Your SlideShare is downloading. ×
0
Presented by: Doug Jambor     Turner and Associates
   Financial information company that provides    credit and risk management solutions to    financial institutions   Da...
Turner and Associates, Inc., was formed in 1994 in Columbus, Ohio to address the financial needs of small businesses and t...
   Data Breaches    ◦ Lessons Learned    ◦ Key Takeaways
   So, what are data breaches?    ◦ Unintended disclosure of sensitive information    ◦ Cyber Attacks    ◦ Payment card f...
   Data breaches are also caused by:    ◦ Malicious insiders    ◦ Physical data loss    ◦ Portable device loss
   Lastly, data breaches could be caused by:    ◦ Hardware loss    ◦ Unknown data loss
   History of the 10 largest data breaches:    1. Shanghai Roadway (March, 2012)       150 Million records    2. Heartlan...
   History of the 10 largest data breaches:    4. TRW / Sears Roebuck (June,1984)       90 Million records    5. Sony Cor...
   History of the 10 largest data breaches:    7. Card Systems (June, 2005)       40 Million records    8. Tianya (Decemb...
   History of the 10 largest data breaches:    10. SK Communications (July, 2011)        35 Million records
   2011 was a game changer    ◦ Four of the top    10 biggest data    breaches happened    this year
   2011 was a game changer    ◦ Hackivism come    through the doors
 Larry Ponemon 2012 RSAConference inSan Francisco
   Can we stop data breaches?    ◦ No
   What are the primary motives behind data    breaches?    ◦ Criminal element & $$$    ◦ Verizon 2012 DBIR:
   Who is behind data breaches?    ◦ Verizon 2012    DBIR:
   How do data breaches occur?    ◦ Verizon 2012    DBIR:
What commonalities exist between databreaches?    ◦ Verizon 2012 DBIR:
   Industry groups represented by percent of    breaches    ◦ Verizon 2012 DBIR:
   Industry groups represented by percent of    breaches    ◦ Verizon 2012 DBIR:
   Threat agents over time by percent of    breaches    ◦Verizon    2012 DBIR:
   Compromised assets by percent of breaches    and records    ◦ Verizon    2012 DBIR:
   Timespan of events by percent of breaches    ◦ Verizon    2012 DBIR:
   So why are data breaches so damaging?    ◦ They impact your organization’s bottom line    ◦ Average cost is almost $18...
   Average annualized cyber crime cost    weighted by attack frequency    ◦ Ponemon:
   Percentage cost for external consequences    ◦ Ponemon:
   Responding to a data breach - percentage    cost by internal activity centers    ◦ Ponemon:
   What should we consider prior to a data    breach?    ◦ Ensure you have developed and tested an Incident      Response...
   Incident Response Plan    Step one    ◦ Build a response team
   Incident Response Plan    Step two    ◦ Assign a lead/liaison
   Incident Response Plan    Step three    ◦ Ensure everyone knows their job tasks
   Incident Response Plan    Step four    ◦ Create the contact list
   Incident Response Plan    Step five    ◦ Create a checklist
   Incident Response Plan    Step six    ◦ Document the entire process
   Incident Response Plan    Step seven    ◦ Notify customers
   How do you limit your exposure to a data    breach?    ◦ Perform due diligence on pen testers, internal      auditors,...
   How do you limit your exposure to a data    breach?    ◦ Read penetration test EL
   How do you limit your exposure to a data    breach?    ◦ Smaller institutions
   How do you limit your exposure to a data    breach?    ◦ Perform gap analysis of the SANS 20 Critical      Security Co...
   How do you limit your exposure to a data    breach?    ◦ If you see bad behavior, call it out
   How do you limit your exposure to a data    breach?    ◦ Invest in security
   Data breaches described in today’s webinar    have been publicly reported and easily    available over the Internet. ...
   Website: www.sageworksinc.com   Phone: (919)-851-7474 ext. 693   Helpful links and resources:    ◦ www.sageworksanal...
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Upcoming SlideShare
Loading in...5
×

Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor

601

Published on

Data breaches and security issues plague financial institutions constantly. They are important to safeguard against for the protection of confidential information housed at institutions and for the regulatory exams that expect detailed security plans in place. Douglas Jambor, Vice President and Director of Technology Consulting at Turner & Associates, provides insight into the topic of data breaches and penetration testing. He reviews these security topics, discusses how to implement a plan in the case of a security breach, and how to limit data breach risk exposures to your organization.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
601
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor"

  1. 1. Presented by: Doug Jambor Turner and Associates
  2. 2.  Financial information company that provides credit and risk management solutions to financial institutions Data and applications used by thousands of financial institutions and accounting firms across North America Awards ◦ Named to Inc. 500 lit of fastest growing privately held companies in the U.S. ◦ Named to Deloitte Technology Fast 500
  3. 3. Turner and Associates, Inc., was formed in 1994 in Columbus, Ohio to address the financial needs of small businesses and the lending functions of Banks.
  4. 4.  Data Breaches ◦ Lessons Learned ◦ Key Takeaways
  5. 5.  So, what are data breaches? ◦ Unintended disclosure of sensitive information ◦ Cyber Attacks ◦ Payment card fraud
  6. 6.  Data breaches are also caused by: ◦ Malicious insiders ◦ Physical data loss ◦ Portable device loss
  7. 7.  Lastly, data breaches could be caused by: ◦ Hardware loss ◦ Unknown data loss
  8. 8.  History of the 10 largest data breaches: 1. Shanghai Roadway (March, 2012) 150 Million records 2. Heartland Payment Systems (January, 2009) 130 Million records 3. T.J. Maxx (January 2007) 94 Million Records
  9. 9.  History of the 10 largest data breaches: 4. TRW / Sears Roebuck (June,1984) 90 Million records 5. Sony Corporation (April, 2011) 77 Million records 6. Unknown Company (August, 2008) 50 Million Records
  10. 10.  History of the 10 largest data breaches: 7. Card Systems (June, 2005) 40 Million records 8. Tianya (December, 2011) 40 Million records 9. Steam On-line Gaming (November, 2011) 35 Million Records
  11. 11.  History of the 10 largest data breaches: 10. SK Communications (July, 2011) 35 Million records
  12. 12.  2011 was a game changer ◦ Four of the top 10 biggest data breaches happened this year
  13. 13.  2011 was a game changer ◦ Hackivism come through the doors
  14. 14.  Larry Ponemon 2012 RSAConference inSan Francisco
  15. 15.  Can we stop data breaches? ◦ No
  16. 16.  What are the primary motives behind data breaches? ◦ Criminal element & $$$ ◦ Verizon 2012 DBIR:
  17. 17.  Who is behind data breaches? ◦ Verizon 2012 DBIR:
  18. 18.  How do data breaches occur? ◦ Verizon 2012 DBIR:
  19. 19. What commonalities exist between databreaches? ◦ Verizon 2012 DBIR:
  20. 20.  Industry groups represented by percent of breaches ◦ Verizon 2012 DBIR:
  21. 21.  Industry groups represented by percent of breaches ◦ Verizon 2012 DBIR:
  22. 22.  Threat agents over time by percent of breaches ◦Verizon 2012 DBIR:
  23. 23.  Compromised assets by percent of breaches and records ◦ Verizon 2012 DBIR:
  24. 24.  Timespan of events by percent of breaches ◦ Verizon 2012 DBIR:
  25. 25.  So why are data breaches so damaging? ◦ They impact your organization’s bottom line ◦ Average cost is almost $18K per day ◦ All industries are susceptible data breaches
  26. 26.  Average annualized cyber crime cost weighted by attack frequency ◦ Ponemon:
  27. 27.  Percentage cost for external consequences ◦ Ponemon:
  28. 28.  Responding to a data breach - percentage cost by internal activity centers ◦ Ponemon:
  29. 29.  What should we consider prior to a data breach? ◦ Ensure you have developed and tested an Incident Response Plan
  30. 30.  Incident Response Plan Step one ◦ Build a response team
  31. 31.  Incident Response Plan Step two ◦ Assign a lead/liaison
  32. 32.  Incident Response Plan Step three ◦ Ensure everyone knows their job tasks
  33. 33.  Incident Response Plan Step four ◦ Create the contact list
  34. 34.  Incident Response Plan Step five ◦ Create a checklist
  35. 35.  Incident Response Plan Step six ◦ Document the entire process
  36. 36.  Incident Response Plan Step seven ◦ Notify customers
  37. 37.  How do you limit your exposure to a data breach? ◦ Perform due diligence on pen testers, internal auditors, and critical vendors
  38. 38.  How do you limit your exposure to a data breach? ◦ Read penetration test EL
  39. 39.  How do you limit your exposure to a data breach? ◦ Smaller institutions
  40. 40.  How do you limit your exposure to a data breach? ◦ Perform gap analysis of the SANS 20 Critical Security Controls
  41. 41.  How do you limit your exposure to a data breach? ◦ If you see bad behavior, call it out
  42. 42.  How do you limit your exposure to a data breach? ◦ Invest in security
  43. 43.  Data breaches described in today’s webinar have been publicly reported and easily available over the Internet. Major Sources include: ◦ http://www.ponemon.org ◦ http://datalossdb.org/ ◦ https://www.privacyrights.org/ ◦ http://www.databreaches.net/ ◦ http://www.ftc.gov/ ◦ Verizon 2012 Data Breach Investigations Report
  44. 44.  Website: www.sageworksinc.com Phone: (919)-851-7474 ext. 693 Helpful links and resources: ◦ www.sageworksanalyst.com/resources.aspx ◦ web.sageworksinc.com/bank-webinars/ Find us on twitter: sageworksdata
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×