Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kaseya Kaspersky Breaches


Published on

Join Kaseya and guest cybersecurity expert from Kaspersky, Cynthia James, to hear how companies like Target, eBay, and Home Depot are losing data, and how you can protect your company from suffering the same fate.

• The latest cybersecurity threats and vectors putting organizations at risk
• How your organization can avoid falling victim to a data breach
• Additional strategies to secure your organization and its data

  • Be the first to comment

  • Be the first to like this

Kaseya Kaspersky Breaches

  1. 1. The #1 Cause of Data Breaches and 3 Ways to Avoid Them WEBINAR September 2014 Copyright ©2014 Kaseya 1
  2. 2. Speakers Alex Brandt Vice President, Americas, Kaseya Alex Brandt is Vice President, Americas at Kaseya where he manages the national sales force and go-to-market strategies for Kaseya’s North American customer base. Alex’s career reflects 20 years of experience working with MSPs and IT organizations to more efficiently manage IT to drive the success of their businesses. Cynthia James Global Director Business Development, CISSP, Kaspersky Lab Cynthia James is Global Director of Business Development at Kaspersky Lab where she has spent the last 7 years. She is a frequent presenter and blogger on cybercrime topics for hardware and software developers like Kaseya who integrate Kaspersky’s anti-malware technology into their products. She obtained her CISSP in 2011. Copyright ©2014 Kaseya 2
  3. 3. Agenda • Threatscape level set - • 3 worst things going on in cybercrime today • Ransomware • Breach definition, legislation and reporting • The #1 cause of data breaches in 2014 • Top 3 tactics to defeat a breach • Other security essentials • Solutions & Case Studies • Winner of $100 Amazon Gift Card • Q & A Copyright ©2014 Kaseya
  4. 4. Where are, where we’ve come from • 200K unique pieces of malware in 2006; 315K per DAY by Q4 2013 • Cybercrime will NEVER stop (Over 315K/day ) Where many end users think we are
  5. 5. Security threats in 2014 Cybercriminals earn over $100 billion annually! 1. No need to be technical: malware can be rented – it’s easier than ever 2. Cybercrime markets extremely organized and sophisticated – anything can be sold 3. Constant innovation and debugging - by us!
  6. 6. Ransomware • Cryptolocker – a encryption Trojan (Sept 2013) • Estimated $27M earned in first 2 months (41% vs 3% paid) • Huge issue in Russia • 52% of infections are in the US • Spread primarily thru spam & phishing • Goes after backup files if they are on the network • Can spread from home network thru VPN to corporate network • 2.0 “version” in December + CryptoDefense, etc.
  7. 7. Let’s talk about data breaches! • Definition: “an unauthorized person viewed, copied, transmitted, used or took possession of sensitive, protected or confidential data” 1. Did they only have access or did actually view it or take possession of it? 2. Is there reason to believe they misused it? 3. How many records? • Why report if no one* will find out? • *victims, employees, customers, law enforcement, the press, banks, compliance agencies
  8. 8. The data breach reporting problem • Typical breach-reporting language: “when there is a reasonable likelihood of harm”; “tell victims in a timely manner” • Who to report to? Feds, state, agency?* • Three states have NO laws 1. Breach notification is costly – Process, fines, loss of customers, lawsuits 2. No one ever wants to report a breach 3. We don’t hear about the majority of breaches! 4. When we do hear…it’s about PII
  9. 9. Legislation & Compliance – it’s only about PII (although IP matters too) • Compliance (HIPAA, etc.) • Federal: US is working to unify breach laws – adding prison terms for knowingly concealing a breach • EU will complete that this year (2014) across 28 European countries – to apply to any company with data from EU citizens • How soon post-breach to report • What to report • How to notify customers • Compliance rules (security minimums, fines, etc.) • Up to 2% of gross revenues, breaks for SMBs • Canada – stronger than US law, not as strong as Europe • Who’s PII are you holding?
  10. 10. Looking at breaches: the research • Who is most likely to report? • Healthcare – due to HIPAA • Education – due to HIPAA (on campus healthcare) or “code of ethics” or transparency or liability • What are they reporting? • PII • How likely is it that we get full reporting? • Except for Healthcare: far less than 100%
  11. 11. University of Maryland breach • 287,000 records stolen • 78% were purged after the fact! • $5M allocated • Biggest take-away: • The Three Ps – • Purge (free) • Push off-line (cheap) • Protect (expensive: cost of layers + liability)
  12. 12. Biggest Breaches in Education 2014 • College of the Desert, CA – inadvertent email, PII on all employees • Douglas County School District, Colorado – via stolen laptop • Univ of Illinois, Chicago – haven’t said yet how many • Orangeburg Calhoun Tech College, Orangeburg, SC – 20K via stolen laptop • Penn State College of Medicine - 1176 student records • University of California Irvine – 1.5 months of key logging student health center • Uxbridge School District and Milford Schools – 3K students, laptop stolen from a 3rd party billing provider (Multistate Billing Services) • Butler University, Indianapolis – 160K records hacked (informed by law enforcement) • Orange Public School District – teen hacked grades, is being charged • The University California, Washington Center – didn’t say how many • Riverside Community College – 35K students – emailed file to the wrong address • Stanford Federal Credit Union: 18K emailed to the wrong employee (destroyed?) • Arkansas State University College – “unauthorized access” • Iowa State – 30K hack • University Pittsburgh Medical Center – 27K (originally reported 800) • UMASS Memorial (May) malicious insider hack
  13. 13. Biggest Breaches in Healthcare 2014 • Community Health Systems – 4.5 million records…+IP? • Access Health Connecticut – employee backpack stolen w/500 patient documents • Rady’s Children’s Hospital, San Diego, CA – 14K patient data emailed out by mistake • Redwood Regional Medical Group, Santa Rosa, CA 33K patients‘ information on a stolen thumb drive “back up” left in a “zipped container in an unlocked locker” • Boulder Community Health, Boulder, CO – “friendly” hack (warning) • Blue Shield of California, San Francisco – “inadvertent disclosure” • St Vincent Breast Center, Indianapolis – “inadvertent disclosure via letters” • Apple Valley Christian Care Center, Apple Valley, CA – breach via “technical glitch” • 3K patients at Bay Area Pain Medical Associates in Sausalito, CA - stolen laptop • Penn Medicine – receipts stolen from unlocked office at Pennsylvania Hospital • Baylor Regional Medical Center, Dallas TX – phishing scam to physicians, at least partially successful, may have compromised database • Vermont Health Exchange – easily hacked because default password not changed nor was the list of authorized people restricted. “No customers compromised”
  14. 14. Characterizing breaches in 2014 • Healthcare – records are constantly on the move (Fin Serv too) • 85% employee error • 15% deliberate • Education Breaches 2014 • 55% based on employee error or stolen, unencrypted laptops • 45% deliberate hacks • Almost 100% of these are outside hackers: • Federal agencies → The #1 cause is employee error!!!* * Doesn’t include the times employees open the door to cybercriminal attacks
  15. 15. Top 3 protection strategies 1. Encrypt PII and other valuable data • At rest or in motion • Outsource if possible 2. Practice the three Ps for all valued data • Purge • Push off-line OR • Protect 3. Restrict access to only educated employees
  16. 16. Employee education • Make the case based on failure rates of employees in your business sector • Education should be mandated for access to PII • Will liability or fines be the outcome of future forensics investigations? (RSA’s $72M man) • What’s the cost of a breach compared to a harassment lawsuit? • A good goal: BEGIN fostering a sense of mutual accountability for security
  17. 17. Other security essentials! • Forced, automated, application patching • Remove unused apps (requires inventory) • Enforced Policies – access, compliance, passwords • Oversight: ensure logging, auditing, reporting • To meet compliance • Support forensics work to ascertain cause • Keep backups off network! Copyright ©2014 Kaseya
  18. 18. About Kaspersky Lab • Founded in 1997; largest private anti-malware company – 100% focused on anti-malware • Over $700M annual revenues • Presence in 27 countries: CEO is Russian; incorporated in the UK; new to US market in 2005 • #1 vendor in Germany, France, Spain, Eastern Europe • Protecting over 300 million end points • Top supplier to OEMs/ISVs of anti-malware worldwide
  19. 19. About Kaseya • Founded in 2000 • Over 10,000 customers and a presence in over 20 countries • Award-winning IT systems management software offered both in the cloud and on-premise • Serving both Managed Service Providers and middle-market IT departments • Serving customers across industries including retail, manufacturing, healthcare, education, government, media, technology, finance, and more Copyright ©2014 Kaseya
  20. 20. About AuthAnvil acquisition • Kaseya acquired Scorpion Software in August • Multi-factor authentication • Single sign on (SSO) and web-based SSO • Password management • Secure, easy access to applications, from any device • Industry’s first comprehensive and integrated Security and IT Management as a Service solution Copyright ©2014 Kaseya
  21. 21. How Kaseya can help your security • Single pane of glass to manage and secure your systems • Integrated AuthAnvil • Integrated Kaspersky AV • Patch management to keep OS and software up-to-date and free of vulnerabilities • Policy management and automation to reduce human error and ensure compliance • Logging and reporting to ensure infrastructure compliance Copyright ©2014 Kaseya
  22. 22. Case Studies – Shield Watch • Cryptolocker detected • Ransom = 3 bitcoins per machine • Timeline • Deactivated server and workstation network cards • Kicked off KAV scan on each machine • Quarantined infected machine • Put others back on network • Restored corrupted files from VSS • Network restored in 1 hour, 35 minutes • Infected workstation restored from image 10 minutes later • 1 hour 45 minutes from detection to full fix Copyright ©2014 Kaseya
  23. 23. Case Studies – True North • Stolen laptop with PII on the hard drive • Timeline • Sent alert when laptop was booted up • Removed company data & PII • Took control, under the radar so basic functions still worked • Captured screenshots of the thief’s activity, including Facebook post: “YES got a new lap top today!!!and I’m loving it” • Obtained name and photo from Facebook and sent to police • Recovered laptop and restored from backup • 48 hours from theft alert to operational machine Copyright ©2014 Kaseya
  24. 24. Questions and Answers #Kaseya Copyright ©2014 Kaseya 24