SlideShare a Scribd company logo

Data Breaches. Are you next? What does the data say?

Download as PPTX, PDF
Phil Agcaoili
Phil Agcaoili

8th Global Airline & Travel Payments Summit - ATPS 2014

Internet
1 of 28
Data Breaches: Are you next? What does the data say? Phil Agcaoili, VP & Chief Information Security Officer, Elavon ATPS Worldwide 3rd-4th December 2014
Fear, uncertainty and doubt (FUD) …Generally a strategic attempt to influence perception by disseminating negative and dubious or false information… The term originated to describe disinformation tactics… FUD is a manifestation of the appeal to fear. Truth Truth is most often used to mean being in accord with fact or reality, or fidelity to an original or to a standard or ideal. FUD and Cyber Security ATPS Worldwide 3rd-4th December 2014
Fact: Worst Travel Day of the Year Fiction: Worst day of the year is the Day Before Thanksgiving ATPS Worldwide 3rd-4th December 2014
//Cyber Security The interconnection and reliance of physical lifeline functions over the Internet (cyberspace) that impacts: • National security, • Public health and safety, and/or our • Economic well-being Information Technology Sector Transportation ATPS Worldwide 3rd-4th December 2014 Systems Sector Commercial Facilities Sector Financial Services Sector Defense Industrial Base Sector
We are All Interconnected ATPS Worldwide 3rd-4th December 2014
Heightened Concerns on Cyber Security Low Barrier of Entry High Damage Potential / Lucrative ATPS Worldwide 3rd-4th December 2014
Cost of Data $102.60 Average black market price for all of the data on a credit card $187.44 Cost of taking control of a bank account $200K Average cost of cyber attach to SMB $1M-$46M Average cost of breach to a large company $169M Target breach clean-up costs $46M The Home Depot breach clean-up costs $350M-1T Global cost of cyber crime ATPS Worldwide 3rd-4th December 2014
//Cyber Crime Global and growing industry Increasing in size and efficiency Targets everyone and every company Leveled playing field for criminal activity Cyber Crime Orgs Professional Hackers Spammers Mafia Military Terrorists ATPS Worldwide 3rd-4th December 2014
//APT - Nation States Hacking and a Cyber Cold War ATPS Worldwide 3rd-4th December 2014
What are your risks? Have you assessed your risks? ATPS Worldwide 3rd-4th December 2014
Airlines and Airport Security Complex ecosystems with advanced IT infrastructures Real-time exchange of sensitive information Scan and monitor passenger flow Complex procedures and rules Security requirements Vulnerable to a multitude of attacks and IT-based emerging threats Information Technology Sector Transportation Systems Sector ATPS Worldwide 3rd-4th December 2014 Commercial Facilities Sector Financial Services Sector Defense Industrial Base Sector
Data Breaches ATPS Worldwide 3rd-4th December 2014
Data Breaches ATPS Worldwide 3rd-4th December 2014
Merchants Under Attack Credit cards What else must be said? ATPS Worldwide 3rd-4th December 2014
Case Studies: The Facts Nothing new here All information presented is based on: Past incidents Reported cyber attacks ATPS Worldwide 3rd-4th December 2014
2004 Fact: Sasser Worm and British Airways at Heathrow Airport British Airways suffered delays Worm hit Terminal Four at London's Heathrow Airport, Also affected call centers Written by a teenager ATPS Worldwide 3rd-4th December 2014
2008 Fact: Spanair Flight 5022 Crashed just after take off Over 150 people died Only 18 people survived Accident weakened Spanair's image (reputation risk) Crash exacerbated company’s financial difficulties Ceased operations in 2012 Internal report issued by airline revealed: Malware infected airline's central computer system May have prevented detection of technical problems with aircraft Final report determined crew failure as root cause ATPS Worldwide 3rd-4th December 2014
2011 Fact: Delhi’s Indira Gandhi International (IGI) Airport Incident Passenger processing system failure Backend server glitch Common Use passengers Processing System (CUPPS) Down for almost 12 hours Approximately 50 flights delayed Passengers had to be manually checked in Central Bureau of Investigation (CBI) of India Virus attack / malicious code on the system Used from an unknown remote location Someone at a remote location operated the system ATPS Worldwide 3rd-4th December 2014
2011 Fact: Computer Virus Hits U.S. Drone Fleet Virus infected Predator and Reaper drones One of the US military’s most important weapons systems Virus resisted multiple efforts to remove it Remote cockpits are not connected to the Internet Virus believed to have spread through removable drives ATPS Worldwide 3rd-4th December 2014
2014 Facts: Infected Belgian Charleroi Airport Servers Belgian Charleroi airport network servers infected with malware Turned them into botnet zombies Airport and customer data stolen ATPS Worldwide 3rd-4th December 2014
ATPS Worldwide 3rd-4th December 2014
2014 Fact: Account Backdoors on Airport Scanners, Default Passwords Blackhat 2014 Backdoor accounts present in airport scanners Many machines deployed at airport security checkpoints have embedded accounts with default passwords that can be abused Attackers may be able to use the accounts as a backdoor to get access to the system ATPS Worldwide 3rd-4th December 2014 Via Billy Rios
2014 Fact: More Backdoors FTP, Telnet, and Web hardcoded backdoors ~6000 on Internet at major airports Foreign made ATPS Worldwide 3rd-4th December 2014 Via Billy Rios
2014 Fact: More Backdoors Multiple backdoor accounts ATPS Worldwide 3rd-4th December 2014 Via Billy Rios
Internet of Things (IoT) Embedded systems Devices with an IP stack May or may not be connected to the Internet Think smartphones Drones ATPS Worldwide 3rd-4th December 2014
Address Cyber Security Now Raise visibility to senior leadership and Board of Directors Use a Cyber Risk Framework Invest in Cyber Security Risk Management NIST CSF ATPS Worldwide 3rd-4th December 2014
Your Responsibility Ensure Basic Cyber Hygiene It’s Everyone’s Responsibility Airlines focus: Defense in-depth and anti-malware programs Follow the money Trust, but Verify Especially with embedded devices Supply chain Vendor Management / Third Party Security Overall security Hardcoded backdoors Participate in an Information Sharing & Analysis Center (ISAC) ATPS Worldwide 3rd-4th December 2014
ATPS Worldwide 3rd-4th December 2014 Thanks Phil Agcaoili VP & Chief Information Security Officer, Elavon Contributor, NIST Cybersecurity Framework version 1 Co-Founder & Board Member, Southern CISO Security Council Distinguished Fellow and Fellows Chairman, Ponemon Institute Founding Member, Cloud Security Alliance (CSA) Inventor & Co-Author, CSA Cloud Controls Matrix, GRC Stack, Security, Trust and Assurance Registry (STAR), and CSA Open Certification Framework (OCF) @hacksec https://www.linkedin.com/in/philA

Recommended

Evil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the worldEvil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the world
Hillary L
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
Murray Security Services
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Savigya Singh
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
loverakk187
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
Goutama Bachtiar
 
E crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several typesE crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several types
Assignment Studio
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Knowledge Group
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and Investigation
Goutama Bachtiar
 

Recommended

Evil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the worldEvil Geniuses: How organized cybercriminals could take over the world
Evil Geniuses: How organized cybercriminals could take over the world
Hillary L
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
Murray Security Services
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Savigya Singh
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
loverakk187
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
Goutama Bachtiar
 
E crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several typesE crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several types
Assignment Studio
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Knowledge Group
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and Investigation
Goutama Bachtiar
 
A report on cyber Crime
A report on cyber CrimeA report on cyber Crime
A report on cyber Crime
Nikhil Chaudhary
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
bl26ehre
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.ppt
Shubhrat Mishra
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Suyash Shanker
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
S.M.Mustofa Kauser
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer Crime
Alexander Zhuravlev
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
MrunalBakshi
 
Computer crime and internet crime privacy
Computer crime and internet crime privacyComputer crime and internet crime privacy
Computer crime and internet crime privacy
GouthamXander
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
mukeshkaran
 
Preventing Cybercrime in Libraries
Preventing Cybercrime in LibrariesPreventing Cybercrime in Libraries
Preventing Cybercrime in Libraries
Mary Rayme
 
Computer crime
Computer crimeComputer crime
Computer crime
Vinil Patel
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Akash Dolas,PMP [Open Networker]
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
Cybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle EastCybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle East
Mohamed N. El-Guindy
 
[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet Crime[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet Crime
German Teran
 
Computer crimes and criminals
Computer crimes and criminalsComputer crimes and criminals
Computer crimes and criminals
Online
 
Cyber Crime - What is it ?
Cyber Crime - What is it ?Cyber Crime - What is it ?
Cyber Crime - What is it ?
Mubaraka Halvadwala
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Ramesh Upadhaya
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples Story
International Institute for Learning
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
merlyna
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
Dr. Muath Asmar
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
XEventsHospitality
 

More Related Content

What's hot

Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
bl26ehre
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 

What's hot (20)

A report on cyber Crime
A report on cyber CrimeA report on cyber Crime
A report on cyber Crime
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.ppt
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer Crime
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Computer crime and internet crime privacy
Computer crime and internet crime privacyComputer crime and internet crime privacy
Computer crime and internet crime privacy
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Preventing Cybercrime in Libraries
Preventing Cybercrime in LibrariesPreventing Cybercrime in Libraries
Preventing Cybercrime in Libraries
 
Computer crime
Computer crimeComputer crime
Computer crime
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 
Cybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle EastCybercrime Legislation in the Middle East
Cybercrime Legislation in the Middle East
 
[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet Crime[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet Crime
 
Computer crimes and criminals
Computer crimes and criminalsComputer crimes and criminals
Computer crimes and criminals
 
Cyber Crime - What is it ?
Cyber Crime - What is it ?Cyber Crime - What is it ?
Cyber Crime - What is it ?
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples Story
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
 

Similar to Data Breaches. Are you next? What does the data say?

Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
MAXfocus
 
How safe and reliable are information systems?
How safe and reliable are information systems?How safe and reliable are information systems?
How safe and reliable are information systems?
blogzilla
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
sudip pudasaini
 
How Safe is your Data?
How Safe is your Data?How Safe is your Data?
How Safe is your Data?
Michael Soltys
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Ali Raza
 

Similar to Data Breaches. Are you next? What does the data say? (20)

Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
 
laudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.pptlaudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.ppt
 
INT 1010 07-4.pdf
INT 1010 07-4.pdfINT 1010 07-4.pdf
INT 1010 07-4.pdf
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
 
How safe and reliable are information systems?
How safe and reliable are information systems?How safe and reliable are information systems?
How safe and reliable are information systems?
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
 
laudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.pptlaudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.ppt
 
How Safe is your Data?
How Safe is your Data?How Safe is your Data?
How Safe is your Data?
 
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk
 
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
 
ICS CERT- Incidence Reports
ICS CERT- Incidence ReportsICS CERT- Incidence Reports
ICS CERT- Incidence Reports
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 

More from Phil Agcaoili

2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
Phil Agcaoili
 
Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...
Phil Agcaoili
 
Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13
Phil Agcaoili
 

More from Phil Agcaoili (20)

Cybersecurity Market 2020 - Bring the Noise
Cybersecurity Market 2020 - Bring the NoiseCybersecurity Market 2020 - Bring the Noise
Cybersecurity Market 2020 - Bring the Noise
 
4th Industrial Revolution (4IR) - Cyber Canaries Get Out of the Mine
4th Industrial Revolution (4IR) - Cyber Canaries Get Out of the Mine4th Industrial Revolution (4IR) - Cyber Canaries Get Out of the Mine
4th Industrial Revolution (4IR) - Cyber Canaries Get Out of the Mine
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
 
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
 
OWASP Knoxville Inaugural Chapter Meeting
OWASP Knoxville Inaugural Chapter MeetingOWASP Knoxville Inaugural Chapter Meeting
OWASP Knoxville Inaugural Chapter Meeting
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
 
2014 - KSU - So You Want to Be in Cyber Security?
2014 - KSU - So You Want to Be in Cyber Security?2014 - KSU - So You Want to Be in Cyber Security?
2014 - KSU - So You Want to Be in Cyber Security?
 
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...
 
Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
 
Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13Southern Risk Council - Cybersecurity Update 10-9-13
Southern Risk Council - Cybersecurity Update 10-9-13
 
CSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber SecurityCSO Magazine Confab 2013 Atlanta - Cyber Security
CSO Magazine Confab 2013 Atlanta - Cyber Security
 
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA AnnouncementsCSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
CSA Atlanta Chapter Meeting Q1'2013 and RSA Conference 2013 CSA Announcements
 
Moneysec - Moneyball for Security
Moneysec - Moneyball for SecurityMoneysec - Moneyball for Security
Moneysec - Moneyball for Security
 
IAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 FebruaryIAPP Atlanta Chapter Meeting 2013 February
IAPP Atlanta Chapter Meeting 2013 February
 
Cloud Security Alliance (CSA) Chapter Meeting Atlanta 082312
Cloud Security Alliance (CSA) Chapter Meeting Atlanta 082312Cloud Security Alliance (CSA) Chapter Meeting Atlanta 082312
Cloud Security Alliance (CSA) Chapter Meeting Atlanta 082312
 

Recently uploaded

Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 

Recently uploaded (20)

"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 

Data Breaches. Are you next? What does the data say?

  • 1. Data Breaches: Are you next? What does the data say? Phil Agcaoili, VP & Chief Information Security Officer, Elavon ATPS Worldwide 3rd-4th December 2014
  • 2. Fear, uncertainty and doubt (FUD) …Generally a strategic attempt to influence perception by disseminating negative and dubious or false information… The term originated to describe disinformation tactics… FUD is a manifestation of the appeal to fear. Truth Truth is most often used to mean being in accord with fact or reality, or fidelity to an original or to a standard or ideal. FUD and Cyber Security ATPS Worldwide 3rd-4th December 2014
  • 3. Fact: Worst Travel Day of the Year Fiction: Worst day of the year is the Day Before Thanksgiving ATPS Worldwide 3rd-4th December 2014
  • 4. //Cyber Security The interconnection and reliance of physical lifeline functions over the Internet (cyberspace) that impacts: • National security, • Public health and safety, and/or our • Economic well-being Information Technology Sector Transportation ATPS Worldwide 3rd-4th December 2014 Systems Sector Commercial Facilities Sector Financial Services Sector Defense Industrial Base Sector
  • 5. We are All Interconnected ATPS Worldwide 3rd-4th December 2014
  • 6. Heightened Concerns on Cyber Security Low Barrier of Entry High Damage Potential / Lucrative ATPS Worldwide 3rd-4th December 2014
  • 7. Cost of Data $102.60 Average black market price for all of the data on a credit card $187.44 Cost of taking control of a bank account $200K Average cost of cyber attach to SMB $1M-$46M Average cost of breach to a large company $169M Target breach clean-up costs $46M The Home Depot breach clean-up costs $350M-1T Global cost of cyber crime ATPS Worldwide 3rd-4th December 2014
  • 8. //Cyber Crime Global and growing industry Increasing in size and efficiency Targets everyone and every company Leveled playing field for criminal activity Cyber Crime Orgs Professional Hackers Spammers Mafia Military Terrorists ATPS Worldwide 3rd-4th December 2014
  • 9. //APT - Nation States Hacking and a Cyber Cold War ATPS Worldwide 3rd-4th December 2014
  • 10. What are your risks? Have you assessed your risks? ATPS Worldwide 3rd-4th December 2014
  • 11. Airlines and Airport Security Complex ecosystems with advanced IT infrastructures Real-time exchange of sensitive information Scan and monitor passenger flow Complex procedures and rules Security requirements Vulnerable to a multitude of attacks and IT-based emerging threats Information Technology Sector Transportation Systems Sector ATPS Worldwide 3rd-4th December 2014 Commercial Facilities Sector Financial Services Sector Defense Industrial Base Sector
  • 12. Data Breaches ATPS Worldwide 3rd-4th December 2014
  • 13. Data Breaches ATPS Worldwide 3rd-4th December 2014
  • 14. Merchants Under Attack Credit cards What else must be said? ATPS Worldwide 3rd-4th December 2014
  • 15. Case Studies: The Facts Nothing new here All information presented is based on: Past incidents Reported cyber attacks ATPS Worldwide 3rd-4th December 2014
  • 16. 2004 Fact: Sasser Worm and British Airways at Heathrow Airport British Airways suffered delays Worm hit Terminal Four at London's Heathrow Airport, Also affected call centers Written by a teenager ATPS Worldwide 3rd-4th December 2014
  • 17. 2008 Fact: Spanair Flight 5022 Crashed just after take off Over 150 people died Only 18 people survived Accident weakened Spanair's image (reputation risk) Crash exacerbated company’s financial difficulties Ceased operations in 2012 Internal report issued by airline revealed: Malware infected airline's central computer system May have prevented detection of technical problems with aircraft Final report determined crew failure as root cause ATPS Worldwide 3rd-4th December 2014
  • 18. 2011 Fact: Delhi’s Indira Gandhi International (IGI) Airport Incident Passenger processing system failure Backend server glitch Common Use passengers Processing System (CUPPS) Down for almost 12 hours Approximately 50 flights delayed Passengers had to be manually checked in Central Bureau of Investigation (CBI) of India Virus attack / malicious code on the system Used from an unknown remote location Someone at a remote location operated the system ATPS Worldwide 3rd-4th December 2014
  • 19. 2011 Fact: Computer Virus Hits U.S. Drone Fleet Virus infected Predator and Reaper drones One of the US military’s most important weapons systems Virus resisted multiple efforts to remove it Remote cockpits are not connected to the Internet Virus believed to have spread through removable drives ATPS Worldwide 3rd-4th December 2014
  • 20. 2014 Facts: Infected Belgian Charleroi Airport Servers Belgian Charleroi airport network servers infected with malware Turned them into botnet zombies Airport and customer data stolen ATPS Worldwide 3rd-4th December 2014
  • 21. ATPS Worldwide 3rd-4th December 2014
  • 22. 2014 Fact: Account Backdoors on Airport Scanners, Default Passwords Blackhat 2014 Backdoor accounts present in airport scanners Many machines deployed at airport security checkpoints have embedded accounts with default passwords that can be abused Attackers may be able to use the accounts as a backdoor to get access to the system ATPS Worldwide 3rd-4th December 2014 Via Billy Rios
  • 23. 2014 Fact: More Backdoors FTP, Telnet, and Web hardcoded backdoors ~6000 on Internet at major airports Foreign made ATPS Worldwide 3rd-4th December 2014 Via Billy Rios
  • 24. 2014 Fact: More Backdoors Multiple backdoor accounts ATPS Worldwide 3rd-4th December 2014 Via Billy Rios
  • 25. Internet of Things (IoT) Embedded systems Devices with an IP stack May or may not be connected to the Internet Think smartphones Drones ATPS Worldwide 3rd-4th December 2014
  • 26. Address Cyber Security Now Raise visibility to senior leadership and Board of Directors Use a Cyber Risk Framework Invest in Cyber Security Risk Management NIST CSF ATPS Worldwide 3rd-4th December 2014
  • 27. Your Responsibility Ensure Basic Cyber Hygiene It’s Everyone’s Responsibility Airlines focus: Defense in-depth and anti-malware programs Follow the money Trust, but Verify Especially with embedded devices Supply chain Vendor Management / Third Party Security Overall security Hardcoded backdoors Participate in an Information Sharing & Analysis Center (ISAC) ATPS Worldwide 3rd-4th December 2014
  • 28. ATPS Worldwide 3rd-4th December 2014 Thanks Phil Agcaoili VP & Chief Information Security Officer, Elavon Contributor, NIST Cybersecurity Framework version 1 Co-Founder & Board Member, Southern CISO Security Council Distinguished Fellow and Fellows Chairman, Ponemon Institute Founding Member, Cloud Security Alliance (CSA) Inventor & Co-Author, CSA Cloud Controls Matrix, GRC Stack, Security, Trust and Assurance Registry (STAR), and CSA Open Certification Framework (OCF) @hacksec https://www.linkedin.com/in/philA

Editor's Notes

  1. In 2013, they were July 18, 25, and 11, according to airport operations data from the FAA. Those were the three consecutive Thursdays following US Independence Day on July 4th (which was the 21st least-busiest day to fly). The day before Thanksgiving, if you were wondering, ranks 27th. The Friday before Christmas—Dec 20—was the busiest winter day in 2013, ranking 4th overall. This year the Friday before Christmas is Dec 19.
  2. When you see incidents in the news…