SlideShare a Scribd company logo

Douglas Jambor Sageworks Cybersecurity Presentation

Turner and Associates, Inc.
Turner and Associates, Inc.

This document summarizes information presented by Doug Jambor of Turner and Associates on data breaches. It discusses what causes data breaches, the history and size of the largest breaches, how breaches occur and common factors between them. It also outlines steps for developing an incident response plan and ways to limit exposure to breaches such as investing in security and gap analysis of critical controls. Major sources of breach information discussed include the Ponemon Institute, Privacy Rights Clearinghouse, and the Verizon Data Breach Investigations Report.

1 of 46
Download to read offline
Presented by: Doug Jambor Turner and Associates
 Financial information company that provides credit and risk management solutions to financial institutions  Data and applications used by thousands of financial institutions and accounting firms across North America  Awards ◦ Named to Inc. 500 lit of fastest growing privately held companies in the U.S. ◦ Named to Deloitte Technology Fast 500
Turner and Associates, Inc., was formed in 1994 in Columbus, Ohio to address the financial needs of small businesses and the lending functions of Banks.
 Data Breaches ◦ Lessons Learned ◦ Key Takeaways
 So, what are data breaches? ◦ Unintended disclosure of sensitive information ◦ Cyber Attacks ◦ Payment card fraud
 Data breaches are also caused by: ◦ Malicious insiders ◦ Physical data loss ◦ Portable device loss
 Lastly, data breaches could be caused by: ◦ Hardware loss ◦ Unknown data loss
 History of the 10 largest data breaches: 1. Shanghai Roadway (March, 2012) 150 Million records 2. Heartland Payment Systems (January, 2009) 130 Million records 3. T.J. Maxx (January 2007) 94 Million Records
 History of the 10 largest data breaches: 4. TRW / Sears Roebuck (June,1984) 90 Million records 5. Sony Corporation (April, 2011) 77 Million records 6. Unknown Company (August, 2008) 50 Million Records
 History of the 10 largest data breaches: 7. Card Systems (June, 2005) 40 Million records 8. Tianya (December, 2011) 40 Million records 9. Steam On-line Gaming (November, 2011) 35 Million Records
 History of the 10 largest data breaches: 10. SK Communications (July, 2011) 35 Million records
 2011 was a game changer ◦ Four of the top 10 biggest data breaches happened this year
 2011 was a game changer ◦ Hackivism come through the doors
 Larry Ponemon  2012 RSA Conference in San Francisco
 Can we stop data breaches? ◦ No
 What are the primary motives behind data breaches? ◦ Criminal element & $$$ ◦ Verizon 2012 DBIR:
 Who is behind data breaches? ◦ Verizon 2012 DBIR:
 How do data breaches occur? ◦ Verizon 2012 DBIR:
 What commonalities exist between data breaches? ◦ Verizon 2012 DBIR:
 Industry groups represented by percent of breaches ◦ Verizon 2012 DBIR:
 Industry groups represented by percent of breaches ◦ Verizon 2012 DBIR:
 Threat agents over time by percent of breaches ◦ Verizon 2012 DBIR:
 Compromised assets by percent of breaches and records ◦ Verizon 2012 DBIR:
 Timespan of events by percent of breaches ◦ Verizon 2012 DBIR:
 So why are data breaches so damaging? ◦ They impact your organization’s bottom line ◦ Average cost is almost $18K per day ◦ All industries are susceptible data breaches
 Average annualized cyber crime cost weighted by attack frequency ◦ Ponemon:
 Percentage cost for external consequences ◦ Ponemon:
 Responding to a data breach - percentage cost by internal activity centers ◦ Ponemon:
 What should we consider prior to a data breach? ◦ Ensure you have developed and tested an Incident Response Plan
 Incident Response Plan  Step one ◦ Build a response team
 Incident Response Plan  Step two ◦ Assign a lead/liaison
 Incident Response Plan  Step three ◦ Ensure everyone knows their job tasks
 Incident Response Plan  Step four ◦ Create the contact list
 Incident Response Plan  Step five ◦ Create a checklist
 Incident Response Plan  Step six ◦ Document the entire process
 Incident Response Plan  Step seven ◦ Notify customers
 How do you limit your exposure to a data breach? ◦ Perform due diligence on pen testers, internal auditors, and critical vendors
 How do you limit your exposure to a data breach? ◦ Read penetration test EL
 How do you limit your exposure to a data breach? ◦ Smaller institutions
 How do you limit your exposure to a data breach? ◦ Perform gap analysis of the SANS 20 Critical Security Controls
 How do you limit your exposure to a data breach? ◦ If you see bad behavior, call it out
 How do you limit your exposure to a data breach? ◦ Invest in security
 Data breaches described in today’s webinar have been publicly reported and easily available over the Internet.  Major Sources include: ◦ http://www.ponemon.org ◦ http://datalossdb.org/ ◦ https://www.privacyrights.org/ ◦ http://www.databreaches.net/ ◦ http://www.ftc.gov/ ◦ Verizon 2012 Data Breach Investigations Report
 Website: www.sageworksinc.com  Phone: (919)-851-7474 ext. 693  Helpful links and resources: ◦ www.sageworksanalyst.com/resources.aspx ◦ web.sageworksinc.com/bank-webinars/  Find us on twitter: sageworksdata

Recommended

Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborData Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborTurner and Associates, Inc.
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
Cyber Security for Local Gov SAMFOG
Cyber Security for Local Gov SAMFOGCyber Security for Local Gov SAMFOG
Cyber Security for Local Gov SAMFOGDonald E. Hester
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryInternational Institute for Learning
 
DATA BREACH & PREVENTION - Hemali Rangoliya
DATA BREACH & PREVENTION - Hemali RangoliyaDATA BREACH & PREVENTION - Hemali Rangoliya
DATA BREACH & PREVENTION - Hemali RangoliyaNSConclave
 
2016 Maze Live Cyber-security for Local Governments
2016 Maze Live Cyber-security for Local Governments2016 Maze Live Cyber-security for Local Governments
2016 Maze Live Cyber-security for Local GovernmentsDonald E. Hester
 
Insider's Journey Into The Darknet
Insider's Journey Into The DarknetInsider's Journey Into The Darknet
Insider's Journey Into The DarknetMegan Thudium
 
When not if
When not ifWhen not if
When not ifDavid L. Fleck, Esq.
 

Recommended

Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborData Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborTurner and Associates, Inc.
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
Cyber Security for Local Gov SAMFOG
Cyber Security for Local Gov SAMFOGCyber Security for Local Gov SAMFOG
Cyber Security for Local Gov SAMFOGDonald E. Hester
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryInternational Institute for Learning
 
DATA BREACH & PREVENTION - Hemali Rangoliya
DATA BREACH & PREVENTION - Hemali RangoliyaDATA BREACH & PREVENTION - Hemali Rangoliya
DATA BREACH & PREVENTION - Hemali RangoliyaNSConclave
 
2016 Maze Live Cyber-security for Local Governments
2016 Maze Live Cyber-security for Local Governments2016 Maze Live Cyber-security for Local Governments
2016 Maze Live Cyber-security for Local GovernmentsDonald E. Hester
 
Insider's Journey Into The Darknet
Insider's Journey Into The DarknetInsider's Journey Into The Darknet
Insider's Journey Into The DarknetMegan Thudium
 
When not if
When not ifWhen not if
When not ifDavid L. Fleck, Esq.
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentationSreejith Nair
 
Mitigating Cyber Issues in M&A
Mitigating Cyber Issues in M&AMitigating Cyber Issues in M&A
Mitigating Cyber Issues in M&AExpert Webcast
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Andrew Manoske
 
Cyber Liability Insurance
Cyber Liability InsuranceCyber Liability Insurance
Cyber Liability InsuranceGraeme Newman
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesAdvanced Imaging Solutions & Pinnacle
 
Cost slides
Cost slidesCost slides
Cost slidesGazzang
 
Retail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewRetail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewOCTF Industry Engagement
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Phil Agcaoili
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselOCTF Industry Engagement
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementGrant Thornton LLP
 
Computerworld Conference (2002)
Computerworld Conference (2002)Computerworld Conference (2002)
Computerworld Conference (2002)Skeeve Stevens
 
Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ryan Boyles
 
ACEDS-ACFCS Cybersecurity Webcast
ACEDS-ACFCS Cybersecurity WebcastACEDS-ACFCS Cybersecurity Webcast
ACEDS-ACFCS Cybersecurity WebcastLogikcull.com
 
About Zero Point Risk Research Llc
About Zero Point Risk Research LlcAbout Zero Point Risk Research Llc
About Zero Point Risk Research Llclrschade
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSRandall Chase
 
3112003 IC
3112003 IC3112003 IC
3112003 ICWilliam R. Souverain
 
Ncp
NcpNcp
Ncpjumpssss
 

More Related Content

What's hot

Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentationSreejith Nair
 
Mitigating Cyber Issues in M&A
Mitigating Cyber Issues in M&AMitigating Cyber Issues in M&A
Mitigating Cyber Issues in M&AExpert Webcast
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Andrew Manoske
 
Cyber Liability Insurance
Cyber Liability InsuranceCyber Liability Insurance
Cyber Liability InsuranceGraeme Newman
 
Cost slides
Cost slidesCost slides
Cost slidesGazzang
 
Retail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewRetail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewOCTF Industry Engagement
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Phil Agcaoili
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementGrant Thornton LLP
 
Computerworld Conference (2002)
Computerworld Conference (2002)Computerworld Conference (2002)
Computerworld Conference (2002)Skeeve Stevens
 
Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ryan Boyles
 
ACEDS-ACFCS Cybersecurity Webcast
ACEDS-ACFCS Cybersecurity WebcastACEDS-ACFCS Cybersecurity Webcast
ACEDS-ACFCS Cybersecurity WebcastLogikcull.com
 
About Zero Point Risk Research Llc
About Zero Point Risk Research LlcAbout Zero Point Risk Research Llc
About Zero Point Risk Research Llclrschade
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSRandall Chase
 

What's hot (20)

Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentation
 
Mitigating Cyber Issues in M&A
Mitigating Cyber Issues in M&AMitigating Cyber Issues in M&A
Mitigating Cyber Issues in M&A
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
 
Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)Modern Adversaries (Amplify Partners)
Modern Adversaries (Amplify Partners)
 
Cyber Liability Insurance
Cyber Liability InsuranceCyber Liability Insurance
Cyber Liability Insurance
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for Businesses
 
Cost slides
Cost slidesCost slides
Cost slides
 
Retail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewRetail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 Overview
 
Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say?
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk management
 
Computerworld Conference (2002)
Computerworld Conference (2002)Computerworld Conference (2002)
Computerworld Conference (2002)
 
Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache
 
ACEDS-ACFCS Cybersecurity Webcast
ACEDS-ACFCS Cybersecurity WebcastACEDS-ACFCS Cybersecurity Webcast
ACEDS-ACFCS Cybersecurity Webcast
 
About Zero Point Risk Research Llc
About Zero Point Risk Research LlcAbout Zero Point Risk Research Llc
About Zero Point Risk Research Llc
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
 

Viewers also liked

Arogyaka Rajmarg Dr. Shriniwas Kashalikar
Arogyaka Rajmarg Dr. Shriniwas KashalikarArogyaka Rajmarg Dr. Shriniwas Kashalikar
Arogyaka Rajmarg Dr. Shriniwas Kashalikarsangram1991
 
bio research - Bouldin final draft
bio research - Bouldin final draftbio research - Bouldin final draft
bio research - Bouldin final draftLauryn Bouldin
 
Algorithm Games
Algorithm GamesAlgorithm Games
Algorithm Gamesskku_npc
 
Espais oberts i tancats
Espais oberts i tancatsEspais oberts i tancats
Espais oberts i tancatsNuria Sala
 
Selling the UX - debatoplæg af Camilla Kølsen, Alexandra Instituttet
Selling the UX - debatoplæg af Camilla Kølsen, Alexandra InstituttetSelling the UX - debatoplæg af Camilla Kølsen, Alexandra Instituttet
Selling the UX - debatoplæg af Camilla Kølsen, Alexandra InstituttetInfinIT - Innovationsnetværket for it
 
Dormant Family Sesi 4
Dormant Family Sesi 4Dormant Family Sesi 4
Dormant Family Sesi 4SSMC
 
Blue Print of Family - Sesi 1
Blue Print of Family - Sesi 1Blue Print of Family - Sesi 1
Blue Print of Family - Sesi 1SSMC
 
#4 kingdom blueprint.ppt
#4 kingdom blueprint.ppt#4 kingdom blueprint.ppt
#4 kingdom blueprint.pptSSMC
 
Litotricia endourologica IQ GABRIELA BARBOZA
Litotricia endourologica IQ GABRIELA BARBOZALitotricia endourologica IQ GABRIELA BARBOZA
Litotricia endourologica IQ GABRIELA BARBOZAGabriela Barboza
 

Viewers also liked (14)

3112003 IC
3112003 IC3112003 IC
3112003 IC
 
Ncp
NcpNcp
Ncp
 
Arogyaka Rajmarg Dr. Shriniwas Kashalikar
Arogyaka Rajmarg Dr. Shriniwas KashalikarArogyaka Rajmarg Dr. Shriniwas Kashalikar
Arogyaka Rajmarg Dr. Shriniwas Kashalikar
 
bio research - Bouldin final draft
bio research - Bouldin final draftbio research - Bouldin final draft
bio research - Bouldin final draft
 
Orla proves
Orla provesOrla proves
Orla proves
 
Algorithm Games
Algorithm GamesAlgorithm Games
Algorithm Games
 
Espais oberts i tancats
Espais oberts i tancatsEspais oberts i tancats
Espais oberts i tancats
 
Selling the UX - debatoplæg af Camilla Kølsen, Alexandra Instituttet
Selling the UX - debatoplæg af Camilla Kølsen, Alexandra InstituttetSelling the UX - debatoplæg af Camilla Kølsen, Alexandra Instituttet
Selling the UX - debatoplæg af Camilla Kølsen, Alexandra Instituttet
 
Seminario "El Cambio Climático 2017"- El Efecto de Invernadero
Seminario "El Cambio Climático 2017"- El Efecto de InvernaderoSeminario "El Cambio Climático 2017"- El Efecto de Invernadero
Seminario "El Cambio Climático 2017"- El Efecto de Invernadero
 
Criptorquidia
CriptorquidiaCriptorquidia
Criptorquidia
 
Dormant Family Sesi 4
Dormant Family Sesi 4Dormant Family Sesi 4
Dormant Family Sesi 4
 
Blue Print of Family - Sesi 1
Blue Print of Family - Sesi 1Blue Print of Family - Sesi 1
Blue Print of Family - Sesi 1
 
#4 kingdom blueprint.ppt
#4 kingdom blueprint.ppt#4 kingdom blueprint.ppt
#4 kingdom blueprint.ppt
 
Litotricia endourologica IQ GABRIELA BARBOZA
Litotricia endourologica IQ GABRIELA BARBOZALitotricia endourologica IQ GABRIELA BARBOZA
Litotricia endourologica IQ GABRIELA BARBOZA
 

Similar to Douglas Jambor Sageworks Cybersecurity Presentation

Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
Data erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacksData erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacksBlancco
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119David Doughty
 
The CISO’s Guide to Being Human
The CISO’s Guide to Being HumanThe CISO’s Guide to Being Human
The CISO’s Guide to Being HumanClearswift
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...Visa
 
5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To IgnoreGross, Mendelsohn & Associates
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR
 
Coso in the cyber age
Coso in the cyber ageCoso in the cyber age
Coso in the cyber ageAmit Bhargava
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...Shawn Tuma
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-dataNumaan Huq
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers BDO_Consulting
 

Similar to Douglas Jambor Sageworks Cybersecurity Presentation (20)

Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
Data erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacksData erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacks
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
 
The CISO’s Guide to Being Human
The CISO’s Guide to Being HumanThe CISO’s Guide to Being Human
The CISO’s Guide to Being Human
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
 
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
CyberSource MRC Survey - Top 9 Fraud Attacks and Winning Mitigating Strategie...
 
5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
Coso in the cyber age
Coso in the cyber ageCoso in the cyber age
Coso in the cyber age
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-data
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-Ups
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
 

Douglas Jambor Sageworks Cybersecurity Presentation

  • 1. Presented by: Doug Jambor Turner and Associates
  • 2.  Financial information company that provides credit and risk management solutions to financial institutions  Data and applications used by thousands of financial institutions and accounting firms across North America  Awards ◦ Named to Inc. 500 lit of fastest growing privately held companies in the U.S. ◦ Named to Deloitte Technology Fast 500
  • 3. Turner and Associates, Inc., was formed in 1994 in Columbus, Ohio to address the financial needs of small businesses and the lending functions of Banks.
  • 4.  Data Breaches ◦ Lessons Learned ◦ Key Takeaways
  • 5.  So, what are data breaches? ◦ Unintended disclosure of sensitive information ◦ Cyber Attacks ◦ Payment card fraud
  • 6.  Data breaches are also caused by: ◦ Malicious insiders ◦ Physical data loss ◦ Portable device loss
  • 7.  Lastly, data breaches could be caused by: ◦ Hardware loss ◦ Unknown data loss
  • 8.  History of the 10 largest data breaches: 1. Shanghai Roadway (March, 2012) 150 Million records 2. Heartland Payment Systems (January, 2009) 130 Million records 3. T.J. Maxx (January 2007) 94 Million Records
  • 9.  History of the 10 largest data breaches: 4. TRW / Sears Roebuck (June,1984) 90 Million records 5. Sony Corporation (April, 2011) 77 Million records 6. Unknown Company (August, 2008) 50 Million Records
  • 10.  History of the 10 largest data breaches: 7. Card Systems (June, 2005) 40 Million records 8. Tianya (December, 2011) 40 Million records 9. Steam On-line Gaming (November, 2011) 35 Million Records
  • 11.  History of the 10 largest data breaches: 10. SK Communications (July, 2011) 35 Million records
  • 12.  2011 was a game changer ◦ Four of the top 10 biggest data breaches happened this year
  • 13.  2011 was a game changer ◦ Hackivism come through the doors
  • 14.
  • 15.  Larry Ponemon  2012 RSA Conference in San Francisco
  • 16.
  • 17.  Can we stop data breaches? ◦ No
  • 18.  What are the primary motives behind data breaches? ◦ Criminal element & $$$ ◦ Verizon 2012 DBIR:
  • 19.  Who is behind data breaches? ◦ Verizon 2012 DBIR:
  • 20.  How do data breaches occur? ◦ Verizon 2012 DBIR:
  • 21.  What commonalities exist between data breaches? ◦ Verizon 2012 DBIR:
  • 22.  Industry groups represented by percent of breaches ◦ Verizon 2012 DBIR:
  • 23.  Industry groups represented by percent of breaches ◦ Verizon 2012 DBIR:
  • 24.  Threat agents over time by percent of breaches ◦ Verizon 2012 DBIR:
  • 25.  Compromised assets by percent of breaches and records ◦ Verizon 2012 DBIR:
  • 26.  Timespan of events by percent of breaches ◦ Verizon 2012 DBIR:
  • 27.  So why are data breaches so damaging? ◦ They impact your organization’s bottom line ◦ Average cost is almost $18K per day ◦ All industries are susceptible data breaches
  • 28.  Average annualized cyber crime cost weighted by attack frequency ◦ Ponemon:
  • 29.  Percentage cost for external consequences ◦ Ponemon:
  • 30.  Responding to a data breach - percentage cost by internal activity centers ◦ Ponemon:
  • 31.  What should we consider prior to a data breach? ◦ Ensure you have developed and tested an Incident Response Plan
  • 32.  Incident Response Plan  Step one ◦ Build a response team
  • 33.  Incident Response Plan  Step two ◦ Assign a lead/liaison
  • 34.  Incident Response Plan  Step three ◦ Ensure everyone knows their job tasks
  • 35.  Incident Response Plan  Step four ◦ Create the contact list
  • 36.  Incident Response Plan  Step five ◦ Create a checklist
  • 37.  Incident Response Plan  Step six ◦ Document the entire process
  • 38.  Incident Response Plan  Step seven ◦ Notify customers
  • 39.  How do you limit your exposure to a data breach? ◦ Perform due diligence on pen testers, internal auditors, and critical vendors
  • 40.  How do you limit your exposure to a data breach? ◦ Read penetration test EL
  • 41.  How do you limit your exposure to a data breach? ◦ Smaller institutions
  • 42.  How do you limit your exposure to a data breach? ◦ Perform gap analysis of the SANS 20 Critical Security Controls
  • 43.  How do you limit your exposure to a data breach? ◦ If you see bad behavior, call it out
  • 44.  How do you limit your exposure to a data breach? ◦ Invest in security
  • 45.  Data breaches described in today’s webinar have been publicly reported and easily available over the Internet.  Major Sources include: ◦ http://www.ponemon.org ◦ http://datalossdb.org/ ◦ https://www.privacyrights.org/ ◦ http://www.databreaches.net/ ◦ http://www.ftc.gov/ ◦ Verizon 2012 Data Breach Investigations Report
  • 46.  Website: www.sageworksinc.com  Phone: (919)-851-7474 ext. 693  Helpful links and resources: ◦ www.sageworksanalyst.com/resources.aspx ◦ web.sageworksinc.com/bank-webinars/  Find us on twitter: sageworksdata