Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Upcoming SlideShare
Loading in...5
×
 

Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor

on

  • 719 views

Data breaches and security issues plague financial institutions constantly. They are important to safeguard against for the protection of confidential information housed at institutions and for the ...

Data breaches and security issues plague financial institutions constantly. They are important to safeguard against for the protection of confidential information housed at institutions and for the regulatory exams that expect detailed security plans in place. Douglas Jambor, Vice President and Director of Technology Consulting at Turner & Associates, provides insight into the topic of data breaches and penetration testing. He reviews these security topics, discusses how to implement a plan in the case of a security breach, and how to limit data breach risk exposures to your organization.

Statistics

Views

Total Views
719
Views on SlideShare
705
Embed Views
14

Actions

Likes
0
Downloads
6
Comments
0

2 Embeds 14

http://www.linkedin.com 13
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor Presentation Transcript

    • Presented by: Doug Jambor Turner and Associates
    •  Financial information company that provides credit and risk management solutions to financial institutions Data and applications used by thousands of financial institutions and accounting firms across North America Awards ◦ Named to Inc. 500 lit of fastest growing privately held companies in the U.S. ◦ Named to Deloitte Technology Fast 500
    • Turner and Associates, Inc., was formed in 1994 in Columbus, Ohio to address the financial needs of small businesses and the lending functions of Banks.
    •  Data Breaches ◦ Lessons Learned ◦ Key Takeaways
    •  So, what are data breaches? ◦ Unintended disclosure of sensitive information ◦ Cyber Attacks ◦ Payment card fraud
    •  Data breaches are also caused by: ◦ Malicious insiders ◦ Physical data loss ◦ Portable device loss
    •  Lastly, data breaches could be caused by: ◦ Hardware loss ◦ Unknown data loss
    •  History of the 10 largest data breaches: 1. Shanghai Roadway (March, 2012) 150 Million records 2. Heartland Payment Systems (January, 2009) 130 Million records 3. T.J. Maxx (January 2007) 94 Million Records
    •  History of the 10 largest data breaches: 4. TRW / Sears Roebuck (June,1984) 90 Million records 5. Sony Corporation (April, 2011) 77 Million records 6. Unknown Company (August, 2008) 50 Million Records
    •  History of the 10 largest data breaches: 7. Card Systems (June, 2005) 40 Million records 8. Tianya (December, 2011) 40 Million records 9. Steam On-line Gaming (November, 2011) 35 Million Records
    •  History of the 10 largest data breaches: 10. SK Communications (July, 2011) 35 Million records
    •  2011 was a game changer ◦ Four of the top 10 biggest data breaches happened this year
    •  2011 was a game changer ◦ Hackivism come through the doors
    •  Larry Ponemon 2012 RSAConference inSan Francisco
    •  Can we stop data breaches? ◦ No
    •  What are the primary motives behind data breaches? ◦ Criminal element & $$$ ◦ Verizon 2012 DBIR:
    •  Who is behind data breaches? ◦ Verizon 2012 DBIR:
    •  How do data breaches occur? ◦ Verizon 2012 DBIR:
    • What commonalities exist between databreaches? ◦ Verizon 2012 DBIR:
    •  Industry groups represented by percent of breaches ◦ Verizon 2012 DBIR:
    •  Industry groups represented by percent of breaches ◦ Verizon 2012 DBIR:
    •  Threat agents over time by percent of breaches ◦Verizon 2012 DBIR:
    •  Compromised assets by percent of breaches and records ◦ Verizon 2012 DBIR:
    •  Timespan of events by percent of breaches ◦ Verizon 2012 DBIR:
    •  So why are data breaches so damaging? ◦ They impact your organization’s bottom line ◦ Average cost is almost $18K per day ◦ All industries are susceptible data breaches
    •  Average annualized cyber crime cost weighted by attack frequency ◦ Ponemon:
    •  Percentage cost for external consequences ◦ Ponemon:
    •  Responding to a data breach - percentage cost by internal activity centers ◦ Ponemon:
    •  What should we consider prior to a data breach? ◦ Ensure you have developed and tested an Incident Response Plan
    •  Incident Response Plan Step one ◦ Build a response team
    •  Incident Response Plan Step two ◦ Assign a lead/liaison
    •  Incident Response Plan Step three ◦ Ensure everyone knows their job tasks
    •  Incident Response Plan Step four ◦ Create the contact list
    •  Incident Response Plan Step five ◦ Create a checklist
    •  Incident Response Plan Step six ◦ Document the entire process
    •  Incident Response Plan Step seven ◦ Notify customers
    •  How do you limit your exposure to a data breach? ◦ Perform due diligence on pen testers, internal auditors, and critical vendors
    •  How do you limit your exposure to a data breach? ◦ Read penetration test EL
    •  How do you limit your exposure to a data breach? ◦ Smaller institutions
    •  How do you limit your exposure to a data breach? ◦ Perform gap analysis of the SANS 20 Critical Security Controls
    •  How do you limit your exposure to a data breach? ◦ If you see bad behavior, call it out
    •  How do you limit your exposure to a data breach? ◦ Invest in security
    •  Data breaches described in today’s webinar have been publicly reported and easily available over the Internet. Major Sources include: ◦ http://www.ponemon.org ◦ http://datalossdb.org/ ◦ https://www.privacyrights.org/ ◦ http://www.databreaches.net/ ◦ http://www.ftc.gov/ ◦ Verizon 2012 Data Breach Investigations Report
    •  Website: www.sageworksinc.com Phone: (919)-851-7474 ext. 693 Helpful links and resources: ◦ www.sageworksanalyst.com/resources.aspx ◦ web.sageworksinc.com/bank-webinars/ Find us on twitter: sageworksdata