This document summarizes information presented by Doug Jambor of Turner and Associates on data breaches. It discusses what causes data breaches, the history and size of the largest breaches, how breaches occur and common factors between them. It also outlines steps for developing an incident response plan and ways to limit exposure to breaches such as investing in security and gap analysis of critical controls. Major sources of breach information discussed include the Ponemon Institute, Privacy Rights Clearinghouse, and the Verizon Data Breach Investigations Report.
2. Financial information company that provides
credit and risk management solutions to
financial institutions
Data and applications used by thousands of
financial institutions and accounting firms
across North America
Awards
◦ Named to Inc. 500 lit of fastest growing privately
held companies in the U.S.
◦ Named to Deloitte Technology Fast 500
3. Turner and Associates, Inc., was formed in 1994 in
Columbus, Ohio to address the financial needs of
small businesses and the lending functions of Banks.
5. So, what are data breaches?
◦ Unintended disclosure of sensitive information
◦ Cyber Attacks
◦ Payment card fraud
6. Data breaches are also caused by:
◦ Malicious insiders
◦ Physical data loss
◦ Portable device loss
7. Lastly, data breaches could be caused by:
◦ Hardware loss
◦ Unknown data loss
8. History of the 10 largest data breaches:
1. Shanghai Roadway (March, 2012)
150 Million records
2. Heartland Payment Systems (January, 2009)
130 Million records
3. T.J. Maxx (January 2007)
94 Million Records
9. History of the 10 largest data breaches:
4. TRW / Sears Roebuck (June,1984)
90 Million records
5. Sony Corporation (April, 2011)
77 Million records
6. Unknown Company (August, 2008)
50 Million Records
10. History of the 10 largest data breaches:
7. Card Systems (June, 2005)
40 Million records
8. Tianya (December, 2011)
40 Million records
9. Steam On-line Gaming (November, 2011)
35 Million Records
11. History of the 10 largest data breaches:
10. SK Communications (July, 2011)
35 Million records
12. 2011 was a game changer
◦ Four of the top
10 biggest data
breaches happened
this year
13. 2011 was a game changer
◦ Hackivism come
through the doors
26. Timespan of events by percent of breaches
◦ Verizon
2012 DBIR:
27. So why are data breaches so damaging?
◦ They impact your organization’s bottom line
◦ Average cost is almost $18K per day
◦ All industries are susceptible data breaches
39. How do you limit your exposure to a data
breach?
◦ Perform due diligence on pen testers, internal
auditors, and critical vendors
40. How do you limit your exposure to a data
breach?
◦ Read penetration test EL
41. How do you limit your exposure to a data
breach?
◦ Smaller institutions
42. How do you limit your exposure to a data
breach?
◦ Perform gap analysis of the SANS 20 Critical
Security Controls
43. How do you limit your exposure to a data
breach?
◦ If you see bad behavior, call it out
44. How do you limit your exposure to a data
breach?
◦ Invest in security
45. Data breaches described in today’s webinar
have been publicly reported and easily
available over the Internet.
Major Sources include:
◦ http://www.ponemon.org
◦ http://datalossdb.org/
◦ https://www.privacyrights.org/
◦ http://www.databreaches.net/
◦ http://www.ftc.gov/
◦ Verizon 2012 Data Breach Investigations Report
46. Website: www.sageworksinc.com
Phone: (919)-851-7474 ext. 693
Helpful links and resources:
◦ www.sageworksanalyst.com/resources.aspx
◦ web.sageworksinc.com/bank-webinars/
Find us on twitter: sageworksdata