GDPR is weeks away. Being prepared for a data breach is as important as preventing one. No matter how hard you try to protect your network, your data is already out there – just think about how much data you have transferred to third-party organisations such as pension providers, marketing agencies and training companies etc.
This presentation outlines simple steps that can be taken to ensure that if sensitive data is leaked, marketed or sold on the Dark Web, - no matter where it has originated from - you will be notified instantly, maximising your time to respond and potentially saving you millions.
1. Data Breach Detection:
Are you ready for GDPR?
Jeremy Hendy jeremy.hendy@repknight.com
Look a9er your data, not just your network
2. About RepKnight
vUK CyberSecurity company – London & Belfast
v“Outside the firewall” monitoring – Dark Web & Social Media
vFocus on affordable, easy to use, cloud-hosted SaaS tools
vTargeted search – keyword driven, relevant to your company
vA “Burglar Alarm” for your data
vConfigured in 10 clicks, nothing to install
3. Look after your data, not just your network
Your network
Your data
“Your Data Has
Already Left
The Building”
4. GDPR : General Data Protection Regulations
Get User Consent Know where all your data is Data Breaches
v Comes into force 25 May 2018
v Applies to all global companies holding or processing data on UK & EU citizens
v Three main components to GDPR:
• Must get explicit consent from consumers on how companies can use their personal data
• Companies must know where data is stored, consumers have a “right to be forgotten”
• Significant (200x) penalties for data breaches : 2% or 4% of global turnover
v And all in real-time (72 hrs from breach or request by a consumer)
5. What confiden,al data do you have in your company?
And how would you find out if it’s been breached?
• “Personal Data”
• “Sensitive Personal Data” Employee Data
• “Personal Data”
• CRM Lists, E-commerce transactions
Customer Data
• Sales, Purchases, Forecasts
• Mergers, Acquisitions
Financial Data
• Trade secrets, designs, patents, processes
• Software
Intellectual
Property
“Data About People”
(GDPR)
“Data About Things”
(non-GDPR,
but valuable)
6. How many different companies does your employer share
your personal information with?
Payroll Providersv
HMRCv
Expenses Processorsv
Pension Providersv
Pension Advisersv
Private Health Insurancev
Training Providersv
v Employee Benefit Providers
• Private Health Insurance
• Employee Travel Insurance
• Death In Service Insurance
• Corporate Gym Membership
• Childcare Providers
7. A couple of rhetorical questions to start:
vHow many of you actively monitor “outside the firewall”
for your data being breached, hacked, or leaked?
vHow would you find out if your data had been leaked by a
client or a supplier?
8. Defending your perimeter isn’t sufficient
CONFIDENTIAL 8
Scope of traditional
network security:
“looking after the
machines, not the data”
YOUR
DATA
PASTE & DUMP
SITES
DARK WEB
MARKETS
YOUR
DATA
Websites
& SaaS
Apps
YOUR
DATA
YOUR
DATA
Suppliers, Clients & Partners
9. Intelligence
Analysts
Covert
Sources
Automated
Scraping &
Crawling
What do we mean by “The Dark Web”?
TOR Network
Open TOR Sites
Closed TOR Sites
(Login / Captcha)
Private Forums
(Invita2on Only)
IRC
Open Chatrooms
Closed Chatrooms
(Login / Captcha)
Private Chatrooms
(Invita2on Only)
Bin Sites
Searchable Bins
Unlisted Bins &
unsearchable sites
Private Bins
(Password Protected)
WWW
Open Websites
Closed / Paywalled
(Login or Captcha)
Private Sites &
Forums
(Password Protected)
Deep
Dark
10. Your data – huge quan//es, across many different systems and formats
Data Breaches – it’s not just the hackers
10
Bad guysYour suppliers & partnersYour staff Your clients
11. How does your data get out?
CONFIDENTIAL 11
Human
error
People doing
their job
Network
Security
compromise
3rd party
breach
v Most data breaches happen
through simple human error
v Misaddressed email,
documents lost or sent to
wrong party
v 3rd party breaches are almost
impossible to guard against
v Re-use of passwords
compromised on other sites
(credential stuffing)
v Balance between security &
productivity – can’t keep
building higher walls
12. Where does your data end up?
CONFIDENTIAL 12
If you’re not quite so lucky
File sharing and
dump sites
(100s)
If you’re lucky Marketed and sold on the Dark Web
Being weaponized against you
“The Dark Web” – where Google doesn’t reach
Monitored by RepKnight BreachAlert
13. Direct Costs
What are the consequences of a breach?
CONFIDENTIAL 13
Increased A7ack Surface
Indirect Impact & Costs
v Significant direct costs to
manage and fix the breach
v Impact on share price &
reputation can be fatal
v Increased burden on your
network security
v Some costs are uninsurable
v Early detection minimises the
costs & effort
14.
15.
16. Different kinds of breaches
First party breach
•Your network
•Your data
•Your fault (Oops!)
Related third party breach
•Supplier / Partner /
Customer
•Your data
•Not your fault
•Your responsibility!
Unrelated third party
breach
•Work email address used
on other sites
•Email & password get
breached and exposed
•Not your fault
Financial & Reputational damage
Regulatory fines
Security Risk
To address the issue, first you need to find out about it…
17. Automated credential stuffing
v Employee uses work email address on
3rd party site
v That site gets hacked
v Automated bot tries those credentials
on dozens of different sites
v How many sites has John used that
same password on?
v Success rate: 1%? 0.1%? 0.01%?
• It only takes one to succeed…
v Data sets being widely circulated
online : 1,400,000,000 in one dataset
OK
john@bp.com
P@ssword123!
18. Strategies for detecting data breaches
1. Keep watching BBC News 24 / CNN
• Don’t forget to keep your CV + LinkedIn profile up-to-date!
2. Install network log analysis / AI to detect unusual traffic
• Looks really cool!
• My network’s watertight. Job done! Right?
3. Keep an eye out for your data appearing outside the firewall
• Perhaps with some kind of easy-to-use SaaS platform?
19. BreachAlert
Looks for your datav
outside the firewall
Upload lists ofv
search terms
Email addresses•
Domains•
IP addresses•
Keywords•
Instant Email, SMS orv
Slack no@fica@on
20. Typical BreachAlert search terms
COMMERCIAL IN CONFIDENCE
Employee PII
Home email accounts
Bank account details
Client contact details
CRM database
Server IP addresses
Corporate email addresses
Contracts
HR records
Email traffic
Project names
Client names
Company documents
Company name
High correlation / small number of search terms
Low correlation / large number of search terms
Structured data Unstructured data
21. Dark Web footprint of the top 500 UK law firms
v Compiled list of 500 UK law firms
• Identified 624 domain names belonging to those firms
v Profiled domains using our BreachAlert platform
• Email addresses or credentials matching those domains
v Count of credentials appearing on Dark Web, Bin / Paste sites &
in large Data Breaches
v Almost exclusively third party breaches : no fault of the firm
22. Top 500 UK law firms:
> 1 million leaked creden9als
Larger companies tended to havev
more creden2als exposed
Every leaked address representsv
a poten2al security risk
Phishing•
Creden2al stuffing•
Impersona2on fraud•
Iden2ty the>•
23. …but the Legal sector is actually no worse than any other!
Top 500 UK Legal Firms : 1.1M
Top 10 UK Accounting firms : 1.1M
Top 24 UK Universities : 4.6M
24. Remember, that was the easy bit!
COMMERCIAL IN CONFIDENCE
Employee PII
Home email accounts
Bank account details
Client contact details
CRM database
Server IP addresses
Corporate email addresses
Contracts
HR records
Email traffic
Project names
Client names
Company documents
Company name
???
???
???
???
???
???
???
???
???
???
???
???
???
2,000
26. Adding watermarks to your data
Synthetic email
domains – can be
monitored
Synthetic entries
(rows) – searchable by
name, cc number, etc
Dummy values in your
datasets
Columns with specific
data formats
e.g. RnGBnnnnnnnna
27. Conclusions & Recommendations
Much of your data is already outside your network (and your control)v
Manyv data breaches end up shared or marketed on the “Dark Web”
Tools to help you find itv – fully automated or analyst-supported
Why not buy all your staff a password manager, with rights to use it atv
home too?
Make sure you’re puFng watermarks and fingerprints in your datav
Early detecHon and alerHng can help miHgate the effect of av breach, and
comply with GDPR legislaHon
28. Thank you!
Come and see us in the exhibi0on area – W752
Pick up one of our scratchcards, and you could win a
free BreachAlert licence