The document summarizes the current threats to digital security, especially for the hospitality industry. It discusses how the digital universe is growing exponentially and driving more security risks. Common attacks on the hospitality industry include data breaches involving credit card malware at hotels, keylogger malware installed on business center computers, and website attacks. The presentation provides an overview of security best practices for people, processes, and technology to help secure organizations.
2. Presented by
In association with
Supported by
Agenda
By X Events Hospitality (www.x-events.in)Hotel Digital Security Seminar & Webinar, Sept 19, 2014
2
Current Landscape
Hospitality Industry - AttackVectors
How to SecureYourself
Q&A
3. Presented by
In association with
Supported by
Current Landscape
By X Events Hospitality (www.x-events.in)
3
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
4. Presented by
In association with
Supported by
Digital Universe is Growing
By X Events Hospitality (www.x-events.in)
4
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
180 EB
2006
2008
2011
200 EB 1800 EB 44 ZB
2014
1 Exabyte=1 Billion GB 1 Zettabyte = 1 Trillion GB
Source IDC 2014
Digital Universe is huge and growing exponentially
5. Presented by
In association with
Supported by
Growth Drivers
By X Events Hospitality (www.x-events.in)
5
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source:
http://thenextweb.com/apple/2012/01/25/there-are-now-more-
iphones-sold-than-babies-born-in-the-world-every-day/
371 K
Babies born per day
378 K
iPhones sold per day
6. Presented by
In association with
Supported by
Next BigThing - IoT
By X Events Hospitality (www.x-events.in)
6
Hotel Digital Security Seminar & Webinar, Sept 19, 2014Source IDC 2014
IoT consists of adding
computerization, software,
and intelligence to things as
varied as cars, toys, airplanes,
dishwashers,turbines, and
dog collars.
7. Presented by
In association with
Supported by
Is our information safe ?
By X Events Hospitality (www.x-events.in)
7
Hotel Digital Security Seminar & Webinar, Sept 19, 2014Source IDC 2014
of the data that needs to be
protected is not protected
52%DIGITAL
UNIVERSE
Data needing Protection:
• Corporate Data
• Medical Records
• User Account
Information
• Personal Identifiable
Information
8. Presented by
In association with
Supported by
The Numbers Don’t Lie
By X Events Hospitality (www.x-events.in)
8
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source: http://online.wsj.com/news/articles/SB10001424052702303933404577504790964060610
76% of the US Companies had
a cyber security incident
reported in the last year
9. Presented by
In association with
Supported by
AttackVectors for Hospitality Industry
AttackVectors
By X Events Hospitality (www.x-events.in)
9
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
10. Presented by
In association with
Supported by
Data Breach hit 14 Hotels
By X Events Hospitality (www.x-events.in)
10
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source:http://www.cnbc.com/id/101396464#.
In 13 of the 14 cases, the malware
was in the credit and debit card
readers at the hotels' restaurants
and gift shops.
11. Presented by
In association with
Supported by
Keylogger Malware
By X Events Hospitality (www.x-events.in)
11
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source:http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/
The U.S. Secret Service is
advising the hospitality
industry to inspect computers
made available to guests in
hotel business centers,
warning that crooks have been
compromising hotel business
center PCs with keystroke-
logging malware in a bid to
steal personal and financial
data from guest.
12. Presented by
In association with
Supported by
Repeated Computer Hacks
By X Events Hospitality (www.x-events.in)
12
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source:http://edition.cnn.com/2012/06/26/travel/wyndham-hacking/index.html
Wyndham Hotels' lax security
policies allowed Russian
hackers to access more than
500,000 customer accounts on
three separate occasions
between 2008 and 2010.
Hackers used the data to rack
up more than $10.6 million in
fraudulent credit card
transactions, according to the
suit filed in the U.S. District
Court of Arizona.
13. Presented by
In association with
Supported by
Attacks onWebsite
By X Events Hospitality (www.x-events.in)
13
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
S Can you spot
Security Risk on
this compromised
Website ?
14. Presented by
In association with
Supported by
Social Engineering Attacks
By X Events Hospitality (www.x-events.in)
14
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Operator to Guest:
Excuse me sir, I am
calling from Front
Desk, Can I have your
credit card number
please ?
What you will do ?
15. Presented by
In association with
Supported by
How safe I am ?
By X Events Hospitality (www.x-events.in)
15
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
No business is
immune from threats.
Threats can come in
any shape and size
Need Threat
Intelligence
16. Presented by
In association with
Supported by
Most Common Attacks
By X Events Hospitality (www.x-events.in)
16
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source:Verizon DBIR 2014 Data Breach Report
"The universe of threats
may seem limitless, but
92% of the 100,000
incidents we've analyzed
from the last 10 years
can be described by just
nine basic patterns.“
-Verizon DBIR 2014
17. Presented by
In association with
Supported by
Is it applicable to me?
By X Events Hospitality (www.x-events.in)
17
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source : DBIR 2014 Data Breach Report
18. Presented by
In association with
Supported by
Cyber Risks in India
By X Events Hospitality (www.x-events.in)
18
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source:https://gigaom.com/2013/06/25/new-google-report-shows-malware-by-country-highest-rates-in-india-
central-europe/
The highest rate of
malware, however, doesn’t
belong to obvious suspects
like Russia or Ukraine (8%
each), but instead India
(15%) and many Latin
American countries like
Mexico (12%) and Chile
(11%).
19. Presented by
In association with
Supported by
Cyber Risks in India
By X Events Hospitality (www.x-events.in)
19
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Source:http://zeenews.india.com/news/nation/9174-indian-websites-hacked-till-may-it-minister_947431.html
9,174 Indian websites were hacked
by various hacker groups from
different parts of the world till May
2014.
62,189 security incidents were
reported during the same period
to the Indian CERT-In
20. Presented by
In association with
Supported by
How to Secure Yourself ?
By X Events Hospitality (www.x-events.in)
20
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
21. Presented by
In association with
Supported by
Need Systemic Approach
By X Events Hospitality (www.x-events.in)
21
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
Ad-hoc Approach Systemic Approach
22. Presented by
In association with
Supported by
What can I do about it?
By X Events Hospitality (www.x-events.in)
22
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
EXECUTEASSESS MONITOR
Find out your current
Security Posture by
doing Gap
Assessment
Vulnerability
Assessment
and Penetration
Testing
Implement the
Roadmap
Monitor and Improve
DEFINE
Define a Roadmap
with Short, Medium
and Long tem Action
Plan
23. Presented by
In association with
Supported by
People, Process & Technology
By X Events Hospitality (www.x-events.in)
23
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
- UTM. Firewalls
- IDS/IPS
- Data Center Security
- Physical Security
- DLP
-IRM
- SIM/SIEM
-Managed Security
Services
-Encryption
- Malware Protection
-Threat Intelligence
-Training
- Awareness
- HR Policies
- Background
Checks
-Roles /
responsibilities
- Social Engineering
- Social Networking
-Acceptable Use
- Risk Management
- Asset Management
- Data Classification
-Info Rights Mgt
- Access Management
- Change Management
- Patch Management
- Configuration Mgmt
- Incident Response
- Incident Management
TechnologyPeople Process
24. Presented by
In association with
Supported by
Q & A
By X Events Hospitality (www.x-events.in)
24
Hotel Digital Security Seminar & Webinar, Sept 19, 2014
25. Presented by
In association with
Supported by
By X Events Hospitality (www.x-events.in)Hotel Digital Security Seminar & Webinar, Sept 19, 2014
25
Stay Safe!
@satamsantosh
santosh@securbay.com
/securbay
www.SecurBay.com