Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Risk Factory: Beyond Data Leakage


Published on

  • Be the first to like this

Risk Factory: Beyond Data Leakage

  1. 1. Beyond Accidental Data Leakage
  2. 2. A simple, easy to use, online, B2B procurement portal for purchasing products and services to identify, minimise and manage the security threat to business data.
  3. 3. Read All About It… TJX Data Breach: At 45.6M TJX Data Breach: At 45.6M Card Numbers, Its the Card Numbers, Its the Biggest Ever Biggest Ever (March 2007) (March 2007) “We may never be able to identify much of the “We may never be able to identify much of the information believed stolen." information believed stolen." The company has so far spent about The company has so far spent about $250+ million to resolve it $250+ million to resolve it ($1B+ estimate in cases / / lost revenue) ($1B+ estimate in cases lost revenue)
  4. 4. Leakage Defined Data-Leakage is a loosely defined term used to describe an incident where the confidentiality of information has been compromised . • Data-Breach and Information Loss are also widely used terms • Data Slurping: The use of iPODs or portable USB hard drives
  5. 5. Who’s Leaking?
  6. 6. Who’s Leaking ?
  7. 7. Who’s Leaking? The government sector accounted for 35% of reported data loss with 20% Education and 10% Healthcare and remainder reported in private sector…
  8. 8. The LeakersExternal Internal
  9. 9. Whats Leaking
  10. 10. Biggest Leakers? FBI/Computer Security Institute 2011: 85% of all offenders prosecuted for cyber crimes were employees of the company attacked
  11. 11. Top 10 Motives 1. Money 2. Dosh 3. Moola 4. Bread 5. Baksheesh 6. Scratch 7. Cabbage 8. Sheckles 9. Chicken Feed 10. Wampum
  12. 12. Accidents Can Happen • Accidental / unintentional • Carelessness • Leaving sensitive information accessible to others • Loosing a laptop • Sending email to mistaken name or “all” • Malicious code (viruses, worms, Trojan horses) • Suspicious email, jokes, etc.
  13. 13. Beyond Accidental • Malicious / intentional vandalism / delinquency • Bulletin board postings (Fu*kedCompany, Dotcomscoop, Deja) • Disgruntled employees • Forwarding company data to home email, time bombs, deletion of data
  14. 14. You Can Find• Without hacking• Without intrusion (denial of service)• Without breaking any law• With consent of firewall• Regardless of company consent• With consent of end-user / author• Virtually untraceable• Replicable millions of times• Available to anyone with a PC online• Accessible anywhere in the world
  15. 15. Potential M&A OrgRestructure
  16. 16. Private Company’s SharePlan
  17. 17. Internal Reorganization
  18. 18. Banking Statements
  19. 19. Client Contact List
  20. 20. Research Data
  21. 21. Airplane Specifications
  22. 22. Airplane Specifications
  23. 23. Flight Simulation Data
  24. 24. Flight Sim. Data – EngineFailure
  25. 25. The Where?
  26. 26. Beyond Accidental II The trusted user turned entrepreneur Under cover / overlooked Easy to trust / hard to detect Has a key to the house Know’s when you’re not home Knows your strengths / weaknesses Why do they do it?
  27. 27. That’s Where The MoneyIs…
  28. 28. Easy Money GettingEasier 2000Name, Address DOB = £2.00Credit card # = £2.00Expiry date = £ 3.00 2005Security Code = £3.00 Name, Address DOB = £1.00 Total = £10.00 Credit card # = £1.00 Expiry date = £ 1.00 Security Code = £2.00 2010 Total = £5.00 Name, Address DOB = £.25 Credit card # = £.25 Expiry date = £ .25 Security Code = £.25 Total = £1.00
  29. 29. Where to Start ? Conduct data leakage survey – ITM software – Logical review – Physical review
  30. 30. Detecting the CovertChannels1. Check classification scheme & security policies2. Write policy-synchronised objective & scope3. Identify keywords/folders & files4. Identify target department5. Get Board-level approval before you start6. Deploy data leakage detection software (30-60 free trials!)7. Audit office equipment (copy machine, faxes, scanners)8. Audit VoIP storage access logs9. Audit CCTV footage10. Test physical/procedural security measures
  31. 31. Where Is Your Data?• Network• Client devices: removable media, unauthorised connections, devices, applications, local storage, file copy, save as….• Remote connections• Storage: photocopiers, scanners, faxes• 3rd Parties• Service Providers• Contractors
  32. 32. How & Where Leaking? Laptop / Desktop Server CD / DVD Piggybacking USB iPod Dumpster (Skip) Diving Social Engineering Memory Stick Contractors Road Apple PCMCIA Eavesdropping Memory Card Readers Bluetooth Endpoint Communication Infrared Databases Firewire File Systems Serial / Parallel Ports File Servers NAS Data-At-Rest Virtual Machine SANs / iSCSI Storage Screen Scrapers Voice Mail Data Loss Trojans Other Threat Vectors Video Surveillance Key Loggers Phishing / Spear Phishing E-Mail HTTP/S Printers SSH Backup Tapes / CD / DVD FTP Laptop / Desktop / Server Data-In-Motion IM Fax VoIP Physical Photocopier P2P Mobile Phone / PDA Blogs Digital Camera (incl. Mobile Phone Cameras) Incorrect Disposal Printed Reports
  33. 33. Free Advice…• Stay focussed. Follow the White Rabbit.• Stay cool. Stay professional.• Be a-political. No hidden agendas.• Be prepared. You will see the Sexy Beast.• Remember: What you will see is not new.• You’ll see how the business really operates
  34. 34. But Remember “When the Gods want to punish us, they answer our prayers.”
  35. 35. Top Ten Distractions• Employees viewing porn / shopping …• Management viewing porn / shopping…• Clandestine affairs• Personal affairs• Rumours• Employees falsifying company records (expense accounts)• Employees running a side business• Convenience connections
  36. 36. Risk Factory Survey• Analysed over 200,000 hours of user activity• Carried out over 24 months• Linked to specific files, folders, and keywords• Identified the who, what where & when
  37. 37. Who?
  38. 38. How?
  39. 39. Summary Findings• 68% theft linked to mobile rather than fixed desktop systems.• IT and Customer Services Departments highest number data thefts.• 96% male• 79% incidents occurred on Fridays between 3 and 5PM.• Applications most favoured to remove data were identified as web mail, instant messaging (IM) and social networking web sites.• The top 4 theft vectors were identified as mobile devices, web mail, removable media and web applications.• All instances identified could have been prevented. Existing corporate security policies were not implemented, monitored or enforced.
  40. 40. Prevention StepsStep 1: Classification schemeStep 2: Education & awarenessStep 3: Locate & markingStep 4: Implement defensive measuresStep 5: Monitor, enforce, report
  41. 41. Defense Must Be Layered Spyware Hackers Inappropriate Content Network Perimeter security Layer Attacks Strong authentication URL filtering Anti-virus Viruses IDS/IPS UNAUTHORISED APPLICATION USE Cut, Copy, Paste, Print, Rename, Save As UNAUTHORISED APPLICATIONS UNAUTHORISED CONNECTIONS Malware, IM, Webmail, Skype, MySpace, file sharing Wireless (802.11, Bluetooth, IR, GPRS/UMTS/HSPDA), Modems UNAUTHORISED FILE COPYING & OUTPUT DEVICES Local file copies (removable storage, mobile devices), printers, copiers, faxes
  42. 42. Obligatory SummarySlide• Data leakage is not a phenomenon• Your data worth money - treat it accordingly• Statistically speaking, bad guy works for you• Know where your data resides: exit end points, at rest and in motion…• Its all about the user
  43. 43. 26 Dover Street London United Kingdom W1S 4LY +44 (0)20 3586 1025+44 (0)20 7763 7101(fax)