2. 2
IT advisory
Agenda
Brief Look at Current Data Breach Trends
Security Incidents – What are we seeing?
Common Scenarios
Benefits of a Security Assessment
9. 9
IT advisory
Recent Statistics
Breach Root Causes 2015
Malicious or Criminal Attack
System Glitch
Human Error
Source: Ponemon Institute 2015 Cost of Data Breach Study
47%
25%
29%
11. 11
IT advisory
Recent Statistics
Source: Health and Human Services
Improper Disposal
5%
Hacking/IT
Incident
7%
Loss
14%
Theft
51%
Unknown
3%
Unauthorized
Access
20%
Types of Breaches 500+
15. 15
IT advisory
Recent Known Breaches
Target Michaels
Neiman Marcus AOL
Experian PF Chang’s
Humana – Atlanta JP Morgan Chase
Home Depot Jimmy John’s
Anthem Federal Gov’t
SC Department of Revenue
NC Department of Transportation
16. 16
IT advisory
Additional Breach Examples
www.privacyrights.org
Insurance Vendor inadvertent file access Unknown
Capital Management Undetected hack accessed databases 800
Insurance Forms sent to DOL posted to public site Unknown
Credit Union File published on website 39,000
Investment
Management
COBRA database accessed Unknown
NASDAQ Malware installed between 11/08 &
10/10
Unknown
Bank Malware on employees computer 115,775
Bank Data not redacted for court records 146,000
Bank Backup tapes missing during transport Unknown
17. 17
IT advisory
Data Mobility
2 of 5 employees download work files to
personal devices
2 of 5 employees plan to use old company data
in new jobs
56% of employees do not believe it is a crime to
use a competitor’s trade secrets
68% say their company does not take steps to
deter data leakage
- Symantec study
18. 18
IT advisory
Increasing Compliance Demands
Financial Institutions / Public Companies
Gramm-Leach-Bliley
PCI – Credit and debit card data
HIPAA – healthcare / patient data
FISMA - Federal Government Contractors
Large / public customer requirements
Service Organization Controls Reporting
Individual state requirements
19. 19
IT advisory
What can I do?
Question – If someone was trying to breach
your systems today …
WHO WOULD BE THE FIRST TO NOTICE IT?
Determined by People, Process, Technology in place
Reducing risk will require investment …
Skillsets / resources
Software / hardware solutions
Third party relationships for monitoring
20. 20
IT advisory
Unanticipated Costs
Investigation Costs
Regulatory / Industry Fines or Penalties
Remediation / Infrastructure Change
Costs
Brand Damage
24. 24
IT advisory
Victim Identification
Sea of opportunity = 1 out of every 7 people
have data worth targeting
1 Billion targets worldwide
Infiltration
Using the low hanging fruit exploit methods
Not burning Zero-days exploits
Cybercrime Lifecycle
25. 25
IT advisory
Propagation
In the past, we saw hackers grabbing the
databases or flat files and leaving
Now, we see hackers latching on data
sources and persisting
Aggregation
Exploit a server or workstation in a
Business’ internal network
This device become an aggregation point for
data collection
Cybercrime Lifecycle
26. 26
IT advisory
Data Exfiltration
Using advance techniques to exfiltrate data
Encryption
Buyer Identification
Web forums
Sometimes up 10,000 users
Liquidate the data and collect the cash
Cybercrime Lifecycle
27. 27
IT advisory
Recycling
The organization reinvests their $$$
Recycle tools and techniques learned
Re-implement these tools, techniques and
lessons learned against the next victim
Cybercrime Lifecycle
40. 40
IT advisory
Common Scenario
Sluggish Internet
Strange messages / prompts
Minor file / folder changes and additions
User / system ID changes and additions
Notification from employees’ banks of
suspicious Web logon attempts
41. 41
IT advisory
Common Scenario
Multiple file transfer / receipt methods
Weak remote access controls
Limited / part-time internal IT resources
No proactive monitoring – relying on
standard Malware/AV products
42. 42
IT advisory
Common Scenario
Use of small third party company for IT
support – NO SECURITY FOCUS!
Outdated software patches / virus
signatures
Low level of employee / customer
awareness
43. 43
IT advisory
Common Scenario
Visitors / non-employees not challenged
when onsite
Data on printers?
Workstations?
Other common vulnerabilities?
44. 44
IT advisory
Common Results
Nuisance viruses
Key logger on individual machines
Botnet sending data outside of the network
Malware
Ransomware