Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CCPA (California Consumer Privacy Act) Tips For Software Developers and Managers

22 views

Published on

You can NO LONGER prevent a cyber attack, but you CAN prevent the business impact and cost. What costs money is the breach, not the attack in itself.

"Secure Your Bottom Line: The Forgotten Cybersecurity Battleground" was a presentation given at the 2019 Silicon Valley Code Camp CyberCrimeExperts.org to help software developers secure the weakest link, their own devices. It's also a call to assist in implanting a new generation that is aware of the drastic affect of default passwords to incentive them to design sourcecode and IoT devices that don't have such a master key nor default password that is not enforced to change.

MAIN TAKEAWAYS:
* Espionage has moved from physical to stealing technology to copy (like the Chinese J31 program and commercial C919)
* Don't store master keys or any passwords in your github or source code. Stored encrypted is better, but not having either is best.
* Stolen passwords is everywhere, which makes cloud not that secure if you are reusing passwords or your own computer is not secure (regardless of your IT's efforts). 94% of data breaches had an Antivirus (not Next Generation Endpoint Protection with Intrusion Prevention System) and a high-end Firewall. Github ransomcloud had developers either pay the ransom or risk having their sourcecode published as open-source :(
* A few tools to protect your source code or storing you device's processes in a database to query for any anomalies (if you love databases)
* Default passwords on routers allowed one group to take over 500,000 US home routers and redirect DNS requests, and taking over 10s of millions of IoT devices with default passwords attacked the internet in 2016. The bad guys have a lot more power now! So stop developing devices with default passwords, and think twice before plugging anything to the network or your machine.
* Don't write passwords in spreadsheets and on your computer. They're safer on a paper, but not on your screen! Try password managers for passwords you use the most, but understand what tool you're using and secure that very well.
* Make sure your laptop is encrypted, a stolen or lost laptop can cause a data breach.
* Passwords are so cheap on the dark web, know what your have out there.
* Wifi devices connect to the strongest link. Use hotspot from your phone instead of public wifis, or at least use a know VPN and not the cheapest (you paying them to store your traffic).
* Validate phone encryption and privacy, know what apps you're installing on work phones regardless of how famous they are. We are looking for companies to perform research on new phone privacy techniques.
* CCPA (The California Consumer Privacy Act) is due in January 2020 and most companies haven't even heard about it. As a non-profit, we are looking for companies to have open dialog about ways to reduce an impact of a cyber attack or data breach. It is similar to GDPR, and enforcement can be either by the Attorney General or class-action lawsuit.

Published in: Business
  • Be the first to comment

  • Be the first to like this

CCPA (California Consumer Privacy Act) Tips For Software Developers and Managers

  1. 1. Secure Your Bottom Line: The Forgotten Cyber Battleground 10/20/2019 CyberCrimeExperts.org
  2. 2. Adam Sbeta Cyber Security Analyst & Speaker CyberCrimeExperts.org
  3. 3. Topics: • What threats are you facing • How to keep your source code and career safe • CCPA Privacy Law & Open Discussion CyberCrimeExperts.org
  4. 4. Pillars of Cybersecurity Data (Local, w/3rd Party, In the Cloud) Availability CyberCrimeExperts.org
  5. 5. Cyber Espionage CyberCrimeExperts.org
  6. 6. CyberCrimeExperts.org Cyber Espionage
  7. 7. CyberCrimeExperts.org
  8. 8. Ransomware CyberCrimeExperts.org
  9. 9. 1,000s GitHub, GitLab & BitBucket Ransomcloud (pay or open-sourced) 76% 32% 21% 5% 2% 26% REPORT RANSOMWARE INFECTIONSIN CLOUDAPPLICATIONS 2017 CyberCrimeExperts.org
  10. 10. CyberCrimeExperts.org
  11. 11. Topics: • What threats are you facing • How to keep your source code and career safe • CCPA Privacy Law & Open Discussion CyberCrimeExperts.org
  12. 12. Protecting Your Source-code •Jak (beta) from Dispel.io •Commit Watcher •OSquery CyberCrimeExperts.org
  13. 13. CyberCrimeExperts.org
  14. 14. Internet Paralyzed for 3 hours: 10/21/2016 CyberCrimeExperts.org
  15. 15. Fishtank CyberCrimeExperts.org
  16. 16. CyberCrimeExperts.org
  17. 17. CyberCrimeExperts.org
  18. 18. CA’s Senate Bill 1386 Effective July 2003 •CA Breach Notification Law: “immediately following discovery” •Federal Breach Notification Laws: Notification shall be made without unreasonable delay, but no later than 90 days after the discovery of a breach… CyberCrimeExperts.org
  19. 19. CA’s Senate Bill 1386 Effective July 2003 •CA Breach Notification Law: “immediately following discovery” •Federal Breach Notification Laws: Notification shall be made without unreasonable delay, but no later than 90 days after the discovery of a breach… CyberCrimeExperts.org
  20. 20. 94% Had Antivirus CyberCrimeExperts.org
  21. 21. CyberCrimeExperts.org
  22. 22. Darkweb Scanning CyberCrimeExperts.org
  23. 23. CyberCrimeExperts.org
  24. 24. Everyone Loves Free Wifi! CyberCrimeExperts.org
  25. 25. Phone Encryption CyberCrimeExperts.org
  26. 26. Topics: • What threats are you facing • How to keep your source code and career safe • CCPA Privacy Law & Open Discussion CyberCrimeExperts.org
  27. 27. CCPA Privacy Law – In Effect Jan 1st 2020 •Real Name or Alias •Biometric Information •Network activity, including IP Address and other online identifiers •Geolocation •Products or services being considered or purchase history •Electronic activity, including search & browsing history •The right to be forgotten in backups (restoring after deletion)? •Fines up to $2500 or $7500, plus per-consumer damages $100-$750 CyberCrimeExperts.org
  28. 28. 10/20/2019 Secure Your Bottom Line: The Forgotten Cyber Battleground by Adam Sbeta Cyber Security Analyst & Speaker AdamS@CyberCrimeExperts.org LinkedIn & Twitter @AdamSbeta Facebook & LinkedIn @CyberCrimeExperts Text your email to (510) 830-1312

×