THE UNSEEN ENEMY

PROTECTING THE BRAND, THE ASSETS AND THE CUSTOMERS
Technology – Connecting the world…
 9 billon connected devices predicted
to rise to 24 billion by 2020
 If Facebook were...
In the News

Page 3
Recent Studies
 2013 Trustwave Global Security Report
• Retail industry made up 45% of data breach investigations studied...
Why Should Retailers Be Concerned?
 Retail industry is now the top target for cybercriminals
 Annual U.S. retail e-comme...
What Must Retailers Protect?

Page 6

Credit card
information

Private
employee
data

Intellectual
Property

Customer
Info...
How Breaches Occur
Criminal Act
by Outsider

Vendor
Error

Human Error

Page 7

Technology
Failure

Employee
Misconduct
Case Studies

Resource: Retail Fail: Walmart, Target Fared Worst In Def Con Social Engineering Contest

Page 8
What are the options for handling the risk?

Retain

Allocate

Transfer

Page 9

Keep the risk within the organization

In...
Types of Insurable Risks

Third Party

Page 10

First Party
Costs
 Types
• Hard
• Soft
• Time

 Retail companies see much more

significant costs around cyber attacks

 According ...
What Do You Know About Your Data?
 Location
• Cloud
• Physical environment
• Is your data co-located?

 Service Level Ag...
Actions Following a Breach
Functional Steps
Deploy

Preserve

Identify

Notify

DEPLOY AN INCIDENT RESPONSE TEAM

PRESERVE...
Actions Following a Breach (Continued)
Functional Steps
Deploy

Preserve

Identify

IDENTIFY THE FOLLOWING

NOTIFY

 How ...
Insurance Recovery Considerations in the Face of a
Security Breach or Data Loss or Claim
 Timely notice of claim (claims ...
Who Provides Services Around Cyber Risk?

Preventative/
Proactive
Assessment

Technology/
Data
Analytics

Legal

Page 16

...
CONTACT
Michael Barba, CISSP, CPP, DFCP, CNE, EnCE
Managing Director, BDO USA, LLP
mbarba@bdo.com
212-885-8120
Jeff Hall
S...
BDO is the brand name for BDO USA, LLP, a U.S. professional
services firm providing assurance, tax, financial advisory and...
Upcoming SlideShare
Loading in …5
×

The Unseen Enemy - Protecting the Brand, the Assets and the Customers

486 views

Published on

Michael Barba and Jeff Hall discuss the most pressing cyber-threats facing retailers and what companies can do in the event of a cyber breach, data loss or claim. Mr. Barba is a managing director and Mr. Hall is a senior manager with BDO Consulting.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
486
On SlideShare
0
From Embeds
0
Number of Embeds
124
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The Unseen Enemy - Protecting the Brand, the Assets and the Customers

  1. 1. THE UNSEEN ENEMY PROTECTING THE BRAND, THE ASSETS AND THE CUSTOMERS
  2. 2. Technology – Connecting the world…  9 billon connected devices predicted to rise to 24 billion by 2020  If Facebook were a country, it would be the 3rd largest in the world  Facebook kicks off over 1000 users per day because they are too young  In 2011, more video was uploaded to YouTube in a two month time period than if ABC, CBS, and NBC had been airing new content 24/7/365 since: 1948 Page 2
  3. 3. In the News Page 3
  4. 4. Recent Studies  2013 Trustwave Global Security Report • Retail industry made up 45% of data breach investigations studied (15% increase from 2011) • E-commerce sites were #1 targeted asset, accounting for 48% of all investigations  Symantec • Cumulative bill for cyber crimes in 24 countries totaled $388 billion last year • 431 million adults experienced some form of cyber crime last year, equating to nearly 1.2 million people per day or 14 per second Page 4
  5. 5. Why Should Retailers Be Concerned?  Retail industry is now the top target for cybercriminals  Annual U.S. retail e-commerce spending has surged 143% since 2004 to $161.52 billion last year. In fact, a report from IRMG indicates that internet/mobile shopping increased 15% in 2013.  Early estimates indicate that 20% of the upcoming holiday sales will be online  E-commerce attacks are emerging as a growing trend, surpassing the amount of point-of-sale attacks  Financial cost of a cyber attack is higher for businesses that sell products on the front-end, such as retailers  The SEC is pushing to require that companies disclose data breaches in their financial statements Page 5
  6. 6. What Must Retailers Protect? Page 6 Credit card information Private employee data Intellectual Property Customer Information Reputation and good will Confidential business information
  7. 7. How Breaches Occur Criminal Act by Outsider Vendor Error Human Error Page 7 Technology Failure Employee Misconduct
  8. 8. Case Studies Resource: Retail Fail: Walmart, Target Fared Worst In Def Con Social Engineering Contest Page 8
  9. 9. What are the options for handling the risk? Retain Allocate Transfer Page 9 Keep the risk within the organization Involve counsel to shift risk to suppliers and business partners Transfer the risk to another entity
  10. 10. Types of Insurable Risks Third Party Page 10 First Party
  11. 11. Costs  Types • Hard • Soft • Time  Retail companies see much more significant costs around cyber attacks  According to Neustar’s May 2012 report: • 65% of businesses said a site outage would cost them up to $10,000 an hour • 21% said it would cost $50,000/hour • 13% would lose $100,000/hour Page 11
  12. 12. What Do You Know About Your Data?  Location • Cloud • Physical environment • Is your data co-located?  Service Level Agreements • Breach notification  Law enforcement considerations need to be considered and addressed: • Requests to maintain secrecy or limit knowledge • Maintaining control of the investigation  Communications with insurers presumably are not privileged Page 12
  13. 13. Actions Following a Breach Functional Steps Deploy Preserve Identify Notify DEPLOY AN INCIDENT RESPONSE TEAM PRESERVE SYSTEM LOGS  IT Director  CIO  Human Resources  Legal  Internal or external security experts  Date, time, duration, and location of Page 13 breach
  14. 14. Actions Following a Breach (Continued) Functional Steps Deploy Preserve Identify IDENTIFY THE FOLLOWING NOTIFY  How was the breach discovered?  By whom?  Any additional details: • Entry and exit points • Compromised systems • Data deleted vs. modified vs.  Public relations  Insurance carrier viewed  Identify and understand details of the affected data Page 14 Notify
  15. 15. Insurance Recovery Considerations in the Face of a Security Breach or Data Loss or Claim  Timely notice of claim (claims made and reported?)  Involvement of counsel (internal & external) to review how coverage may respond. Consent to incur prudent or necessary expenses may be required: • Costs of crisis stage or legal compliance such as breach notification, credit monitoring, call center, forensics are vast majority of the expense on per record figures ($194 /record) • Defense expenses (private claims, regulatory claims)  Communications with insurers presumably are not privileged  “Labeling” of first party costs/categorization Page 15
  16. 16. Who Provides Services Around Cyber Risk? Preventative/ Proactive Assessment Technology/ Data Analytics Legal Page 16 Data Hosting/ Monitoring Forensic Accounting Public Relations
  17. 17. CONTACT Michael Barba, CISSP, CPP, DFCP, CNE, EnCE Managing Director, BDO USA, LLP mbarba@bdo.com 212-885-8120 Jeff Hall Senior Manager, BDO USA, LLP jhall@bdo.com 212-885-7339 Page 17
  18. 18. BDO is the brand name for BDO USA, LLP, a U.S. professional services firm providing assurance, tax, financial advisory and consulting services to a wide range of publicly traded and privately held companies. For more than 100 years, BDO has provided quality service through the active involvement of experienced and committed professionals. The firm serves clients through more than 40 offices and more than 400 independent alliance firm locations nationwide. As an independent Member Firm of BDO International Limited, BDO serves multinational clients through a global network of 1,204 offices in 138 countries. BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. www.bdo.com To ensure compliance with Treasury Department regulations, we wish to inform you that any tax advice that may be contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding tax-related penalties under the Internal Revenue Code or applicable state or local tax or (ii) promoting, marketing or recommending to another party any tax-related matters addressed herein. Material discussed in this publication is meant to provide general information and should not be acted on without professional advice tailored to your individual needs. © 2013 BDO USA, LLP. All rights reserved. www.bdo.com Page 18

×