This presentation addresses the following:
- Key challenges in Financial Services
- Requirements for Building an Insider Threat Program
- The Forcepoint Approach
10. FRAUD SABOTAGE WORKPLACE VIOLENCE HARASSMENT
PRIVILEGED ACCESS DATA EXFILTRATION
PROCESS & CHANGE
MANAGEMENT
INVESTIGATIONS
11.
12. Fined $1M when a
departing EMPLOYEE
stole data on 730,000
client accounts
Over 10,000 records outside
company control as EMPLOYEES
leave or retire with data on
personal devices
Vendor EMPLOYEE
has credentials
stolen, exposing 56M
credit cards
ACCIDENTAL INSIDER MALICIOUS INSIDER COMPROMISED INSIDER
22% 10%68%
D. - 5 MIN BEFORE START
Hello and welcome to today’s webcast, An Inside-Out Approach to Security in Financial Services. The discussion will begin in 5 minutes. If you need assistance, please use the Ask a Question function in your window. We will begin shortly, thank you.
2 MINUTES BEFORE START
Hello and welcome to today’s webcast, An Inside-Out Approach to Security in Financial Services. The discussion will begin in 2 minutes. If you need assistance, please use the Ask a Question function in your window. We will begin in 2 minutes, thank you!
START
Welcome everyone, and thank you for joining us for today’s webcast, An Inside-Out Approach to Security in Financial Services Before we get started, let’s cover a few quick logistical details. [CLICK]
Brandon’s Bio
Brandon Swafford is Chief Technology Officer for Data & Insider Threat at Forcepoint and has more than 12 years of experience in legal investigations and security. He has worked in hedge funds building security technology. Prior to that, he worked with the U.S Intelligence Community as a Cyber Counterintelligence consultant and analyst across several agencies residing in the classified space, working closely with the National Insider Threat Task Force and the National Counterintelligence Executive. While working with the Intelligence Community, Brandon also provided insider threat analysis and investigation consulting to the International Monetary Fund in Washington D.C. Welcome Brandon!
Bob’s Bio
Bob Slocum is the Director of Data & Insider Threat Strategy and has more than 18 years experience in the technology industry, specializing in data theft prevention and endpoint security. He has worked at companies including Barracuda Networks and Dell, where he helped to create and take to market Dell’s Connected Security and Enterprise Mobility Management solutions. Bob is a subject matter expert on data theft and data loss prevention strategies, lending his expertise to countless speaking engagements. Welcome Bob!
My name is Diana Peña, and I’ll be your moderator today.
Here’s what we’ll be covering in our discussion [CLICK]
Transformation:
User and Data more distributed:
Cloud adoption & Rapid IT delivery -
Leading to Shadow IT
Compliance:
Privacy laws – breach notification, higher penalties,
Personal data ownership
Infrastructure scope
Cybercrime:
Targeting users & their access to data
Fraud
Critical Infrastructure
Technology alone does not equal business outcomes. You have invested in more tools resulting in more alerts and more security spend, but you are not seeing better security outcomes such as preventing the data breach from the compromised insider, stopping the malicious insider, or blocking the accidental data loss. At the same time, you need to allow your employees to do their jobs – “free the good”.
Supporting data points:
• Number of technologies & vendors
The average number of security tools used by medium-sized and large companies is 70, with the largest companies reporting 100 tools or more (The Research Board – a think tank owned by Gartner in 2015)
IDC is tracking 2,200 individual security vendors in its revenue database
Exhibitors at RSA conference grew from 361 in 2013 to 558 last year (55%, 1.5x) (RSA Conference Websites)
• Number of alerts
Some large Gartner clients receive from 500,000 to one million alerts a day across multiple security monitoring systems, such as SIEM and DLP. (Gartner, Dec. 2016)
• Amount of security spend
Worldwide spending on information security products and services will reach $81.6 billion in 2016, an increase of 7.9 percent over 2015 (Gartner, Aug. 2016)
Worldwide [security] revenues will grow from $73.7 billion in 2016 to $101.6 billion in 2020. That works out to a compound annual growth rate of 8.3%, which is more than twice the rate of spending in IT overall. (IDC, Oct. 2016)
Let’s focus on the one constant in the noise: people. First, your company’s sensitive data and IP must always be protected. How does it get lost or stolen? It simply starts with people who may lose the data accidently, maliciously, or through compromise.
Let’s focus on the one constant in the noise: people. First, your company’s sensitive data and IP must always be protected. How does it get lost or stolen? It simply starts with people who may lose the data accidently, maliciously, or through compromise.
Accidental (FDIC, Snapchat, Heartland, IRS)
FDIC CALLS ‘MAJOR’ DATA BREACHES ACCIDENTAL (http://www.nextgov.com/security/2016/05/fdic-calls-major-data-breaches-accidents/128280/)
Heartland Payment Systems Suffers Data Breach (http://www.forbes.com/sites/davelewis/2015/05/31/heartland-payment-systems-suffers-data-breach/#53821e122985)
IRS exposed 'tens of thousands' of Social Security numbers in online slip-up (http://www.nydailynews.com/news/politics/scandal-irs-exposed-tens-thousands-social-security-numbers-online-slip-up-article-1.1393129)
Snapchat Employee Data Leaks Out (https://techcrunch.com/2016/02/29/snapchat-employee-data-leaks-out-following-phishing-attack/)
Malicious (Morgan Stanley, DuPont, Children’s Medical Clinics of Texas)
Morgan Stanley pays $1 million SEC fine over stolen customer data (http://www.reuters.com/article/us-morgan-stanley-sec-idUSKCN0YU27J)
Former DuPont Chemist Sentenced to 14 Months in Prison for Stealing DuPont Trade Secrets (https://archives.fbi.gov/archives/baltimore/press-releases/2010/ba102110a.htm)
Children’s Medical Clinics of East Texas Reports Data Breach of 16K Pediatric Patient Records (http://www.healthcare-informatics.com/news-item/children-s-medical-clinics-east-texas-reports-data-breach-16k-children)
Compromised (Home Depot, Target, Anthem, Premera Blue Cross)
Target Breach (https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/)
Anthem: How does a breach like this happen? 5 technical users compromised
(http://www.csoonline.com/article/2881532/business-continuity/anthem-how-does-a-breach-like-this-happen.html)
Premera Blue Cross Breach Exposes Financial, Medical Records - trick Wellpoint employees into downloading malicious software with pernnera.com site (https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/)
Here are just a few examples of how people are at the center of data / IP breaches.
Accidental (FDIC, Snapchat, Heartland, IRS)
FDIC CALLS ‘MAJOR’ DATA BREACHES ACCIDENTAL (http://www.nextgov.com/security/2016/05/fdic-calls-major-data-breaches-accidents/128280/)
Heartland Payment Systems Suffers Data Breach (http://www.forbes.com/sites/davelewis/2015/05/31/heartland-payment-systems-suffers-data-breach/#53821e122985)
IRS exposed 'tens of thousands' of Social Security numbers in online slip-up (http://www.nydailynews.com/news/politics/scandal-irs-exposed-tens-thousands-social-security-numbers-online-slip-up-article-1.1393129)
Snapchat Employee Data Leaks Out (https://techcrunch.com/2016/02/29/snapchat-employee-data-leaks-out-following-phishing-attack/)
Malicious (Morgan Stanley, DuPont, Children’s Medical Clinics of Texas)
Morgan Stanley pays $1 million SEC fine over stolen customer data (http://www.reuters.com/article/us-morgan-stanley-sec-idUSKCN0YU27J)
Former DuPont Chemist Sentenced to 14 Months in Prison for Stealing DuPont Trade Secrets (https://archives.fbi.gov/archives/baltimore/press-releases/2010/ba102110a.htm)
Children’s Medical Clinics of East Texas Reports Data Breach of 16K Pediatric Patient Records (http://www.healthcare-informatics.com/news-item/children-s-medical-clinics-east-texas-reports-data-breach-16k-children)
Compromised (Home Depot, Target, Anthem, Premera Blue Cross)
Target Breach (https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/)
Anthem: How does a breach like this happen? 5 technical users compromised
(http://www.csoonline.com/article/2881532/business-continuity/anthem-how-does-a-breach-like-this-happen.html)
Premera Blue Cross Breach Exposes Financial, Medical Records - trick Wellpoint employees into downloading malicious software with pernnera.com site (https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/)
The challenge is getting exponentially worse. Users are everywhere. Sensitive data can be anywhere. Behaviors can range from legitimate to not.
Supporting data points:
Understanding the human point is an entirely new security paradigm. No company today is able to get to the heart of the matter – understanding the intent behind an employee’s actions. This is essential for security that stops bad cyber behaviors – the malicious examples we’ve already discussed. And this is even more essential for delivering security that allows good employee behaviors – security that helps business run more efficiently.
Surrounding all of this is GRC, patching regime etc.. (Better Prep)
Where are Users? – What Are their Behaviours?
Suppliers, customers, remote, hotel, home, airport..
Happy, tired etc.
Where is the data?
Drive this point home: Product built from the ground up as an insider threat product, not re-marketing an existing product to chase after the red hot insider threat market
SureView Insider Threat was designed as an insider threat tool, starting back in 2001 built by people who’s job is security it is not something that, like many solutions, has been repackaged and marketed to meet the latest trend. Whether the incident is accidental or deliberate, or somewhere in between, SureView Insider Threat gives you complete visibility and quickly identifies the riskiest users in your organization, all while preserving employee privacy guidelines.
Secures some of the most critical networks from internal leaks, compromise, and malicious attacks
Protects Fortune 100/500 banking, technology, manufacturing and other critical commercial infrastructure companies.
1 million endpoints protected
Proven
Scalable
Stable
Trusted
Let’s focus on the one constant in the noise: people. First, your company’s sensitive data and IP must always be protected. How does it get lost or stolen? It simply starts with people who may lose the data accidently, maliciously, or through compromise.