $14.50 $14.80 $14.00 $13.50 2009 2010 Source: Imthishan Giado. “Global security spend to blast past $16 billion.” ITP.net. 23 Aug 2010.
Cyber Crime Milestones
#1: In 2010, Digital Theft Exceeded Physical “Reported thefts of information and 1.7 1.8 electronic data have 1.6 1.4 risen by half in the 1.4 past year and for the 1.2 Digital first time have 1 Physical Assets Assets surpassed physical 0.8 property losses as the 0.6 biggest crime problem 0.4 for global 0.2 companies…” 0 Cost per $1B Source: Brooke Masters and Joseph Menn. “Data theft overtakes physical losses.” FT.com. 18 Oct. 2010.
#2: Enterprises in the Cross Hairs “The bad guys have figured out that rather than getting $500 from 1,000 accounts you can get $500,000 from one corporate account in one go…” Source: Brooke Masters and Mary Watkins. “Hackers turn attention to corporate data theft.” FT.com. 18 Oct. 2010.
#3: Hacktivism Goes Corporate  Lulzsec: team of hackers focused on breaking applications and databases  Hacking for profit: strong similarity to the attacks employed by Lulzsec during their campaign  Lulzsec used: + SQL injection (SQLi) + Cross-site scripting (XSS) + Remote file inclusion (RFI)
#4: Automation is Prevailing “investigators noticed a higher proportion of automation with respect to attack methods…” Source: Verizon Data Breach Report, 2010
#4: Automation is Prevailing Apps under automated attack: 25,000 attacks per hour. ≈ 7 per second On Average: 27 attacks per hour ≈ 1 probe every two minutes
#5: Security 2.0 May Be Coming “The top five security providers — led by Symantec and McAfee — accounted for 44 percent of the $16.5 billion worldwide security software market in 2010, according to Gartner. That’s down from 60 percent in 2006.” Source: Dina Bass and Zachary Tracer. “Hacker ‘Armageddon’ Forces Symantec, McAfee to Seek Fixes.” Bloomberg.com. 4 Aug. 2011.
#5: Security 2.0 May Be Coming “The security industry may need to reconsider some of its fundamental assumptions, including 'Are we really protecting users and companies?’” --McAfee, August 2011 Source: Dan Rowinski. “McAfee to Security Industry: 'Are We Really Protecting Users and Companies?‘” The New York Times. 23 Aug. 2011.
Top 11 Ground-Breaking Breaches of 2011
#11: Yale University
The Details  Breach Size: 43,000 records  Date: August 2011  Source: Network World  Significance: + Google hacking in action + “The breach resulted when a File Transfer Protocol (FTP) server on which the data was stored became searchable via Google as the result of a change the search engine giant made last September.” + Yale blamed Google! Source: Jaikumar Vijayan. “Yale warns 43,000 about 10-month-long data breach”. Network World. 22 Aug. 2011.
#10: Cars for Sale Online
The Details  Breach Size: + $44.5M in consumer fraud + 14,000 reported incidences to law enforcement  Date: August 2011  Source: Network World  Significance: + XSS attack moved victims to… + …Spoofed websites + Strong use of social networking Source: Michael Cooney. “FBI warns of growing car-buying cyberscams”. Network World. 16 Aug. 2011.
The Facebook Page Still Exists!
#9: Medical Records Leaked and Placed Online
The Details  Breach Size: 300,000 medical records  Date: September 2011  Source: Chicago Tribune  Significance: + Highlights the persistent interest in medical records + Illustrates how criminals and non-criminals can use medical records – Criminals: Blackmail and public humiliation – Non-criminals: "The information can also be used by insurance companies to inflate rates, or by employers to deny job applicants." + Highlights the gaps with HIPAA HITECH + Foreshadows issues with broader digitization of electronic health records Source: Chicago Tribune, Sept. 2011.
#8: Cyworld
What is Cyworld?
The Details  Breach Size: 35M records + Including phone numbers, email addresses, names, and encrypted information about the sites‘ members  Date: July 2011  Source: BBC  Significance: + Facebook claims 800M users today + Social engineering is one of the fastest growing topics in hacker forums Source: “Millions hit in South Korean hack.” BBC News. 28 Jul. 2011.
#7: Facebook
The Details  Breach Size: 7K downloads per week  Date: September 2011  Source: code.google.com  Significance: + Automated Facebook hacking + Broader implications for social networking: – Give job recommendations over Linkedin – Provide a bridgehead for further social engineering • Ask your IT Admin (over FB – since you are friends now!) “I can't login to something, can you reset may password?” • Defraud relatives with money scams: "I'm stuck in Vegas with no money." Source: “fbpwn.” http://code.google.com/p/fbpwn/
How it Works
#6: Social Bots
The Details  Breach Size: + A small array of scripts programmed to pass themselves off as real people stole 250 gigabytes worth of personal information from Facebook users in just eight weeks  Date: November 2011  Source: The Register  Significance: + Automated Facebook hacking + Highlighted the weaknesses of Facebook’s security Source: Dan Goodin. “Army of 'socialbots' steal gigabytes of Facebook user data.” The Register. 1 Nov. 2011.
#5: PBS
The Details  Breach Size: + Thousands of usernames/passwords breached + Tupac resurrected  Date: May 2011  Source: The New York Times  Significance: + Media wake up call + SQL injection becomes a common business term Source: John Markoff. “Hackers Disrupt PBS Web Site and Post a Fake Report About a Rap Artist.” The New York Times. 30 May 2011.
#4: Phone Hacking
The Details  Breach Size: If you have to ask…  Date: July 2011  Significance: + Hacking becomes part of our everyday lives + Anti-virus, firewalls, code review, etc…: USELESS Source: “News International phone hacking scandal.” Wikipedia.
#3: Sony
Need To Justify The Cost of Security?
The Details  Breach Size: + 100M credit cards (12M unencrypted)  Date: April 2011  Source: Playstation.blog  Significance: + Security becomes a business problem, not just a set of technologies – Data governance just as important as financial reporting or brand management – Put the role of a CISO in perspective: You need one! Source: Patrick Seybold. “A Letter from Howard Stringer.” 5 May 2011.
#2: Government Web Sites for Sale
The Details  Breach Size: Dozens of websites for sale  Date: January 2011  Source: Krebsonsecurity.com  Significance: “ “Amid all of the media and public fascination with threats like Stuxnet and weighty terms such as “cyberwar,” it’s easy to overlook the more humdrum and persistent security threats, such as Web site vulnerabilities. But none of these distractions should excuse U.S. military leaders from making sure their Web sites aren’t trivially hackable by script kiddies.” Source: Brian Krebs. “Ready for Cyberwar?” Krebsonsecurity.com. 21 Jan. 2011.
#1: Chinese Hacking Industry Exposed
The Details  Breach Size: No one knows  Date: April 2011  Source: Sky News  Significance: + Highlights the partnership between government, hacking, and industry in China + Evidence that China is winning in their intention to be “the leader in information warfare” Source: Holly Williams. “China's Cyber Hackers Target Western Firms.” Sky News. 18 Apr. 2011.
Further Context
Further Context
About Imperva
Our Story in 60 Seconds Attack Usage Protection Audit Virtual Rights Patching Management Reputation Access Controls Control
Webinar Materials Get LinkedIn to Imperva Data Security Direct for… Answers to Post-Webinar Attendee Discussions Questions Webinar Webinar Slides Recording Link
www.imperva.com

Empfohlen

Cyber Vigilantes: Turning the Tables on Hackers
Cyber Vigilantes: Turning the Tables on HackersCyber Vigilantes: Turning the Tables on Hackers
Cyber Vigilantes: Turning the Tables on HackersImperva
 
The State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakThe State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakImperva
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Imperva
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva
 
How to Secure Your Files with DLP and FAM
How to Secure Your Files with DLP and FAMHow to Secure Your Files with DLP and FAM
How to Secure Your Files with DLP and FAMImperva
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Imperva
 

Empfohlen

Cyber Vigilantes: Turning the Tables on Hackers
Cyber Vigilantes: Turning the Tables on HackersCyber Vigilantes: Turning the Tables on Hackers
Cyber Vigilantes: Turning the Tables on HackersImperva
 
The State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakThe State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakImperva
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Imperva
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva
 
How to Secure Your Files with DLP and FAM
How to Secure Your Files with DLP and FAMHow to Secure Your Files with DLP and FAM
How to Secure Your Files with DLP and FAMImperva
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Imperva
 
Knabusch shoemaker seminar mobile apr 7 2011
Knabusch shoemaker seminar mobile apr 7 2011Knabusch shoemaker seminar mobile apr 7 2011
Knabusch shoemaker seminar mobile apr 7 2011mixmobi
 
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)Paris Open Source Summit
 
ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012Ulf Mattsson
 
Special BI Intelligence Presentation: Cracking The Mobile Code In Social Media
Special BI Intelligence Presentation: Cracking The Mobile Code In Social MediaSpecial BI Intelligence Presentation: Cracking The Mobile Code In Social Media
Special BI Intelligence Presentation: Cracking The Mobile Code In Social MediaJulie Hansen
 
Choosing the Right Data Security Solution
Choosing the Right Data Security SolutionChoosing the Right Data Security Solution
Choosing the Right Data Security SolutionProtegrity
 
Digiday Mobile with Business Insider: Will Mobile Ever Live Up to Its Promise?
Digiday Mobile with Business Insider: Will Mobile Ever Live Up to Its Promise?Digiday Mobile with Business Insider: Will Mobile Ever Live Up to Its Promise?
Digiday Mobile with Business Insider: Will Mobile Ever Live Up to Its Promise?Digiday
 
Protecting Data Privacy
Protecting Data PrivacyProtecting Data Privacy
Protecting Data PrivacyDirectorate of Information Security | Ditjen Aptika
 
Internet of Everything
Internet of EverythingInternet of Everything
Internet of EverythingCisco Services
 
Smarter Planet: How Big Data changes our world
Smarter Planet: How Big Data changes our worldSmarter Planet: How Big Data changes our world
Smarter Planet: How Big Data changes our worldKim Escherich
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonUlf Mattsson
 
TC Veri Merkezi - 29 Ekim 2023
TC Veri Merkezi - 29 Ekim 2023TC Veri Merkezi - 29 Ekim 2023
TC Veri Merkezi - 29 Ekim 2023halilaksu
 
Beck Final
Beck FinalBeck Final
Beck FinalTUESDAY Business Network
 
Ulf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf Mattsson
 
Change Management and the Future of Legal Education
Change Management and the Future of Legal EducationChange Management and the Future of Legal Education
Change Management and the Future of Legal EducationLegal Evolution PBC
 
Introduction to IT Security
Introduction to IT SecurityIntroduction to IT Security
Introduction to IT SecurityCade Zvavanjanja
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 

Weitere ähnliche Inhalte

Ähnlich wie Top 11 Ground-Breaking Data Breaches of 2011

Knabusch shoemaker seminar mobile apr 7 2011
Knabusch shoemaker seminar mobile apr 7 2011Knabusch shoemaker seminar mobile apr 7 2011
Knabusch shoemaker seminar mobile apr 7 2011mixmobi
 
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)Paris Open Source Summit
 
ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012Ulf Mattsson
 
Special BI Intelligence Presentation: Cracking The Mobile Code In Social Media
Special BI Intelligence Presentation: Cracking The Mobile Code In Social MediaSpecial BI Intelligence Presentation: Cracking The Mobile Code In Social Media
Special BI Intelligence Presentation: Cracking The Mobile Code In Social MediaJulie Hansen
 
Choosing the Right Data Security Solution
Choosing the Right Data Security SolutionChoosing the Right Data Security Solution
Choosing the Right Data Security SolutionProtegrity
 
Digiday Mobile with Business Insider: Will Mobile Ever Live Up to Its Promise?
Digiday Mobile with Business Insider: Will Mobile Ever Live Up to Its Promise?Digiday Mobile with Business Insider: Will Mobile Ever Live Up to Its Promise?
Digiday Mobile with Business Insider: Will Mobile Ever Live Up to Its Promise?Digiday
 
Internet of Everything
Internet of EverythingInternet of Everything
Internet of EverythingCisco Services
 
Smarter Planet: How Big Data changes our world
Smarter Planet: How Big Data changes our worldSmarter Planet: How Big Data changes our world
Smarter Planet: How Big Data changes our worldKim Escherich
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonUlf Mattsson
 
TC Veri Merkezi - 29 Ekim 2023
TC Veri Merkezi - 29 Ekim 2023TC Veri Merkezi - 29 Ekim 2023
TC Veri Merkezi - 29 Ekim 2023halilaksu
 
Ulf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf Mattsson
 
Change Management and the Future of Legal Education
Change Management and the Future of Legal EducationChange Management and the Future of Legal Education
Change Management and the Future of Legal EducationLegal Evolution PBC
 
Introduction to IT Security
Introduction to IT SecurityIntroduction to IT Security
Introduction to IT SecurityCade Zvavanjanja
 

Ähnlich wie Top 11 Ground-Breaking Data Breaches of 2011 (15)

Knabusch shoemaker seminar mobile apr 7 2011
Knabusch shoemaker seminar mobile apr 7 2011Knabusch shoemaker seminar mobile apr 7 2011
Knabusch shoemaker seminar mobile apr 7 2011
 
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)
EOLE / OWF 12 - USA practices in m&a-l. philip odence (eole2012)
 
ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012
 
Special BI Intelligence Presentation: Cracking The Mobile Code In Social Media
Special BI Intelligence Presentation: Cracking The Mobile Code In Social MediaSpecial BI Intelligence Presentation: Cracking The Mobile Code In Social Media
Special BI Intelligence Presentation: Cracking The Mobile Code In Social Media
 
Choosing the Right Data Security Solution
Choosing the Right Data Security SolutionChoosing the Right Data Security Solution
Choosing the Right Data Security Solution
 
Digiday Mobile with Business Insider: Will Mobile Ever Live Up to Its Promise?
Digiday Mobile with Business Insider: Will Mobile Ever Live Up to Its Promise?Digiday Mobile with Business Insider: Will Mobile Ever Live Up to Its Promise?
Digiday Mobile with Business Insider: Will Mobile Ever Live Up to Its Promise?
 
Protecting Data Privacy
Protecting Data PrivacyProtecting Data Privacy
Protecting Data Privacy
 
Internet of Everything
Internet of EverythingInternet of Everything
Internet of Everything
 
Smarter Planet: How Big Data changes our world
Smarter Planet: How Big Data changes our worldSmarter Planet: How Big Data changes our world
Smarter Planet: How Big Data changes our world
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
 
TC Veri Merkezi - 29 Ekim 2023
TC Veri Merkezi - 29 Ekim 2023TC Veri Merkezi - 29 Ekim 2023
TC Veri Merkezi - 29 Ekim 2023
 
Beck Final
Beck FinalBeck Final
Beck Final
 
Ulf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare version
 
Change Management and the Future of Legal Education
Change Management and the Future of Legal EducationChange Management and the Future of Legal Education
Change Management and the Future of Legal Education
 
Introduction to IT Security
Introduction to IT SecurityIntroduction to IT Security
Introduction to IT Security
 

Mehr von Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 

Mehr von Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 

Kürzlich hochgeladen

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 

Kürzlich hochgeladen (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 

Top 11 Ground-Breaking Data Breaches of 2011

  • 1. Top 11 Ground-Breaking Data Breaches of 2011 Robert Rachwald Director, Security Strategy, Imperva
  • 2. Agenda  Compare data breach trends in 2011 versus 2010  Examine the top eleven data security breaches of 2011  Provide guidance for 2012 data security initiatives based on lessons from 2011
  • 3. Today’s Presenter Rob Rachwald, Dir. of Security Strategy, Imperva  Research + Directs security strategy + Works with the Imperva Application Defense Center  Security experience + Fortify Software and Coverity + Helped secure Intel’s supply chain software + Extensive international experience in Japan, China, France, and Australia  Thought leadership + Presented at RSA, InfoSec, OWASP, ISACA + Appearances on CNN, SkyNews, BBC, NY Times, and USA Today  Graduated from University of California, Berkeley
  • 5. Volume of Stolen Data 250,000,000 200,000,000 Volume of Data Taken 150,000,000 100,000,000 50,000,000 0 2009 2010 2011 Source: privacyrights.org
  • 6. Volume of Stolen Data 250,000,000 200,000,000 VA Breach Volume of Data Taken 150,000,000 Heartland 100,000,000 Payment Systems Breach 50,000,000 0 2009 2010 2011 Source: privacyrights.org
  • 7. Number of Data Breach Incidents 500 450 Number of Data Breach Incidents 400 350 300 484 250 424 200 150 250 100 50 0 2009 2010 2011 Source: privacyrights.org
  • 8. Volume of Stolen Data by Type 3,000,000 2,500,000 2,000,000 Volume of Data Taken 2009 1,500,000 2010 2011 1,000,000 500,000 0 Insider Physical Loss Stationary Unknown Payment Device Fraud Source: privacyrights.org
  • 9. Volume of Stolen Data by Type 140,000,000 120,000,000 Volume of Data Taken 100,000,000 80,000,000 2009 60,000,000 2010 40,000,000 2011 20,000,000 0 Hack Portable Device Source: privacyrights.org
  • 10. The Insider Threat Hacker Malicious Insider 29% 33% Non Malicious Insider 38% Source: Securosis 2010 Data Security Survey
  • 11. Data Records Taken by Vertical I 140,000,000 120,000,000 100,000,000 Volume of Data Taken 2009 80,000,000 2010 60,000,000 2011 40,000,000 20,000,000 0 Financial/Insurance Government Source: privacyrights.org
  • 12. Data Records Taken by Vertical II 14,000,000 12,000,000 10,000,000 Volume of Data Taken 8,000,000 2009 2010 6,000,000 2011 4,000,000 2,000,000 0 Medical Education Other Retail Nonprofit Source: privacyrights.org
  • 13. Data Records Taken by Vertical II 14,000,000 12,000,000 10,000,000 Volume of Data Taken 8,000,000 2009 2010 6,000,000 2011 4,000,000 2,000,000 0 Medical Education Other Retail Nonprofit Source: privacyrights.org
  • 14. Number of Data Breach Incidents by Vertical 500 450 Number of Data Breach Incidents 400 350 300 250 200 2009 150 2010 100 2011 50 0 Source: privacyrights.org
  • 15. Software Security Spend Growth $16.50 $16.00 11% increase $15.50 Billion $USD $16.50 $15.00 $14.50 $14.80 $14.00 $13.50 2009 2010 Source: Imthishan Giado. “Global security spend to blast past $16 billion.” ITP.net. 23 Aug 2010.
  • 17. #1: In 2010, Digital Theft Exceeded Physical “Reported thefts of information and 1.7 1.8 electronic data have 1.6 1.4 risen by half in the 1.4 past year and for the 1.2 Digital first time have 1 Physical Assets Assets surpassed physical 0.8 property losses as the 0.6 biggest crime problem 0.4 for global 0.2 companies…” 0 Cost per $1B Source: Brooke Masters and Joseph Menn. “Data theft overtakes physical losses.” FT.com. 18 Oct. 2010.
  • 18. #2: Enterprises in the Cross Hairs “The bad guys have figured out that rather than getting $500 from 1,000 accounts you can get $500,000 from one corporate account in one go…” Source: Brooke Masters and Mary Watkins. “Hackers turn attention to corporate data theft.” FT.com. 18 Oct. 2010.
  • 19. #3: Hacktivism Goes Corporate  Lulzsec: team of hackers focused on breaking applications and databases  Hacking for profit: strong similarity to the attacks employed by Lulzsec during their campaign  Lulzsec used: + SQL injection (SQLi) + Cross-site scripting (XSS) + Remote file inclusion (RFI)
  • 20. #4: Automation is Prevailing “investigators noticed a higher proportion of automation with respect to attack methods…” Source: Verizon Data Breach Report, 2010
  • 21. #4: Automation is Prevailing Apps under automated attack: 25,000 attacks per hour. ≈ 7 per second On Average: 27 attacks per hour ≈ 1 probe every two minutes
  • 22. #5: Security 2.0 May Be Coming “The top five security providers — led by Symantec and McAfee — accounted for 44 percent of the $16.5 billion worldwide security software market in 2010, according to Gartner. That’s down from 60 percent in 2006.” Source: Dina Bass and Zachary Tracer. “Hacker ‘Armageddon’ Forces Symantec, McAfee to Seek Fixes.” Bloomberg.com. 4 Aug. 2011.
  • 23. #5: Security 2.0 May Be Coming “The security industry may need to reconsider some of its fundamental assumptions, including 'Are we really protecting users and companies?’” --McAfee, August 2011 Source: Dan Rowinski. “McAfee to Security Industry: 'Are We Really Protecting Users and Companies?‘” The New York Times. 23 Aug. 2011.
  • 24. Top 11 Ground-Breaking Breaches of 2011
  • 26. The Details  Breach Size: 43,000 records  Date: August 2011  Source: Network World  Significance: + Google hacking in action + “The breach resulted when a File Transfer Protocol (FTP) server on which the data was stored became searchable via Google as the result of a change the search engine giant made last September.” + Yale blamed Google! Source: Jaikumar Vijayan. “Yale warns 43,000 about 10-month-long data breach”. Network World. 22 Aug. 2011.
  • 27. #10: Cars for Sale Online
  • 28. The Details  Breach Size: + $44.5M in consumer fraud + 14,000 reported incidences to law enforcement  Date: August 2011  Source: Network World  Significance: + XSS attack moved victims to… + …Spoofed websites + Strong use of social networking Source: Michael Cooney. “FBI warns of growing car-buying cyberscams”. Network World. 16 Aug. 2011.
  • 29. The Facebook Page Still Exists!
  • 30. #9: Medical Records Leaked and Placed Online
  • 31. The Details  Breach Size: 300,000 medical records  Date: September 2011  Source: Chicago Tribune  Significance: + Highlights the persistent interest in medical records + Illustrates how criminals and non-criminals can use medical records – Criminals: Blackmail and public humiliation – Non-criminals: "The information can also be used by insurance companies to inflate rates, or by employers to deny job applicants." + Highlights the gaps with HIPAA HITECH + Foreshadows issues with broader digitization of electronic health records Source: Chicago Tribune, Sept. 2011.
  • 34. The Details  Breach Size: 35M records + Including phone numbers, email addresses, names, and encrypted information about the sites‘ members  Date: July 2011  Source: BBC  Significance: + Facebook claims 800M users today + Social engineering is one of the fastest growing topics in hacker forums Source: “Millions hit in South Korean hack.” BBC News. 28 Jul. 2011.
  • 36. The Details  Breach Size: 7K downloads per week  Date: September 2011  Source: code.google.com  Significance: + Automated Facebook hacking + Broader implications for social networking: – Give job recommendations over Linkedin – Provide a bridgehead for further social engineering • Ask your IT Admin (over FB – since you are friends now!) “I can't login to something, can you reset may password?” • Defraud relatives with money scams: "I'm stuck in Vegas with no money." Source: “fbpwn.” http://code.google.com/p/fbpwn/
  • 39. The Details  Breach Size: + A small array of scripts programmed to pass themselves off as real people stole 250 gigabytes worth of personal information from Facebook users in just eight weeks  Date: November 2011  Source: The Register  Significance: + Automated Facebook hacking + Highlighted the weaknesses of Facebook’s security Source: Dan Goodin. “Army of 'socialbots' steal gigabytes of Facebook user data.” The Register. 1 Nov. 2011.
  • 41. The Details  Breach Size: + Thousands of usernames/passwords breached + Tupac resurrected  Date: May 2011  Source: The New York Times  Significance: + Media wake up call + SQL injection becomes a common business term Source: John Markoff. “Hackers Disrupt PBS Web Site and Post a Fake Report About a Rap Artist.” The New York Times. 30 May 2011.
  • 43. The Details  Breach Size: If you have to ask…  Date: July 2011  Significance: + Hacking becomes part of our everyday lives + Anti-virus, firewalls, code review, etc…: USELESS Source: “News International phone hacking scandal.” Wikipedia.
  • 45. Need To Justify The Cost of Security?
  • 46. The Details  Breach Size: + 100M credit cards (12M unencrypted)  Date: April 2011  Source: Playstation.blog  Significance: + Security becomes a business problem, not just a set of technologies – Data governance just as important as financial reporting or brand management – Put the role of a CISO in perspective: You need one! Source: Patrick Seybold. “A Letter from Howard Stringer.” 5 May 2011.
  • 47. #2: Government Web Sites for Sale
  • 48. The Details  Breach Size: Dozens of websites for sale  Date: January 2011  Source: Krebsonsecurity.com  Significance: “ “Amid all of the media and public fascination with threats like Stuxnet and weighty terms such as “cyberwar,” it’s easy to overlook the more humdrum and persistent security threats, such as Web site vulnerabilities. But none of these distractions should excuse U.S. military leaders from making sure their Web sites aren’t trivially hackable by script kiddies.” Source: Brian Krebs. “Ready for Cyberwar?” Krebsonsecurity.com. 21 Jan. 2011.
  • 49. #1: Chinese Hacking Industry Exposed
  • 50. The Details  Breach Size: No one knows  Date: April 2011  Source: Sky News  Significance: + Highlights the partnership between government, hacking, and industry in China + Evidence that China is winning in their intention to be “the leader in information warfare” Source: Holly Williams. “China's Cyber Hackers Target Western Firms.” Sky News. 18 Apr. 2011.
  • 54. Our Story in 60 Seconds Attack Usage Protection Audit Virtual Rights Patching Management Reputation Access Controls Control
  • 55. Webinar Materials Get LinkedIn to Imperva Data Security Direct for… Answers to Post-Webinar Attendee Discussions Questions Webinar Webinar Slides Recording Link