Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor

880 views

Published on

Data breaches and security issues plague financial institutions constantly. They are important to safeguard against for the protection of confidential information housed at institutions and for the regulatory exams that expect detailed security plans in place. Douglas Jambor, Vice President and Director of Technology Consulting at Turner & Associates, provides insight into the topic of data breaches and penetration testing. He reviews these security topics, discusses how to implement a plan in the case of a security breach, and how to limit data breach risk exposures to your organization.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
880
On SlideShare
0
From Embeds
0
Number of Embeds
19
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor

  1. 1. Presented by: Doug Jambor Turner and Associates
  2. 2.  Financial information company that provides credit and risk management solutions to financial institutions Data and applications used by thousands of financial institutions and accounting firms across North America Awards ◦ Named to Inc. 500 lit of fastest growing privately held companies in the U.S. ◦ Named to Deloitte Technology Fast 500
  3. 3. Turner and Associates, Inc., was formed in 1994 in Columbus, Ohio to address the financial needs of small businesses and the lending functions of Banks.
  4. 4.  Data Breaches ◦ Lessons Learned ◦ Key Takeaways
  5. 5.  So, what are data breaches? ◦ Unintended disclosure of sensitive information ◦ Cyber Attacks ◦ Payment card fraud
  6. 6.  Data breaches are also caused by: ◦ Malicious insiders ◦ Physical data loss ◦ Portable device loss
  7. 7.  Lastly, data breaches could be caused by: ◦ Hardware loss ◦ Unknown data loss
  8. 8.  History of the 10 largest data breaches: 1. Shanghai Roadway (March, 2012) 150 Million records 2. Heartland Payment Systems (January, 2009) 130 Million records 3. T.J. Maxx (January 2007) 94 Million Records
  9. 9.  History of the 10 largest data breaches: 4. TRW / Sears Roebuck (June,1984) 90 Million records 5. Sony Corporation (April, 2011) 77 Million records 6. Unknown Company (August, 2008) 50 Million Records
  10. 10.  History of the 10 largest data breaches: 7. Card Systems (June, 2005) 40 Million records 8. Tianya (December, 2011) 40 Million records 9. Steam On-line Gaming (November, 2011) 35 Million Records
  11. 11.  History of the 10 largest data breaches: 10. SK Communications (July, 2011) 35 Million records
  12. 12.  2011 was a game changer ◦ Four of the top 10 biggest data breaches happened this year
  13. 13.  2011 was a game changer ◦ Hackivism come through the doors
  14. 14.  Larry Ponemon 2012 RSAConference inSan Francisco
  15. 15.  Can we stop data breaches? ◦ No
  16. 16.  What are the primary motives behind data breaches? ◦ Criminal element & $$$ ◦ Verizon 2012 DBIR:
  17. 17.  Who is behind data breaches? ◦ Verizon 2012 DBIR:
  18. 18.  How do data breaches occur? ◦ Verizon 2012 DBIR:
  19. 19. What commonalities exist between databreaches? ◦ Verizon 2012 DBIR:
  20. 20.  Industry groups represented by percent of breaches ◦ Verizon 2012 DBIR:
  21. 21.  Industry groups represented by percent of breaches ◦ Verizon 2012 DBIR:
  22. 22.  Threat agents over time by percent of breaches ◦Verizon 2012 DBIR:
  23. 23.  Compromised assets by percent of breaches and records ◦ Verizon 2012 DBIR:
  24. 24.  Timespan of events by percent of breaches ◦ Verizon 2012 DBIR:
  25. 25.  So why are data breaches so damaging? ◦ They impact your organization’s bottom line ◦ Average cost is almost $18K per day ◦ All industries are susceptible data breaches
  26. 26.  Average annualized cyber crime cost weighted by attack frequency ◦ Ponemon:
  27. 27.  Percentage cost for external consequences ◦ Ponemon:
  28. 28.  Responding to a data breach - percentage cost by internal activity centers ◦ Ponemon:
  29. 29.  What should we consider prior to a data breach? ◦ Ensure you have developed and tested an Incident Response Plan
  30. 30.  Incident Response Plan Step one ◦ Build a response team
  31. 31.  Incident Response Plan Step two ◦ Assign a lead/liaison
  32. 32.  Incident Response Plan Step three ◦ Ensure everyone knows their job tasks
  33. 33.  Incident Response Plan Step four ◦ Create the contact list
  34. 34.  Incident Response Plan Step five ◦ Create a checklist
  35. 35.  Incident Response Plan Step six ◦ Document the entire process
  36. 36.  Incident Response Plan Step seven ◦ Notify customers
  37. 37.  How do you limit your exposure to a data breach? ◦ Perform due diligence on pen testers, internal auditors, and critical vendors
  38. 38.  How do you limit your exposure to a data breach? ◦ Read penetration test EL
  39. 39.  How do you limit your exposure to a data breach? ◦ Smaller institutions
  40. 40.  How do you limit your exposure to a data breach? ◦ Perform gap analysis of the SANS 20 Critical Security Controls
  41. 41.  How do you limit your exposure to a data breach? ◦ If you see bad behavior, call it out
  42. 42.  How do you limit your exposure to a data breach? ◦ Invest in security
  43. 43.  Data breaches described in today’s webinar have been publicly reported and easily available over the Internet. Major Sources include: ◦ http://www.ponemon.org ◦ http://datalossdb.org/ ◦ https://www.privacyrights.org/ ◦ http://www.databreaches.net/ ◦ http://www.ftc.gov/ ◦ Verizon 2012 Data Breach Investigations Report
  44. 44.  Website: www.sageworksinc.com Phone: (919)-851-7474 ext. 693 Helpful links and resources: ◦ www.sageworksanalyst.com/resources.aspx ◦ web.sageworksinc.com/bank-webinars/ Find us on twitter: sageworksdata

×