Credit card data theft is a common concern, but what about theft of your marketing data? This data is just as valuable to hackers and can be resold multiple times on the underground. Guard against potential security breaches by having a plan in place. Be prepared, not paranoid.

1. MARKETING AND
CYBERSECURITY
Jessica Dickerson – Product Manager

2. What has Happened in 2014 so far?

3. Malicious Actors
Rescator
Darklife.WS
Communication
Channels
Graberz.com
Lampeduza, LA
Odessa, Ukraine
Java Developer
Victims
Retail - Target
Retail – Home Depot
Retail – P.F. Changs
Retail – Sally Beauty
Harbour Freight
40Mil Debit & Credit Cards
Subtopic
53Mil Debit & Credit Cards
Subtopic
2008
One of Three Founders
Profile “Hel”
ICQ 643287365
ICQ 261333 - First Name: Alex | Last Name: Alex
HelKem_Skype
Motivations
Political
Attacked Russian site CIH.MS
during Ukrainian/Russian Conflict
Hacked CIH.MS
CIH.MS Returned Hack
& released Data
Profile, Pictures &
Communication
Channels
Online
Transactions
Kaddafi.HK
Octavian.SU
CPRO.SU
VOR.CC
Tupac.CC
Swipe.LU
Attack
Vectors
Original prior
to late 2013
SQL Injection
X-Site Script
Current Attack
Vectors
Subtopic
Sold 5.3Mil Credit Cards
151,720 Cards actually Sold
421,801 Expired before Sale
28% of the 151,720 Expired
while on Market for Sale

4. WHAT TO
EXPECT IN 2015

5. More and More
• Retail will continue to be a primary target
• E-Commerce POS exploits released
• The list 300 vulnerable medical devices will grow
• The first online paid contract murder to take place
• Healthcare and Retail to implement $$ into security programs
• Energy sector to continue to be under attack from state
sponsored and hacktivist groups
• Emergence of offense security teams

6. WHY IS
MARKETING
DATA AT RISK?

7. A Lot of Information in a Lot of Places
• Salesforce
• Google
• SurveyMonkey
• Customer databases
• Email
• POS software
• Servers
• Employee’s computers

8. Threats in the Cloud are Increasing
• Increase in attack frequency
• Traditional on-premises threats are moving
to the cloud
• Majority of cloud incidents were related to
web application attacks, brute force attacks,
and vulnerability scans
• Brute force attacks and vulnerability scans
are now occurring at near-equivalent rates in
both cloud and on-premises environments
• Malware/Botnet is increasing year over year

9. Challenges for Marketing Information
• Malicious employees
• Snooping, tweaking data for desired result, sabotage
• Non-malicious disasters or accidents
• Everything from a hurricane to a dead hard drive to a lost password
• Corporate espionage
• Costs industry 300 billion dollars annually
• Mimicking your company
• Phishing, hacktivists
• Stealing data to sell
• Credit card data, market profiles, customer information

10. WHAT TO DO
ABOUT IT?

11. Seven Best Practices of Cloud Security
1. Secure your data
2. Create access management policies
3. Adopt a patch management approach
4. Review logs regularly
5. Stay informed of the latest vulnerabilities that might affect you
6. Understand your cloud service providers security model
7. Understand the shared security responsibility

12. Organizations and Standards
• Protect Credit Card Data
• PCI DSS 3.0
• Protect Medical Data
• HiTECH, HIPAA
• Secure coding practices
• International groups working together

13. What Can You Do?
• Protect your data
• Work with reliable companies
• Create and protect backups
• Test recovery scenarios
• Run anti-malware
• Install patches

14. It Will Happen – Be Prepared!
• Create a response plan before you’re attacked
• Different approaches for different attacks
• Different levels of communication for different audiences
• What have you put in place?

15. Thank you.