Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Data breach presentation


Published on

Minimizing the Risk of a Data Breach in the Workplace

Published in: Technology
  • Be the first to comment

Data breach presentation

  1. 1. Minimizing the Risk of a Data Breach in the Workplace December 8, 2015 Bradford Bach BradfordBach| | 213.784.3070
  2. 2. High profilesecuritybreaches make news BradfordBach | | 213.784.3070
  3. 3. Cyber thieves target smaller companies! • They are not prepared • They don’t understand their legal obligations • They have financial liability • They are the nexus for larger company breaches BradfordBach | | 213.784.3070
  4. 4. Cyber attacksare on the rise • Nations, groups & individuals are targeting – Institutions – Financial services agencies – Utilities – Consumers • 43 percent of US firms have experienced a data breach in the past year (survey of 735 businesses) Source: Pew Research Centerand Ponemon Institute BradfordBach | | 213.784.3070
  5. 5. What are the hackers looking for? • Credit card details • Bank account numbers and PIN’s • Social security numbers • Passport numbers • Drivers licenses • Usernames and passwords • Birthdays and anniversaries BradfordBach | | 213.784.3070
  6. 6. Management’sconcern about data breach Percentage concern level on 10-point scale Source: Ponemon Institute BradfordBach| | 213.784.3070
  7. 7. Key steps companieshave taken • Recognizedtheneedfor a strongercyberdefenseposture • Allocatedresourcesto preventing,detectingandresolvingdata breaches • Developedoperationsandcomplianceprocedures • EstablishedComputerSecurityIncidentResponseTeams(SIRT) BradfordBach| | 213.784.3070
  8. 8. Investments in response to databreaches Source: Ponemon Institute BradfordBach | | 213.784.3070
  9. 9. What constitutesan incident? • Report of a physical or criminal act (e.g.:theft of a computer, laptop, tablet or PDA) • Suspicion that a device has been compromised to allow access to sensitive data • Security issue with a person using equipment • Other circumstances that warrant investigation include disruptive viruses, denial of service attacks, malware, phishing scams, spam etc. BradfordBach| | 213.784.3070
  10. 10. Are youprepared? • Are you working with your IT team to ensure that you have appropriate security controls in place? • Do you have a SIRT team in place including general counsel, executives, key personnel & IT? • Have you implemented best practices policies and procedures to secure your network? • How are you funded to cover the legal compliance and costs associated with a breach? • Do you know what laws impact your industry? BradfordBach| | 213.784.3070
  11. 11. Cybercrime example BradfordBach| | 213.784.3070
  12. 12. SIRT response teams andplan minimums 1. Planning: Have shared goals and describe them in detail 2. TheTeam: Identify, inform and train those you expectto take action BradfordBach| | 213.784.3070
  13. 13. SIRT response teams andplan minimums 3. Incident identification methods and triggers Define events and mechanisms that mighttrigger a security incident investigation. Provide examples to help othersunderstand what to look for and how to respond. • Theft or loss ofan unencrypted device • Hacking ofa system containing protected data • Employee snooping • Malwarecapable ofdata exfiltration BradfordBach| | 213.784.3070
  14. 14. SIRT response teams andplan minimums 4. Breach determination methodology How will youdetermine if protected data was likelyto havebeen compromised based on the attack, data classification, jurisdiction andparticular regulations? Usethe four factor risk assessment methodology required for healthcaredata. If thereis a probability of compromise, then you have suffered a breach. Thefour factors are: • Thenatureandextentoftheprotectedinformationinvolved,includingthetypesofidentifiersandthelikelihoodofre- identification; • Theunauthorizedpersonwhousedtheprotectedinformationortowhomthedisclosurewasmade; • Whethertheprotectedinformationwasactuallyacquiredorviewed; • Theextenttowhichtherisktotheprotectedinformationhasbeenmitigated. BradfordBach| | 213.784.3070
  15. 15. SIRT response teams andplan minimums 5. Breach response team activation This will includemembers of the CIRTbut those that are normallynot included in incidents that do not convert to a breach. Theycan be both internaland external including: • Technical • Executive • Legal andcompliance • Public relations • Security vendors, etc. BradfordBach| | 213.784.3070
  16. 16. SIRT response teams andplan minimums 6. Notification actions Notification requirements vary by statute, state and data class. It is important to know the requirements for each class of data youpossess. 7. Reporting and documentation It is critical that youproduce accurateand complete documentation of the events, actions, and results that occuras the result of a security incident. Besure to spend the time requiredto accuratelyportray what happened, who did what, to what and with what? Keep copies of all communications, notifications and any and all activity. BradfordBach| | 213.784.3070
  17. 17. SIRT response teams andplan minimums 8. Policy and procedural ortechnological improvement After a significant security incident and breach is a great opportunity to improveupon the policies and procedures to prevent another breach in the futureand how to respond if it happens again. Takethis opportunity to consider what happened and how youreacted. Thenconsider and documentways to improveon both. BradfordBach| | 213.784.3070
  18. 18. Trainingand updating staff Onceyou have createdyour Computer Security Incident Response Plan and when you use the plan to respond; you should then train your staff effectively and consistently. BradfordBach| | 213.784.3070
  19. 19. Trainingand updating staff • Having plans for which staff are either unaware of or are not familiar with when it is time to act is much like having no plans at all. • A lack of training can lead to inaction, delays and mistakes which are avoidable and canbe incredibly costly. Empoweryour employees to beconfident and ready to act when the inevitable occurs. BradfordBach| | 213.784.3070
  20. 20. BradfordBach | | 213.784.3070
  21. 21. Breakdown of Events Impacting Security Source: Pew Research Center and Ponemon Institute Bradford Bach | | 213.784.3070
  22. 22. Socialnetworking scams Source: Ponemon Institute BradfordBach | | 213.784.3070
  23. 23. Understandyour specificlegal obligations • Health InformationPortability& AccountabilityAct(HIPAA) • Health InformationTechnologyforEconomicandClinical Health Act (HITECH) • Customs-TradePartnershipAgainstTerrorism(C-TPAT) • FairandAccurateCreditTransactionAct(FACTA) includesRedFlagsRule • NorthAmerican Electric ReliabilityCorp.(NERC) • CriticalInfrastructureProtection(CIP) • InternationalTraffickingin Arm Regulation(ITAR) • Criminal JusticeInformationServices (CJIS) • FederalInformationProcessingStandards(FIPS) • FederalInformationSecurityManagement Act(FISMA) • TheChildren’sOnlinePrivacyProtectionAct(COPPA) BradfordBach| | 213.784.3070
  24. 24. Be prepared! • Addressing regulatory issuesshould go beyond meeting minimum requirements. It should also introduce efficiencies and processes that improve your overall business. BradfordBach| | 213.784.3070
  25. 25. Areas of focus tobe defensible in2016 1. Do a vulnerability or security assessment 2. Conduct patching for software security updates 3. Implement e-mail spam/malware filtering with link reputation checking 4. Set up a network security policy 5. Antivirus/malware 6. Cultivate a culture of safety with end-usertraining • Source:: LeadingSecurityExpertsAlvakaNetworks BradfordBach| | 213.784.3070
  26. 26. Areas of focus tobe defensiblein 2016 7. Implement backupand disaster recovery/business continuity 8. Network monitoring is an important function 9. Utilize the full security potential of VLAN and VPN 10. Gofor an up-to-date firewall/UTM technology, IPS/IDS 11. Dual factor authentication provides greater security 12. Makesureyou do your budgeting and ROI on security measures Source:: Leading Security Experts Alvaka Networks BradfordBach| | 213.784.3070
  27. 27. BradfordBach | | 213.784.3070