With over 300 million records leaked and over $1 billion stolen in 2015, chances are your organization has been, or will be, affected by a cyber attack. But with a few data retention policies and enforcement mechanisms, the future landscape of data security could drastically improve.
Longtime cyber security expert and Blancco Technology Group’s Chief Strategy Officer, Richard Stiennon, sheds light on how organizations should think about data lifecycle management to limit their exposure to cyber attacks.
What You’ll Learn:
The current landscape of cyber risks and threats
How to prioritize data lifecycle management within your overall security objectives
How organizations can establish policies to reduce the impact of cyber hacks by continuously removing data from IT assets, devices, storage environments and virtual machines
Why organizations should leverage data erasure as an indispensable tool in fending off cyber attacks
2. MEET OUR SPEAKER
2
Richard Stiennon
Chief Strategy Officer
Blancco Technology Group
Seasoned cyber security/data privacy expert
Three-time cyber security author
Washington Post bestseller
Featured/quoted in WSJ, NY Times, Forbes,
etc.
3. WHAT WE’LL EXPLORE
The Current State of Cyber
Security
Data Erasure’s Place in the Cyber
Kill Chain
Limit Exposure Through
Information Lifecycle Management
Monstrous Cyber Attacks & Their
Impact on Businesses
5. Malicious Attacks Occur Each Month
5
10%
4%
9%
Hacking
Loss of IP
DoS
Attacks 15%
10%
10% Physical
Loss
Insider Damage
Phishing
Source: ISACA, “State of Cybersecurity Implications for 2016”
6. Likelihood of Cyber Attacks in 2016
6
Source: ISACA, “State of Cybersecurity Implications for 2016”
7. Which of the following cyber security threats poses the
greatest risk to your organization?
• Malware
• Compromised credentials
• Exploited system vulnerabilities
• Hacked interfaces and APIs
• Improper/incomplete data removal
• Lost/stolen laptops and mobile devices
• Insecure disposal of storage equipment
• Broken authentication
• Broken encryption keys
• Advanced persistent threats (APT)
Live Audience Poll
9. Sony Pictures: Hack of the
Century
9
47,000 Social
Security
Numbers
Leaked
100 Terrabytes of
Data Stolen
4 Unreleased Films
Leaked to Piracy Sites
Sensitive &
Inappropriate Emails
Leaked
Special Deleting
Algorithm Rendered
Computers & Servers
‘Brain-Dead’
Studio Executives’
Salaries Revealed
10. Saudi Aramco:
2012 Attack Massively Disrupts Business
10
01 02 03 04
35,000 Computers
Partially Wiped or
Totally Destroyed
Computer Technician
Opened Scam Email
& Clicked on Bad
Link
Flickering
Screens &
Disappearing
Files
Computers Shut
Down
The company temporarily stopped selling oil to domestic gas tank
trucks. After 17 days, the corporation relented and started giving oil
away for free to keep it flowing within Saudi Arabia.
11. Buckshot Yankee:
Worst Breach of U.S. Military Computers
11
Malicious Code Uploaded
onto Central Command
Network
Classified Data
Transferred to
Servers Under
Foreign Control
Every Windows
Machine in U.S.
Military Reimagined,
Costing $1 Billion
Flash Drive Inserted in
Military Computer Used
on Middle East Post
12. 12
Live Audience Poll
Which one of the following consequences are you most
concerned will result from a cyber attack?
• Audit conducted by regulatory body
• Lawsuits filed by customers
• Fines imposed by regulatory authorities
• Customer complaints
• Diminished sales and revenue
• Lost customers/terminated contracts
• Damaged reputation/negative publicity
• Falling stock price
• Investor fallout
• Other
14. IT Asset Disposal
Wiping Executives’
Devices
Reduction of Total
Targets
Data Hygiene
The Cyber Kill Chain
15. Reduce Attack Surface Area and Threat
Reduction
Storage may be
inexpensive, but
protecting data is not
If data isn’t kept
unnecessarily and is
removed permanently,
cyber risks and attacks
can be prevented
18. Stage 1: Create
18
Create New Digital Content or Update/Modify Existing Content
Every day, we create
2.5 Quintillion
bytes of data
90% of all data
in the world today was
produced in the
last 2 years
How can you protect data during this stage?
Manage and monitor access control
Implement threat detection & scanning software
Classify & tag data so it can be found quickly and efficiently
19. Stage 2: Store
19
Commit Digital Data to Storage Repository
How can you protect data during this stage?
Manage and monitor access control
Encrypt sensitive data
Back up data for recovery or restoring lost/corrupted files
20. Stage 3: Use
20
View, Process & Use Data for Some Sort of Activity
How can you protect data during this stage?
Manage and monitor access control
Encrypt sensitive data
Create data loss prevention processes/tools to detect potential data breaches
Impose technological restrictions that control what users can do with digital information and
media
Companies who use
big data to drive business
decisions experience
20x
more profit growth
21. Stage 4: Share
21
Make Information Accessible to Other Parties, Internally or
Externally
How can you protect data during this stage?
Manage and monitor access control
Encrypt sensitive data
Create data loss prevention processes/tools to detect potential data breaches
Impose technological restrictions that control what users can do with digital
information and media
22. Stage 5: Archive
22
Move Inactive Data to Long-Term Storage
How can you protect data during this stage?
Manage and monitor access control
Encrypt sensitive data
23. Stage 6: Destroy
23
Erase Data According to Content Type, Usage, Retention Requirements and
Application
How can you protect data during this stage?
Manage and monitor access control
Erase data securely and verifiably
24. 24
Live Audience Poll
Where does data removal fit into your organization’s
cyber security priorities?
• Top priority
• Somewhat of a priority
• Minimal priority
• Not a priority at all
25. Auditors
Cost of Data Protection
Laws
Regulations
Risk of Data Loss
Profit
The Hierarchy of Data Erasure’s Need & Value
26. CONTENT YOU MAY FIND USEFUL:
“The Information End Game: What You Need to Know to Protect Corporate Data
Throughout its Lifecycle”: http://www2.blancco.com/en/white-paper/the-information-end-
game-what-you-need-to-know-to-protect-corporate-data
“Data Storage Dilemmas & Solutions”:
http://www.slideshare.net/BlanccoTechnologyGroup/data-storage-dilemmas-solutions
Try Blancco 5 For Free & Erase Data Permanently:
http://www2.blancco.com/blancco-5
Editor's Notes
RICHARD TO FILL THIS IN.
RICHARD TO FILL THIS IN – SONY STUDIOS EXAMPLE.
Implications to Saudi Aramco’s business operations:
Saudi Aramco's computer technicians ripped cables out of the backs of computer servers at data centers all over the world.
Every office was physically unplugged from the Internet to prevent the virus from spreading further.
Managing supplies, shipping, contracts with governments and business partners -- all of that was forced to happen on paper.
Without Internet at the office, corporate email was gone.
Employees wrote reports on typewriters. Contracts were passed around with interoffice mail. Lengthy, lucrative deals needing signatures were faxed one page at a time.
This occurs either on IT assets onsite or offsite in the cloud.
This occurs on IT assets, electronics, mobile devices, data centers and cloud storage environments.
This occurs on IT assets, electronics and mobile devices.
This occurs on the Internet, servers and removal media.
This occurs in remote, secure storage locations.
This occurs on end-of-life equipment, used drives/mobile devices and flash drives.