Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

True Cost of Data Breaches

3.010 Aufrufe

Veröffentlicht am

Matthew Rosenquist, Cybersecurity Strategist at Intel corp, presented at the 2016 iSMG Fraud and Data Breach summit in San Francisco

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

True Cost of Data Breaches

  1. 1. Fraud and Data Breach Prevention Summit San Francisco Matthew Rosenquist | Intel Corp The True Cost of Data Breaches Not Just a Dollar-per-Record March 22-23, 2016 – San Francisco, CA
  2. 2. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit2 About the Speaker Matthew Rosenquist Cybersecurity Strategist and Evangelist Matthew Rosenquist is a cybersecurity strategist with a passion for his chosen profession. Benefiting from 25 years of experience in Fortune 100 corporations, he thrives at establishing strategic organizations and capabilities which deliver cost effective security capabilities. As a cybersecurity strategist, he champions the meaningfulness of security, advises on emerging opportunities and threats, and advocates an optimal balance of cost, controls, and productivity throughout the industry. Matthew is an outspoken evangelist of cybersecurity and strives to advance the protection of technology and users. His voice can be heard at conferences, in security whitepapers, videos, and numerous blogs. He specializes in strategic threat analysis, security planning, solution optimization, measuring security value, policy and compliance management, risk assessments, investigations, and crisis response.
  3. 3. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit3 “Sony's own network has been thoroughly penetrated and turned against it” “TalkTalk has been hacked, leaving thousands of customers at risk” It is a Data Breach World
  4. 4. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit4 It is a Data Breach World By 2020, 1.5+ billion people worldwide will be affected by data breaches Source: IDC
  5. 5. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit5 It is a Data Breach World In 2015, overt 700 million records were lost or stolen (that is 80k per hour) Source: Gemalto
  6. 6. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit6 It is a Data Breach World Top 10 Healthcare breaches of 2015, affected almost 35% of the US population Source: Office of Civil Rights
  7. 7. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit7 It is a Data Breach World Just for California… 171 breaches involving 24m million records (3 out of 5 Californians) Source: https://oag.ca.gov/breachreport2016#summary
  8. 8. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit8 Source: http://www.informationisbeautiful.net $252M $88M Size of a Breach Number of Records Lost Is only one aspect
  9. 9. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit9 Source: http://www.informationisbeautiful.net $252M $88M Severity Sensitivity of records lost Is an important consideration
  10. 10. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit10 Impacts of Data Breaches A number of aspects contribute to cascading impacts: • Incident Response Costs • Customer Satisfaction • Tarnished Reputation • Business Disruption • Loss of Leadership • Lower Stock Price • Regulatory Hurdles • Litigation • Opportunity Costs
  11. 11. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit11 Numbers and Models Vary Greatly Ponemon linear calculation Survey Data Costs are flat per record Year Cost per Record 2012 $130 2013 $136 2014 $145 2015 $154 Verizon DBIR variable calculation Costs scale based upon quantity Source: Ponemon Source: Verizon
  12. 12. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit12 Cost Estimates are Not Consistent Rough estimation of some numbers… The various cost models are not consistent or accurate for all cases Breach Records Ponemon Per Record Verizon Scale Model NetDilligence Calculator Reported or Estimated Loss Target 70000k $10800 million $15 million (.7m-$329m range) $345 million (IR & Cust Mgmt) $252m TalkTalk 150k $23 million $.7 million $3.2 million $88m Anthem 80000k $12300 million $17 million $478 million $100-$200m est.
  13. 13. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit13 Costs walkthrough • Every breach is different! • Big Costs: – Incident Response and customer risk mitigation (ex. credit monitoring) – Litigation, lawsuits, regulatory reviews, etc. – New security controls, insurance, auditing – Business impacts (customer loyalty, stock price, etc.) • Insurance coverage can offset some costs • Effective Incident Response can limit damages • Improved security can reduce recurrence risks Typical SMB Incident Response1: • Incident Response $25-$30k (A few days work for the pro’s) • Root cause analysis with infrastructure and policy recommendations: $100k (~10 weeks) • Does not include other costs… Source: Foundstone 1 Many factors at play, this is just a ballpark figure based on actual cases worked. Mileage will vary.
  14. 14. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit14 The Real Costs AspectsBreachImpacts&Recovery • Incident Response & Forensics • User Notification • Public Relations & brand protection • Crisis Management • Customer risk mitigation measures (new cards, password resets, credit watch, etc.) SecurityImprovement Investments • Prevention controls • Product/Service design & test (including vendors & 3rd parties) • Breach Insurance, audit, & certification • Management, staffing, oversight, and reporting BusinessDisruption& OpportunityCosts • Customer goodwill, trust • 3rd party (vendors and suppliers) relationships • Design for security costs and product-to-market delays • Security assurance overhead • Impacts to innovation • Leadership disruption • Marketing & new message campaigns
  15. 15. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit15 Response of Breach Victims Vary Risk Mitigation Crisis Management Incident Response Breach Discovery Management Oversight and Ownership Risk Assurance & Transfer Product & Service production Broader Risk Assessment Optimize security posture & costs Offset impacts to innovation and product delivery Plan & Prepare for future security incidents BASIC MATURE PROFESSIONAL
  16. 16. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit16 Recommendations • Secure the environment & data with industry best practices • Align/pre-stage resources (ex. legal, CERT, PR, management, etc.) • Plan for a breach, test response annually • Implement/tune Disaster Recovery and Business Continuity (DRBC) • Tighten data policies (retention, access, storage, oversight, etc.) • Evaluate cyber data-breach insurance • Risk assessment for vendor and suppliers weaknesses
  17. 17. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit17 Future data security challenges • More data breaches! (both indirect targeting and directed attacks) • Secondary attacks against previous victims, who have not taken proper steps to secure their environment • Tuning of insurance rates and coverage • Integrity attacks gain momentum (ex. ransomware, CEO email fraud, transaction tampering, etc.)
  18. 18. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit18 Conclusions • The risks of Data Breaches are real and broadening • Actual costs of Data Breaches are more complex than the perception • Eventually everyone will experience a loss… • Manage your Risks! (this greatly determines the amount of loss) • Common sense applies: – Follow industry best-known-methods to secure data to reduce risks – Organize and prepare. Be proactive! – React quickly with professionals (organic or external) to limit losses – Apply learnings to protect from recurrence …Yes, this means you!
  19. 19. Thank You for Attending!

×