SlideShare a Scribd company logo

Data Breach Detection: Are you ready for GDPR?

D
Digital Transformation EXPO Event Series

GDPR is weeks away. Being prepared for a data breach is as important as preventing one. No matter how hard you try to protect your network, your data is already out there – just think about how much data you have transferred to third-party organisations such as pension providers, marketing agencies and training companies etc. This presentation outlines simple steps that can be taken to ensure that if sensitive data is leaked, marketed or sold on the Dark Web, - no matter where it has originated from - you will be notified instantly, maximising your time to respond and potentially saving you millions.

Technology
1 of 28
Download to read offline
Data Breach Detection: Are you ready for GDPR? Jeremy Hendy jeremy.hendy@repknight.com Look a9er your data, not just your network
About RepKnight vUK CyberSecurity company – London & Belfast v“Outside the firewall” monitoring – Dark Web & Social Media vFocus on affordable, easy to use, cloud-hosted SaaS tools vTargeted search – keyword driven, relevant to your company vA “Burglar Alarm” for your data vConfigured in 10 clicks, nothing to install
Look after your data, not just your network Your network Your data “Your Data Has Already Left The Building”
GDPR : General Data Protection Regulations Get User Consent Know where all your data is Data Breaches v Comes into force 25 May 2018 v Applies to all global companies holding or processing data on UK & EU citizens v Three main components to GDPR: • Must get explicit consent from consumers on how companies can use their personal data • Companies must know where data is stored, consumers have a “right to be forgotten” • Significant (200x) penalties for data breaches : 2% or 4% of global turnover v And all in real-time (72 hrs from breach or request by a consumer)
What confiden,al data do you have in your company? And how would you find out if it’s been breached? • “Personal Data” • “Sensitive Personal Data” Employee Data • “Personal Data” • CRM Lists, E-commerce transactions Customer Data • Sales, Purchases, Forecasts • Mergers, Acquisitions Financial Data • Trade secrets, designs, patents, processes • Software Intellectual Property “Data About People” (GDPR) “Data About Things” (non-GDPR, but valuable)
How many different companies does your employer share your personal information with? Payroll Providersv HMRCv Expenses Processorsv Pension Providersv Pension Advisersv Private Health Insurancev Training Providersv v Employee Benefit Providers • Private Health Insurance • Employee Travel Insurance • Death In Service Insurance • Corporate Gym Membership • Childcare Providers
A couple of rhetorical questions to start: vHow many of you actively monitor “outside the firewall” for your data being breached, hacked, or leaked? vHow would you find out if your data had been leaked by a client or a supplier?
Defending your perimeter isn’t sufficient CONFIDENTIAL 8 Scope of traditional network security: “looking after the machines, not the data” YOUR DATA PASTE & DUMP SITES DARK WEB MARKETS YOUR DATA Websites & SaaS Apps YOUR DATA YOUR DATA Suppliers, Clients & Partners
Intelligence Analysts Covert Sources Automated Scraping & Crawling What do we mean by “The Dark Web”? TOR Network Open TOR Sites Closed TOR Sites (Login / Captcha) Private Forums (Invita2on Only) IRC Open Chatrooms Closed Chatrooms (Login / Captcha) Private Chatrooms (Invita2on Only) Bin Sites Searchable Bins Unlisted Bins & unsearchable sites Private Bins (Password Protected) WWW Open Websites Closed / Paywalled (Login or Captcha) Private Sites & Forums (Password Protected) Deep Dark
Your data – huge quan//es, across many different systems and formats Data Breaches – it’s not just the hackers 10 Bad guysYour suppliers & partnersYour staff Your clients
How does your data get out? CONFIDENTIAL 11 Human error People doing their job Network Security compromise 3rd party breach v Most data breaches happen through simple human error v Misaddressed email, documents lost or sent to wrong party v 3rd party breaches are almost impossible to guard against v Re-use of passwords compromised on other sites (credential stuffing) v Balance between security & productivity – can’t keep building higher walls
Where does your data end up? CONFIDENTIAL 12 If you’re not quite so lucky File sharing and dump sites (100s) If you’re lucky Marketed and sold on the Dark Web Being weaponized against you “The Dark Web” – where Google doesn’t reach Monitored by RepKnight BreachAlert
Direct Costs What are the consequences of a breach? CONFIDENTIAL 13 Increased A7ack Surface Indirect Impact & Costs v Significant direct costs to manage and fix the breach v Impact on share price & reputation can be fatal v Increased burden on your network security v Some costs are uninsurable v Early detection minimises the costs & effort
Different kinds of breaches First party breach •Your network •Your data •Your fault (Oops!) Related third party breach •Supplier / Partner / Customer •Your data •Not your fault •Your responsibility! Unrelated third party breach •Work email address used on other sites •Email & password get breached and exposed •Not your fault Financial & Reputational damage Regulatory fines Security Risk To address the issue, first you need to find out about it…
Automated credential stuffing v Employee uses work email address on 3rd party site v That site gets hacked v Automated bot tries those credentials on dozens of different sites v How many sites has John used that same password on? v Success rate: 1%? 0.1%? 0.01%? • It only takes one to succeed… v Data sets being widely circulated online : 1,400,000,000 in one dataset OK john@bp.com P@ssword123!
Strategies for detecting data breaches 1. Keep watching BBC News 24 / CNN • Don’t forget to keep your CV + LinkedIn profile up-to-date! 2. Install network log analysis / AI to detect unusual traffic • Looks really cool! • My network’s watertight. Job done! Right? 3. Keep an eye out for your data appearing outside the firewall • Perhaps with some kind of easy-to-use SaaS platform?
BreachAlert Looks for your datav outside the firewall Upload lists ofv search terms Email addresses• Domains• IP addresses• Keywords• Instant Email, SMS orv Slack no@fica@on
Typical BreachAlert search terms COMMERCIAL IN CONFIDENCE Employee PII Home email accounts Bank account details Client contact details CRM database Server IP addresses Corporate email addresses Contracts HR records Email traffic Project names Client names Company documents Company name High correlation / small number of search terms Low correlation / large number of search terms Structured data Unstructured data
Dark Web footprint of the top 500 UK law firms v Compiled list of 500 UK law firms • Identified 624 domain names belonging to those firms v Profiled domains using our BreachAlert platform • Email addresses or credentials matching those domains v Count of credentials appearing on Dark Web, Bin / Paste sites & in large Data Breaches v Almost exclusively third party breaches : no fault of the firm
Top 500 UK law firms: > 1 million leaked creden9als Larger companies tended to havev more creden2als exposed Every leaked address representsv a poten2al security risk Phishing• Creden2al stuffing• Impersona2on fraud• Iden2ty the>•
…but the Legal sector is actually no worse than any other! Top 500 UK Legal Firms : 1.1M Top 10 UK Accounting firms : 1.1M Top 24 UK Universities : 4.6M
Remember, that was the easy bit! COMMERCIAL IN CONFIDENCE Employee PII Home email accounts Bank account details Client contact details CRM database Server IP addresses Corporate email addresses Contracts HR records Email traffic Project names Client names Company documents Company name ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? 2,000
Finding your data : watermarks & fingerprints
Adding watermarks to your data Synthetic email domains – can be monitored Synthetic entries (rows) – searchable by name, cc number, etc Dummy values in your datasets Columns with specific data formats e.g. RnGBnnnnnnnna
Conclusions & Recommendations Much of your data is already outside your network (and your control)v Manyv data breaches end up shared or marketed on the “Dark Web” Tools to help you find itv – fully automated or analyst-supported Why not buy all your staff a password manager, with rights to use it atv home too? Make sure you’re puFng watermarks and fingerprints in your datav Early detecHon and alerHng can help miHgate the effect of av breach, and comply with GDPR legislaHon
Thank you! Come and see us in the exhibi0on area – W752 Pick up one of our scratchcards, and you could win a free BreachAlert licence

Recommended

E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedVidaB
 
Analyzing securewebsites
Analyzing securewebsitesAnalyzing securewebsites
Analyzing securewebsitesDr. TJ Wolfe
 
Critical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachCritical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachTeri Radichel
 
Jitter Bugslec
Jitter BugslecJitter Bugslec
Jitter Bugslecscottdp3
 
Digital privacy
Digital privacyDigital privacy
Digital privacyAnna Adel
 
Is Crawling Legal? Web Crawling legal Policies
Is Crawling Legal? Web Crawling legal PoliciesIs Crawling Legal? Web Crawling legal Policies
Is Crawling Legal? Web Crawling legal PoliciesPromptCloud
 
Cyber threat trends
Cyber threat trendsCyber threat trends
Cyber threat trendsStephen Richards
 
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...WhoisXML API
 

Recommended

E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedVidaB
 
Analyzing securewebsites
Analyzing securewebsitesAnalyzing securewebsites
Analyzing securewebsitesDr. TJ Wolfe
 
Critical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachCritical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachTeri Radichel
 
Jitter Bugslec
Jitter BugslecJitter Bugslec
Jitter Bugslecscottdp3
 
Digital privacy
Digital privacyDigital privacy
Digital privacyAnna Adel
 
Is Crawling Legal? Web Crawling legal Policies
Is Crawling Legal? Web Crawling legal PoliciesIs Crawling Legal? Web Crawling legal Policies
Is Crawling Legal? Web Crawling legal PoliciesPromptCloud
 
Cyber threat trends
Cyber threat trendsCyber threat trends
Cyber threat trendsStephen Richards
 
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...WhoisXML API
 
Protecting your IP and Data Trustee Responsibilities by Brian Miller (Solici...
Protecting your IP and Data Trustee Responsibilities by Brian Miller (Solici...Protecting your IP and Data Trustee Responsibilities by Brian Miller (Solici...
Protecting your IP and Data Trustee Responsibilities by Brian Miller (Solici...Brian Miller, Solicitor
 
secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger Abhishek Hirapara
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internetmohmd-kutbi
 
Information security
Information securityInformation security
Information securityLaxmiprasad Bansod
 
Panama Papers Leak and Precautions Law firms should take
Panama Papers Leak and Precautions Law firms should takePanama Papers Leak and Precautions Law firms should take
Panama Papers Leak and Precautions Law firms should takeAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Cyber Risks - Legal innovation 2018
Cyber Risks - Legal innovation 2018Cyber Risks - Legal innovation 2018
Cyber Risks - Legal innovation 2018Gary Chambers
 
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxPhishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxM Nadeem Qazi
 
Identity Theft: Evolving with Technology
Identity Theft: Evolving with TechnologyIdentity Theft: Evolving with Technology
Identity Theft: Evolving with Technology- Mark - Fullbright
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004Mike Spaulding
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringcopperroo
 
Internet Dangers 2004
Internet Dangers 2004Internet Dangers 2004
Internet Dangers 2004Donald E. Hester
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentationYusuf Qadir
 
Data Sources - Digital Shadows
Data Sources - Digital ShadowsData Sources - Digital Shadows
Data Sources - Digital ShadowsDigital Shadows
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015RapidSSLOnline.com
 
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...MZERMA Amine
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
CyberID-Sleuth
CyberID-SleuthCyberID-Sleuth
CyberID-Sleuthbtr-security
 
Threats to online security and data
Threats to online security and dataThreats to online security and data
Threats to online security and dataAnthonywheeler
 
How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouSkyhigh Networks
 
CRI Retail Cyber Threats
CRI Retail Cyber ThreatsCRI Retail Cyber Threats
CRI Retail Cyber ThreatsOCTF Industry Engagement
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
 

More Related Content

What's hot

Protecting your IP and Data Trustee Responsibilities by Brian Miller (Solici...
Protecting your IP and Data Trustee Responsibilities by Brian Miller (Solici...Protecting your IP and Data Trustee Responsibilities by Brian Miller (Solici...
Protecting your IP and Data Trustee Responsibilities by Brian Miller (Solici...Brian Miller, Solicitor
 
secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger Abhishek Hirapara
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internetmohmd-kutbi
 
Cyber Risks - Legal innovation 2018
Cyber Risks - Legal innovation 2018Cyber Risks - Legal innovation 2018
Cyber Risks - Legal innovation 2018Gary Chambers
 
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxPhishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxM Nadeem Qazi
 
Identity Theft: Evolving with Technology
Identity Theft: Evolving with TechnologyIdentity Theft: Evolving with Technology
Identity Theft: Evolving with Technology- Mark - Fullbright
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004Mike Spaulding
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringcopperroo
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentationYusuf Qadir
 
Data Sources - Digital Shadows
Data Sources - Digital ShadowsData Sources - Digital Shadows
Data Sources - Digital ShadowsDigital Shadows
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015RapidSSLOnline.com
 
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...MZERMA Amine
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
Threats to online security and data
Threats to online security and dataThreats to online security and data
Threats to online security and dataAnthonywheeler
 
How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouSkyhigh Networks
 

What's hot (20)

Protecting your IP and Data Trustee Responsibilities by Brian Miller (Solici...
Protecting your IP and Data Trustee Responsibilities by Brian Miller (Solici...Protecting your IP and Data Trustee Responsibilities by Brian Miller (Solici...
Protecting your IP and Data Trustee Responsibilities by Brian Miller (Solici...
 
secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger secure from Phishing Hacking and Keylogger
secure from Phishing Hacking and Keylogger
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internet
 
Information security
Information securityInformation security
Information security
 
Panama Papers Leak and Precautions Law firms should take
Panama Papers Leak and Precautions Law firms should takePanama Papers Leak and Precautions Law firms should take
Panama Papers Leak and Precautions Law firms should take
 
Cyber Risks - Legal innovation 2018
Cyber Risks - Legal innovation 2018Cyber Risks - Legal innovation 2018
Cyber Risks - Legal innovation 2018
 
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptxPhishing Seminar By M Nadeem Qazi(MnQazi) pptx
Phishing Seminar By M Nadeem Qazi(MnQazi) pptx
 
Identity Theft: Evolving with Technology
Identity Theft: Evolving with TechnologyIdentity Theft: Evolving with Technology
Identity Theft: Evolving with Technology
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Internet Dangers 2004
Internet Dangers 2004Internet Dangers 2004
Internet Dangers 2004
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
 
Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentation
 
Data Sources - Digital Shadows
Data Sources - Digital ShadowsData Sources - Digital Shadows
Data Sources - Digital Shadows
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015
 
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
 
CyberID-Sleuth
CyberID-SleuthCyberID-Sleuth
CyberID-Sleuth
 
Threats to online security and data
Threats to online security and dataThreats to online security and data
Threats to online security and data
 
How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink You
 

Similar to Data Breach Detection: Are you ready for GDPR?

SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerZitaAdlTrk
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1NetWatcher
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesParsons Behle & Latimer
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security SeminarJeremy Quadri
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowAct-On Software
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!NormShield, Inc.
 
Retail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewRetail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewOCTF Industry Engagement
 
Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?NormShield
 

Similar to Data Breach Detection: Are you ready for GDPR? (20)

CRI Retail Cyber Threats
CRI Retail Cyber ThreatsCRI Retail Cyber Threats
CRI Retail Cyber Threats
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in Danger
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
 
Cloud Privacy
Cloud PrivacyCloud Privacy
Cloud Privacy
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!
 
Retail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewRetail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 Overview
 
Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?
 

More from Digital Transformation EXPO Event Series

Who’s afraid of GDPR: the application of Legitimate Interest in B2B marketing
Who’s afraid of GDPR: the application of Legitimate Interest in B2B marketingWho’s afraid of GDPR: the application of Legitimate Interest in B2B marketing
Who’s afraid of GDPR: the application of Legitimate Interest in B2B marketingDigital Transformation EXPO Event Series
 
Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...
Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...
Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...Digital Transformation EXPO Event Series
 
Cloud in the Spotlight: How a National Institution ripped up the rule book wi...
Cloud in the Spotlight: How a National Institution ripped up the rule book wi...Cloud in the Spotlight: How a National Institution ripped up the rule book wi...
Cloud in the Spotlight: How a National Institution ripped up the rule book wi...Digital Transformation EXPO Event Series
 
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningSplunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningDigital Transformation EXPO Event Series
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Digital Transformation EXPO Event Series
 
AI is moving from its academic roots to the forefront of business and industry
AI is moving from its academic roots to the forefront of business and industryAI is moving from its academic roots to the forefront of business and industry
AI is moving from its academic roots to the forefront of business and industryDigital Transformation EXPO Event Series
 
Why Your Business Can’t Ignore the Need for a Password Manager Any Longer
Why Your Business Can’t Ignore the Need for a Password Manager Any LongerWhy Your Business Can’t Ignore the Need for a Password Manager Any Longer
Why Your Business Can’t Ignore the Need for a Password Manager Any LongerDigital Transformation EXPO Event Series
 

More from Digital Transformation EXPO Event Series (20)

Who’s afraid of GDPR: the application of Legitimate Interest in B2B marketing
Who’s afraid of GDPR: the application of Legitimate Interest in B2B marketingWho’s afraid of GDPR: the application of Legitimate Interest in B2B marketing
Who’s afraid of GDPR: the application of Legitimate Interest in B2B marketing
 
Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...
Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...
Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...
 
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile EraThe Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
 
Cloud in the Spotlight: How a National Institution ripped up the rule book wi...
Cloud in the Spotlight: How a National Institution ripped up the rule book wi...Cloud in the Spotlight: How a National Institution ripped up the rule book wi...
Cloud in the Spotlight: How a National Institution ripped up the rule book wi...
 
What happens if you’re not ready for the GDPR?
What happens if you’re not ready for the GDPR?What happens if you’re not ready for the GDPR?
What happens if you’re not ready for the GDPR?
 
Moving Beyond the Router to a Thin-branch or Application-driven SD-WAN
Moving Beyond the Router to a Thin-branch or Application-driven SD-WANMoving Beyond the Router to a Thin-branch or Application-driven SD-WAN
Moving Beyond the Router to a Thin-branch or Application-driven SD-WAN
 
A modern approach to cloud computing
A modern approach to cloud computing A modern approach to cloud computing
A modern approach to cloud computing
 
Citrix NetScaler SD-WAN - What’s New, What’s Hot?
Citrix NetScaler SD-WAN - What’s New, What’s Hot?Citrix NetScaler SD-WAN - What’s New, What’s Hot?
Citrix NetScaler SD-WAN - What’s New, What’s Hot?
 
Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV
 
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningSplunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learning
 
Lean Analytics: How to get more out of your data science team
Lean Analytics: How to get more out of your data science teamLean Analytics: How to get more out of your data science team
Lean Analytics: How to get more out of your data science team
 
Top 5 Lessons Learned in Deploying AI in the Real World
Top 5 Lessons Learned in Deploying AI in the Real WorldTop 5 Lessons Learned in Deploying AI in the Real World
Top 5 Lessons Learned in Deploying AI in the Real World
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
 
Data Science Is More Than Just Statistics
Data Science Is More Than Just StatisticsData Science Is More Than Just Statistics
Data Science Is More Than Just Statistics
 
Breaking down the Microsoft AI Platform
Breaking down the Microsoft AI Platform Breaking down the Microsoft AI Platform
Breaking down the Microsoft AI Platform
 
The convergence of Data Science and Software Development
The convergence of Data Science and Software DevelopmentThe convergence of Data Science and Software Development
The convergence of Data Science and Software Development
 
The future impact of AI in cybercrime
The future impact of AI in cybercrimeThe future impact of AI in cybercrime
The future impact of AI in cybercrime
 
Digital Innovation in Medical Gases
Digital Innovation in Medical GasesDigital Innovation in Medical Gases
Digital Innovation in Medical Gases
 
AI is moving from its academic roots to the forefront of business and industry
AI is moving from its academic roots to the forefront of business and industryAI is moving from its academic roots to the forefront of business and industry
AI is moving from its academic roots to the forefront of business and industry
 
Why Your Business Can’t Ignore the Need for a Password Manager Any Longer
Why Your Business Can’t Ignore the Need for a Password Manager Any LongerWhy Your Business Can’t Ignore the Need for a Password Manager Any Longer
Why Your Business Can’t Ignore the Need for a Password Manager Any Longer
 

Recently uploaded

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Recently uploaded (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 

Data Breach Detection: Are you ready for GDPR?

  • 1. Data Breach Detection: Are you ready for GDPR? Jeremy Hendy jeremy.hendy@repknight.com Look a9er your data, not just your network
  • 2. About RepKnight vUK CyberSecurity company – London & Belfast v“Outside the firewall” monitoring – Dark Web & Social Media vFocus on affordable, easy to use, cloud-hosted SaaS tools vTargeted search – keyword driven, relevant to your company vA “Burglar Alarm” for your data vConfigured in 10 clicks, nothing to install
  • 3. Look after your data, not just your network Your network Your data “Your Data Has Already Left The Building”
  • 4. GDPR : General Data Protection Regulations Get User Consent Know where all your data is Data Breaches v Comes into force 25 May 2018 v Applies to all global companies holding or processing data on UK & EU citizens v Three main components to GDPR: • Must get explicit consent from consumers on how companies can use their personal data • Companies must know where data is stored, consumers have a “right to be forgotten” • Significant (200x) penalties for data breaches : 2% or 4% of global turnover v And all in real-time (72 hrs from breach or request by a consumer)
  • 5. What confiden,al data do you have in your company? And how would you find out if it’s been breached? • “Personal Data” • “Sensitive Personal Data” Employee Data • “Personal Data” • CRM Lists, E-commerce transactions Customer Data • Sales, Purchases, Forecasts • Mergers, Acquisitions Financial Data • Trade secrets, designs, patents, processes • Software Intellectual Property “Data About People” (GDPR) “Data About Things” (non-GDPR, but valuable)
  • 6. How many different companies does your employer share your personal information with? Payroll Providersv HMRCv Expenses Processorsv Pension Providersv Pension Advisersv Private Health Insurancev Training Providersv v Employee Benefit Providers • Private Health Insurance • Employee Travel Insurance • Death In Service Insurance • Corporate Gym Membership • Childcare Providers
  • 7. A couple of rhetorical questions to start: vHow many of you actively monitor “outside the firewall” for your data being breached, hacked, or leaked? vHow would you find out if your data had been leaked by a client or a supplier?
  • 8. Defending your perimeter isn’t sufficient CONFIDENTIAL 8 Scope of traditional network security: “looking after the machines, not the data” YOUR DATA PASTE & DUMP SITES DARK WEB MARKETS YOUR DATA Websites & SaaS Apps YOUR DATA YOUR DATA Suppliers, Clients & Partners
  • 9. Intelligence Analysts Covert Sources Automated Scraping & Crawling What do we mean by “The Dark Web”? TOR Network Open TOR Sites Closed TOR Sites (Login / Captcha) Private Forums (Invita2on Only) IRC Open Chatrooms Closed Chatrooms (Login / Captcha) Private Chatrooms (Invita2on Only) Bin Sites Searchable Bins Unlisted Bins & unsearchable sites Private Bins (Password Protected) WWW Open Websites Closed / Paywalled (Login or Captcha) Private Sites & Forums (Password Protected) Deep Dark
  • 10. Your data – huge quan//es, across many different systems and formats Data Breaches – it’s not just the hackers 10 Bad guysYour suppliers & partnersYour staff Your clients
  • 11. How does your data get out? CONFIDENTIAL 11 Human error People doing their job Network Security compromise 3rd party breach v Most data breaches happen through simple human error v Misaddressed email, documents lost or sent to wrong party v 3rd party breaches are almost impossible to guard against v Re-use of passwords compromised on other sites (credential stuffing) v Balance between security & productivity – can’t keep building higher walls
  • 12. Where does your data end up? CONFIDENTIAL 12 If you’re not quite so lucky File sharing and dump sites (100s) If you’re lucky Marketed and sold on the Dark Web Being weaponized against you “The Dark Web” – where Google doesn’t reach Monitored by RepKnight BreachAlert
  • 13. Direct Costs What are the consequences of a breach? CONFIDENTIAL 13 Increased A7ack Surface Indirect Impact & Costs v Significant direct costs to manage and fix the breach v Impact on share price & reputation can be fatal v Increased burden on your network security v Some costs are uninsurable v Early detection minimises the costs & effort
  • 14.
  • 15.
  • 16. Different kinds of breaches First party breach •Your network •Your data •Your fault (Oops!) Related third party breach •Supplier / Partner / Customer •Your data •Not your fault •Your responsibility! Unrelated third party breach •Work email address used on other sites •Email & password get breached and exposed •Not your fault Financial & Reputational damage Regulatory fines Security Risk To address the issue, first you need to find out about it…
  • 17. Automated credential stuffing v Employee uses work email address on 3rd party site v That site gets hacked v Automated bot tries those credentials on dozens of different sites v How many sites has John used that same password on? v Success rate: 1%? 0.1%? 0.01%? • It only takes one to succeed… v Data sets being widely circulated online : 1,400,000,000 in one dataset OK john@bp.com P@ssword123!
  • 18. Strategies for detecting data breaches 1. Keep watching BBC News 24 / CNN • Don’t forget to keep your CV + LinkedIn profile up-to-date! 2. Install network log analysis / AI to detect unusual traffic • Looks really cool! • My network’s watertight. Job done! Right? 3. Keep an eye out for your data appearing outside the firewall • Perhaps with some kind of easy-to-use SaaS platform?
  • 19. BreachAlert Looks for your datav outside the firewall Upload lists ofv search terms Email addresses• Domains• IP addresses• Keywords• Instant Email, SMS orv Slack no@fica@on
  • 20. Typical BreachAlert search terms COMMERCIAL IN CONFIDENCE Employee PII Home email accounts Bank account details Client contact details CRM database Server IP addresses Corporate email addresses Contracts HR records Email traffic Project names Client names Company documents Company name High correlation / small number of search terms Low correlation / large number of search terms Structured data Unstructured data
  • 21. Dark Web footprint of the top 500 UK law firms v Compiled list of 500 UK law firms • Identified 624 domain names belonging to those firms v Profiled domains using our BreachAlert platform • Email addresses or credentials matching those domains v Count of credentials appearing on Dark Web, Bin / Paste sites & in large Data Breaches v Almost exclusively third party breaches : no fault of the firm
  • 22. Top 500 UK law firms: > 1 million leaked creden9als Larger companies tended to havev more creden2als exposed Every leaked address representsv a poten2al security risk Phishing• Creden2al stuffing• Impersona2on fraud• Iden2ty the>•
  • 23. …but the Legal sector is actually no worse than any other! Top 500 UK Legal Firms : 1.1M Top 10 UK Accounting firms : 1.1M Top 24 UK Universities : 4.6M
  • 24. Remember, that was the easy bit! COMMERCIAL IN CONFIDENCE Employee PII Home email accounts Bank account details Client contact details CRM database Server IP addresses Corporate email addresses Contracts HR records Email traffic Project names Client names Company documents Company name ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? 2,000
  • 25. Finding your data : watermarks & fingerprints
  • 26. Adding watermarks to your data Synthetic email domains – can be monitored Synthetic entries (rows) – searchable by name, cc number, etc Dummy values in your datasets Columns with specific data formats e.g. RnGBnnnnnnnna
  • 27. Conclusions & Recommendations Much of your data is already outside your network (and your control)v Manyv data breaches end up shared or marketed on the “Dark Web” Tools to help you find itv – fully automated or analyst-supported Why not buy all your staff a password manager, with rights to use it atv home too? Make sure you’re puFng watermarks and fingerprints in your datav Early detecHon and alerHng can help miHgate the effect of av breach, and comply with GDPR legislaHon
  • 28. Thank you! Come and see us in the exhibi0on area – W752 Pick up one of our scratchcards, and you could win a free BreachAlert licence