Data breaches the way forward

•Download as PPTX, PDF•

1 like•144 views

This document discusses data breaches and recommendations for preventing them. It provides definitions of data incidents and breaches, examples of major past breaches organized by year and root cause, statistics on breaches by sector in 2017, and a case study of the 2017 Equifax breach. It then offers guidance on proactively preventing breaches through practices like regular security awareness training and response planning. The document stresses the importance of transparency, communication, and fulfilling legal obligations in responding to a breach.

Data Breaches
–
The wayforward
By: Srinivas Thimmaiah
Date: 20 July 2018
Srinivas Thimmaiah | DB - TWF | 20 July 2017 1

Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 2
Source: https://youtu.be/O4TFXDniG9w

Definition
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 3
Source: https://iapp.org/news/a/is-it-an-incident-or-a-breach-how-to-tell-and-why-it-matters/
National Institute of Standards and Technology defines an event as “any observable occurrencein a system or
network,” such as a server receivinga request for a web page, a user sending an e-mail message, or a firewall blocking
an attempt to establish a connection
A securityor electronic incident is anevent that violates anorganization’s securitypolicies and procedures. Incidentas a
“security event that compromises the confidentiality, integrity or availability of aninformation asset
A data breach is defined as an event in which an individual’s name and a medical record and/or a financial record or
debit card are potentially put at risk either inelectronic or paper format.

Topbreaches
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 4
Source: https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html
Employeecredentialtheft byphishingormalware
VulnerabilityinApachestruts
Gainedaccessthrough athird-partyHVAC vendorto its
point-of-sale(POS)payment cardreaders
Phishing email
Phishingattack
Uniquecustom builtmalwareposingasantivirussoftware
2017
2016
2015
2014
2013
2012
2011

Data breachesroot causes
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 5
Source: https://public.dhe.ibm.com/common/ssi/ecm/se/en/sel03130wwen/security-ibm-security-services-se-research-report-sel03130wwen-20180122.pdf

Breaches sector wise - 2017
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 6
Source: Verizon 2018 data breach report

Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 7
According to a study by KPMG, 19%consumers
would completely stop shopping at a retailer after
a breach
Breaches sector wise - 2017
Source: Verizon 2018 data breach report

Equifax- Casestudy
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 8
Source: https://www.pbs.org/newshour/nation/equifax-hack-happened-according-ceo

Equifax- Timeliness
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 9
Source: https://csrps.com/meticulous-timeline-equifax-data-breach

Identifying breaches
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 10
Days to identify and contain the data breach over the past year
Source: https://public.dhe.ibm.com/common/ssi/ecm/se/en/sel03130wwen/security-ibm-security-services-se-research-report-sel03130wwen-20180122.pdf
Note: MTTI – Mean time to identify; MTTC – Mean time to contain

Identifying breaches
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 11
Source: https://public.dhe.ibm.com/common/ssi/ecm/se/en/sel03130wwen/security-ibm-security-services-se-research-report-sel03130wwen-20180122.pdf
Days to identify and contain the data breach incidents by root cause
Note: MTTI – Mean time to identify; MTTC – Mean time to contain

Breach notificationsrequirements
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 12
Source: https://csrps.com/meticulous-timeline-equifax-data-breach
To be
GDPR
HIPAA
60 days
72 hrs
Article 33
EU GDPR
Breach Notification
45 CFR 164.400-414

Proactivesteps before databreach
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 13
Source: https://csrps.com/meticulous-timeline-equifax-data-breach
Information
Classification Zero trust
network
Deleteold,
irrelevantdata
Limittheplaces
youstoredata
Outdatedsoftware
andtechnology
Response planReducebring-your-
own-device
(BYOD)liability
Configuration
management
Robost security
awareness
training

Notto Do
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 14
Source: https://csrps.com/meticulous-timeline-equifax-data-breach
Not conducting forensic investigation
Makingfalse or misleading statements
Response onthe fly
Going silent
Closing theincidents in an hurry

Do butNot
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 15
Source: https://www.cio.com.au/article/580908/5-steps-respond-security-breach/
Activatetaskforce
Containment
Assess the
severity of breach
Notification
Lessons learned
Customer,
legal/regulators
Who and whathasbeen
affected
Isolatefromnetwork,password
reset
EnablingIncidentresponse
plan
Updatingincident
responseplan

Flipsideof breaches
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 16
Source: https://csrps.com/meticulous-timeline-equifax-data-breach
It was extremelyproactive in its response, alerting customers evenbeforethey had a chanceto fully confirm the
breach.
Transparency
Abiding legal/regulatory obligations
Regularcommunication
Workas one team
TRUST

Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 17
Let’s communicate 
Source: https://www.headsup.org.au/training-and-resources/news/2015/04/24/seven-essentials-to-communicate-your-commitment-to-improving-workplace-mental-health

Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 18
Backupslides

Hackers focuson
Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 19
Source: https://en.wikipedia.orr
• Credit card details
• Bank accountnumbers and PINs
• Passport numbers
• Drivers licenses
• Usernames and passwords
• Birthdays and anniversaries
• Not prepared
• Don’t understand legal obligations
• Financial liability
• They arethe nexus for largercompany breaches

Mortgage Originator Jimmy Vercellino, specializing in VA loans, helps veterans use their VA loan benefit to their greatest advantage. For more details call us at 480-351-5904 or visit our site http://www.valoansforvets.com/ The views expressed here are those of the individual author and do not necessarily represent those of First Choice Bank (NMLS #: 177877) and First Choice Loan Services Inc. (NMLS #: 210764), 7600 E. Doubletree Ranch Road, Scottsdale AZ 85258. Equal Housing Lender. www.fcloans.com/disclaimer/ www.fcbhomeloans.com/privacy 7600 E. Doubletree Ranch Road #200 Scottsdale, AZ 85258 Phone: (480) 351-5904 Email: jimmyv@fcbmtg.com http://www.valoansforvets.com http://google.com/+valoansforvets http://facebook.com/valoansforvets

Shaping Your Future in Banking Cybersecurity

Dawn Yankeelov

Social Engineering and other Foes in the GDPR Year

Massimo Chirivì

Il workshop è dedicato all'approfondimento di una serie di attacchi e minacce da tener sotto controllo per ottemperare al pieno rispetto del GDPR. Si approfondiranno temi legati a crittografia, data loss prevention, sicurezza fisica, social engineering attack e Open Source Intelligence. Una veloce full immersion utile per sintetizzare e costruire il nuovo modus operandi ICT aziendale. Target: Lato domanda ICT: CIO, CISO, tecnici dei sistemi informatici e della loro sicurezza, responsabili delle diverse direzioni utenti dei sistemi informatici, responsabili del personale e dell’organizzazione, responsabili degli acquisti, CEO, COO e decisori sull’ICT Lato offerta ICT: personale commerciale e marketing, tecnici, responsabili del personale e dell’organizzazione, CEO e COO, oltre a CIO, CSO, CISO e personale delle loro strutture.

Board and Cyber Security

Leon Fouche

Is Your Strategy in Place to Meet the NYS DFS Regulation? Understanding New York State’s required cybersecurity policies and procedures, how these new regulations apply to you, and what you need to do to become compliant can all be confusing and overwhelming. To help you through this process, Citrin Cooperman and Walker Wilcox Matousek, LLP hosted an informational webinar to walk you through the complexities of this new regulation. Key questions that were answered, include: What’s required under the new regulation? Does this new regulation apply to you? How will you comply with this new regulation? What are the consequences of not complying?

2015 Secureworld_effectively_managing_information_risk

Doug Copley

Cybercrime - Stealing in the Connected Age

dlblumen

Cyber Resilience: A New Perspective on Security

Ina Luft

Developing advanced cyber security strategies for the creation of a layered cyber defence, Cyber Resilience: A New Perspective on Security shall explore the establishment of a comprehensive defence from contemporary cyber threats to critical national infrastructure As well as the strategies and architectures necessary for the establishment of this protection, the master class will explore optimal protocol for organizations of all sizes to take the necessary steps to prepare for the worst-case scenarios. Specifically, the ability to recover quickly in the event of a cyber-attack on their network and deal with the fall out of such an attack. WHY YOU SHOULD ATTEND: • Understand the contemporary threats to critical national infrastructure, the approaches of attackers and their intentions • Master cyber security strategies and architectures for a thorough 1st line of defence • from cyber threats, in doing so, build a more cyber resilient enterprise • Prepare for the event in which your organisation’s cyber security is breached, effectively respond and recover by minimizing its impact and restore the functions of your people, processes and systems as soon as possible EARLY BIRD DISCOUNT: Book by 29th January to save £100 – Book by 29th February to save £50 For more information and to register, please visit www.smi-online.co.uk/2016cyberresilience.asp or contact events@smi-online.co.uk.

What trends will 2018 bring for Business Continuity Professionals?

PECB

Many business continuity practitioners are perceiving a higher level of risk than ever before in their careers. Unfortunately, these risks are more often resulting in real incidents which require emergency response and continuity of operations. Being prepared may be the most important thing an organization can do in 2018. But what should we prepare for, and how should we prepare for it? This discussion will walk through some of the emerging threats concepts, tools, and techniques that business continuity professionals can expect to see more of in 2018. Main points covered: - What should we prepare for in 2018? - How should we prepare? - The emerging threats, concepts, tools, and techniques expected in 2018 - Emerging threats creating new risks Presenter: David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications. Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence. Organizer: Nevila Muka Date: January 17, 2018 Link to the recorded webinar:

Investing in Cybersecurity, 2020 outlook for Mexico

Whiteboard Venture Partners

The ever increasing threat of cyber crime

Nathan Desfontaines

Improving Cyber Security Literacy in Boards & Executives

Tripwire

In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams. It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy. Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executives’ cyber security literacy.

The Proactive Approach to Cyber Security

Nathan Desfontaines

November 2017: Part 6

seadeloitte

1212018 SafeAssign Originality Reporthttpswilmu.black.docx

moggdede

1/21/2018 SafeAssign Originality Report https://wilmu.blackboard.com/webapps/mdb-sa-bb_bb60/originalityReport?attemptId=35f49629-f506-4650-b3bc-f27113848130&includeDeleted=true&c… 1/5 DEPT.SSC..SAFEASSIGN - SSC TUTORING - SAFEASSIGN SP2018 Draft SafeAssignment 02 Venkata Bejjam on Sun, Jan 21 2018, 9:36 AM 35% highest match Submission ID: 35f49629-f506-4650-b3bc-f27113848130 Citations (8/8) Running head: Data intrusion detection and prevention 1 Data intrusion detection and prevention 6 1 DATA INTRUSION DETECTION AND PREVENTION NAME Word Count: 893 Attachment ID: 195728044 WEEK-1 SHORT PAPER.doc 35% 1 Another student's paper 2 Another student's paper 3 Another student's paper 4 Another student's paper 5 Another student's paper 6 Another student's paper 7 Another student's paper 8 Another student's paper http://safeassign.blackboard.com/ https://wilmu.blackboard.com/webapps/mdb-sa-bb_bb60/originalityReportPrint?course_id=_453127_1&paperId=195728044&&attemptId=35f49629-f506-4650-b3bc-f27113848130&course_id=_453127_1 https://help.blackboard.com/SafeAssign 1/21/2018 SafeAssign Originality Report https://wilmu.blackboard.com/webapps/mdb-sa-bb_bb60/originalityReport?attemptId=35f49629-f506-4650-b3bc-f27113848130&includeDeleted=true&c… 2/5 COURSE LECTURER DATE 2 DATA INTRUSION DETECTION IS THE PROCEDURE OF MONITORING THE SITUATIONS OCCURRING IN YOUR COMPUTER SYSTEM OR NETWORK AND INSPECTING THEM FOR SIGNALS OF POSSIBLE CASES, WHICH HAPPENS TO BE VIOLATIONS OR IMMINENT DANGERS OF BREACH OF COMPUTER SECURITY INSURANCE POLICIES, ACCEPTABLE USE GUIDELINES, OR STANDARD SECURITY TACTICS. Intrusion protection is the procedure of carrying out intrusion recognition and wanting to stop diagnosed possible incidents. 1 INTRUSION PREVENTION SYSTEM/ INTRUSION DETECTION SYSTEM MARKET IS EXPECTED TO DEVELOP FROM $789.25 MILLION IN 2014 TO $1,022.99 MILLION BY 2019, AT A CAGR OF 5.3% FOR THE TIME 2014 TO 2019 IN EUROPEAN COUNTRIES. The Intrusion Protection System/ Intrusion Recognition System market is driven by the increased demand for sophisticated security alternatives and increased shelling out for IT security alternatives in this area. The SMBs over Europe are adopting (Harale & Meshram, 2016, p. 76) the perfect solution is for supervised IDS/IPS security services for the effective level of security to safeguard the critical property from cyber-attacks. Therefore, IDS/IPS security is creating a positioning between tactical and functional business tasks for an effective information security program in your community. 3 STRICT SECURITY ALTERNATIVES HAVE BEEN PUT IN PLACE BY THE UNITED KINGDOM GOVERNMENT TO GUARD THEIR INDIVIDUALS AGAINST RISING RANGE OF CYBER FRAUDS. The expansion of cyber terrorists and hackers has forced the government organizations to enact various regulations to safeguard valuable data. 4 THIS HAS HELPED TO INCREASE THE DEMAND FOR IDS/IPS PRODUCTS AND SERVICES. The upsurge in cyberse ...

What's hot

MIRAI: What is It, How Does it Work and Why Should I Care?

Memoori

Funsec3e ppt ch03

Skillspire LLC

Cybersecurity and The Board

Paul Melson

Cyber risk tips for boards and executive teams

Wynyard Group

Hacking3e ppt ch13

Skillspire LLC

Blog secure channels inc

Secure Channels Inc.

Cybersecurity & the Board of Directors

Abdul-Hakeem Ajijola

Infocom security 2016 - Cromar Presentation

Ethos Media S.A.

Cybersecurity: Connectivity, Collaboration and Security Controls

Kristian Alisasis Pura

Role of The Board In IT Governance & Cyber Security-Steve Howse

CGTI

The CPAs Guide to Buying Cyber Insurance

Joseph Brunsman

New York Cybersecurity Requirements for Financial Services Companies

Citrin Cooperman

2015 Secureworld_effectively_managing_information_risk

Doug Copley

Cybercrime - Stealing in the Connected Age

dlblumen

Cyber Resilience: A New Perspective on Security

Ina Luft

What trends will 2018 bring for Business Continuity Professionals?

PECB

Investing in Cybersecurity, 2020 outlook for Mexico

Whiteboard Venture Partners

The ever increasing threat of cyber crime

Nathan Desfontaines

Improving Cyber Security Literacy in Boards & Executives

Tripwire

The Proactive Approach to Cyber Security

Nathan Desfontaines

What's hot (20)

MIRAI: What is It, How Does it Work and Why Should I Care?

Funsec3e ppt ch03

Cybersecurity and The Board

Cyber risk tips for boards and executive teams

Hacking3e ppt ch13

Blog secure channels inc

Cybersecurity & the Board of Directors

Infocom security 2016 - Cromar Presentation

Cybersecurity: Connectivity, Collaboration and Security Controls

Role of The Board In IT Governance & Cyber Security-Steve Howse

The CPAs Guide to Buying Cyber Insurance

New York Cybersecurity Requirements for Financial Services Companies

2015 Secureworld_effectively_managing_information_risk

Cybercrime - Stealing in the Connected Age

Cyber Resilience: A New Perspective on Security

What trends will 2018 bring for Business Continuity Professionals?

Investing in Cybersecurity, 2020 outlook for Mexico

The ever increasing threat of cyber crime

Improving Cyber Security Literacy in Boards & Executives

The Proactive Approach to Cyber Security

Similar to Data breaches the way forward

November 2017: Part 6

seadeloitte

1212018 SafeAssign Originality Reporthttpswilmu.black.docx

moggdede

2017 Security Report Presentation

ixiademandgen

A Comprehensive Review of Cyber Security, Threats and Cyber Attacks

IRJET Journal

Third party risk management with cyber threat intelligence

Charles Steve

Information Security vs. Data Governance vs. Data Protection: What Is the Rea...

PECB

This webinar will provide more information on the importance of information security and how you can take security well beyond compliance, an approach on building strong information security, privacy and data governance programs, and the importance of strong data governance in relation to privacy and information security requirements. The webinar covers • Information Security • Importance Of Information Security Today • Taking Information Security Beyond A Compliance First • Importance Of Data Governance In Information Security • Privacy • Changing And Evolving Privacy Requirements • Importance Of Data Governance In Privacy • Data Governance And Data Privacy • Data Privacy - Data Processing Principles Presenters: Moji is a Senior Business Process Analyst working with GemaltoThales, a leading firm in the IT industry. Moji has over fifteen years of experience in leading projects to improve processes, create and implement processes leading to increased revenue generation and eliminate redundancies. She has a zeal for adding value and increasing revenue for organizations. Moji is very passionate about Data Privacy and its application in business and consumer rights. Hardeep Mehrotara has 20+ years of senior leadership experience in Information Technology and Cyber Security working for public and private organizations building security programs from the ground up. He has been featured on Canadian television as a cyber expert and provided advice to various communities on implementing cybersecurity strategy, best practices and controls. He has been a co-author on numerous leading industry security control frameworks, technical benchmarks and industry best practice standards. ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701 Webinars: https://pecb.com/webinars Articles: https://pecb.com/article Whitepapers: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/aQcS5-RFIEY Website link: https://pecb.com/

Key note in nyc the next breach target and how oracle can help - nyoug

Ulf Mattsson

Old security approaches are based on finding malware and data leaks. This is like "boiling the ocean," since you are “patching” all possible data paths and data stores, and you may not even find a trace of an attack. New security approaches assume that you are under attack and focus instead on protecting the data itself, even in computer memory (the “target” for a growing number of attacks). This session discusses what companies can do now to prevent what happened to Target and others processing PII, PHI and PCI data. The Oracle Big Data Appliance is a critical part of the solution.

Data centric security key to digital business success - ulf mattsson - bright...

Ulf Mattsson

With the exponential growth of data generation and collection stemming from new business models fueled by Big Data, cloud computing and the Internet of Things, we are potentially creating a cybercriminal's paradise where there are more opportunities than ever for that data to end up in the wrong hands. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits promised by these new ways of doing business, we urgently need a data-centric strategy to protect the sensitive data flowing through these digital business systems. In this webinar, Ulf Mattsson explores these issues and provides solutions to bring together data insight and security to safely unlock the power of digital business.

Who is the next target and how is big data related ulf mattssonUlf Mattsson

Keep your data safe and be compliant via a 360° approach

Nagib Aouini

Data Privacy & Security

Eryk Budi Pratama

Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS

Randall Chase

cybersecurity - You Are Being Targeted Business executive with high-level management and hands-on analytical skill sets and over 27 years of professional experience in technical solutions and service offering development and implementation, organizational strategies for efficiency, cost controls, and bottom-line profitability, multi-million dollar enterprise-wide client engagements, compliance with schedule, budget, and quality requirements, hiring and leadership of high-performance IT employees. Keyven Lewis, CMIT SOLUTIONS- Cybersecurity - You Are Being Targeted. An overview to help SMB owners understand the dynamics (exp. the who, the why, and the how) of cybersecurity as it relates to their business.

Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)

Benjamin Ang

Verizon 2014 data breach investigation report and the target breach

Ulf Mattsson

The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to adapt to the shifts around them. What’s needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it. In this webinar, Protegrity CTO and data security thought leader Ulf Mattsson integrates new information from the Verizon 2014 Data Breach Investigation Report (DBIR) into his analysis on what is driving data breaches today, and how we can prevent them in the future. KEY TOPICS INCLUDE: • The changing threat landscape • The effects of new technologies on breaches • Analysis of recent breaches, including Target • Compliance vs. security • The importance of shifting from reactive to proactive thinking • Preparing for future attacks with new technology & techniques

SSI: The Trillion Dollar Business Opportunity

SSIMeetup

https://ssimeetup.org/ssi-trillion-dollar-business-opportunity-webinar-34/ This webinar, based on a panel of the same name held at Seattle Devcon in July 2019, will feature four experts from different areas of the digital identity industry explaining why they believe Self-Sovereign Identity (SSI) is one of the most significant applications of blockchain technology to enable all kind of new business model for the digital economy. Panelists will include Chris Spanton, Principal Architect—Blockchain at T-Mobile; Vaughan Emery, CEO of Datafi Labs; and Drummond Reed, Chief Trust Officer at Evernym and a Trustee of the Sovrin Foundation.

Outlook Briefing 2016: Cyber Security

Mastel Indonesia

Cyber - it's all now a matter of time!

Gloucestershire Professionals

Data Analytics for Security Intelligence

Data Driven Innovation

${d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...$ ${d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...$

{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...Taiye Lambo

Cyber Security Threats | IIA Boise ChapterPatricia M Watson

Similar to Data breaches the way forward (20)

November 2017: Part 6

1212018 SafeAssign Originality Reporthttpswilmu.black.docx

2017 Security Report Presentation

A Comprehensive Review of Cyber Security, Threats and Cyber Attacks

Third party risk management with cyber threat intelligence

Information Security vs. Data Governance vs. Data Protection: What Is the Rea...

Key note in nyc the next breach target and how oracle can help - nyoug

Data centric security key to digital business success - ulf mattsson - bright...

Who is the next target and how is big data related ulf mattsson

Keep your data safe and be compliant via a 360° approach

Data Privacy & Security

Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS

Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)

Verizon 2014 data breach investigation report and the target breach

SSI: The Trillion Dollar Business Opportunity

Outlook Briefing 2016: Cyber Security

Cyber - it's all now a matter of time!

Data Analytics for Security Intelligence

${d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...$ ${d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...$

{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...

Cyber Security Threats | IIA Boise Chapter

Recently uploaded

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

Full-RAG: A modern architecture for hyper-personalization

Zilliz

Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.

By Design, not by Accident - Agile Venture Bolzano 2024

Pierluigi Pugliese

20 Comprehensive Checklist of Designing and Developing a Website

Pixlogix Infotech

Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Malak Abu Hammad

Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers: * What is Vector Search? * Importance and benefits of vector search * Practical use cases across various industries * Step-by-step implementation guide * Live demos with code snippets * Enhancing LLM capabilities with vector search * Best practices and optimization strategies Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications. #MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

Vladimir Iglovikov, Ph.D.

Presented by Vladimir Iglovikov: - https://www.linkedin.com/in/iglovikov/ - https://x.com/viglovikov - https://www.instagram.com/ternaus/ This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation. Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners. This case study covers various aspects, including: People: The contributors and community that have supported Albumentations. Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions. Challenges: The hurdles in monetizing open-source projects and measuring user engagement. Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration. Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community. Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations. Mental Health: Maintaining balance and not feeling pressured by user demands. Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth. Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects. Explore more about Albumentations and join the community at: GitHub: https://github.com/albumentations-team/albumentations Website: https://albumentations.ai/ LinkedIn: https://www.linkedin.com/company/100504475 Twitter: https://x.com/albumentations

DevOps and Testing slides at DASA Connect

Kari Kakkonen

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

How to Get CNIC Information System with Paksim Ga.pptx

danishmna97

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

Recently uploaded (20)

Essentials of Automations: The Art of Triggers and Actions in FME

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Full-RAG: A modern architecture for hyper-personalization

By Design, not by Accident - Agile Venture Bolzano 2024

20 Comprehensive Checklist of Designing and Developing a Website

Securing your Kubernetes cluster_ a step-by-step guide to success !

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI

DevOps and Testing slides at DASA Connect

National Security Agency - NSA mobile device best practices

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Uni Systems Copilot event_05062024_C.Vlachos.pdf

How to Get CNIC Information System with Paksim Ga.pptx

Removing Uninteresting Bytes in Software Fuzzing

Monitoring Java Application Security with JDK Tools and JFR Events

GridMate - End to end testing is a critical piece to ensure quality and avoid...

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Data breaches the way forward

1. Data Breaches – The wayforward By: Srinivas Thimmaiah Date: 20 July 2018 Srinivas Thimmaiah | DB - TWF | 20 July 2017 1

2. Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 2 Source: https://youtu.be/O4TFXDniG9w

3. Definition Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 3 Source: https://iapp.org/news/a/is-it-an-incident-or-a-breach-how-to-tell-and-why-it-matters/ National Institute of Standards and Technology defines an event as “any observable occurrencein a system or network,” such as a server receivinga request for a web page, a user sending an e-mail message, or a firewall blocking an attempt to establish a connection A securityor electronic incident is anevent that violates anorganization’s securitypolicies and procedures. Incidentas a “security event that compromises the confidentiality, integrity or availability of aninformation asset A data breach is defined as an event in which an individual’s name and a medical record and/or a financial record or debit card are potentially put at risk either inelectronic or paper format.

4. Topbreaches Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 4 Source: https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html Employeecredentialtheft byphishingormalware VulnerabilityinApachestruts Gainedaccessthrough athird-partyHVAC vendorto its point-of-sale(POS)payment cardreaders Phishing email Phishingattack Uniquecustom builtmalwareposingasantivirussoftware 2017 2016 2015 2014 2013 2012 2011

5. Data breachesroot causes Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 5 Source: https://public.dhe.ibm.com/common/ssi/ecm/se/en/sel03130wwen/security-ibm-security-services-se-research-report-sel03130wwen-20180122.pdf

6. Breaches sector wise - 2017 Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 6 Source: Verizon 2018 data breach report

7. Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 7 According to a study by KPMG, 19%consumers would completely stop shopping at a retailer after a breach Breaches sector wise - 2017 Source: Verizon 2018 data breach report

8. Equifax- Casestudy Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 8 Source: https://www.pbs.org/newshour/nation/equifax-hack-happened-according-ceo

9. Equifax- Timeliness Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 9 Source: https://csrps.com/meticulous-timeline-equifax-data-breach

10. Identifying breaches Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 10 Days to identify and contain the data breach over the past year Source: https://public.dhe.ibm.com/common/ssi/ecm/se/en/sel03130wwen/security-ibm-security-services-se-research-report-sel03130wwen-20180122.pdf Note: MTTI – Mean time to identify; MTTC – Mean time to contain

11. Identifying breaches Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 11 Source: https://public.dhe.ibm.com/common/ssi/ecm/se/en/sel03130wwen/security-ibm-security-services-se-research-report-sel03130wwen-20180122.pdf Days to identify and contain the data breach incidents by root cause Note: MTTI – Mean time to identify; MTTC – Mean time to contain

12. Breach notificationsrequirements Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 12 Source: https://csrps.com/meticulous-timeline-equifax-data-breach To be GDPR HIPAA 60 days 72 hrs Article 33 EU GDPR Breach Notification 45 CFR 164.400-414

13. Proactivesteps before databreach Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 13 Source: https://csrps.com/meticulous-timeline-equifax-data-breach Information Classification Zero trust network Deleteold, irrelevantdata Limittheplaces youstoredata Outdatedsoftware andtechnology Response planReducebring-your- own-device (BYOD)liability Configuration management Robost security awareness training

14. Notto Do Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 14 Source: https://csrps.com/meticulous-timeline-equifax-data-breach Not conducting forensic investigation Makingfalse or misleading statements Response onthe fly Going silent Closing theincidents in an hurry

15. Do butNot Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 15 Source: https://www.cio.com.au/article/580908/5-steps-respond-security-breach/ Activatetaskforce Containment Assess the severity of breach Notification Lessons learned Customer, legal/regulators Who and whathasbeen affected Isolatefromnetwork,password reset EnablingIncidentresponse plan Updatingincident responseplan

16. Flipsideof breaches Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 16 Source: https://csrps.com/meticulous-timeline-equifax-data-breach It was extremelyproactive in its response, alerting customers evenbeforethey had a chanceto fully confirm the breach. Transparency Abiding legal/regulatory obligations Regularcommunication Workas one team TRUST

17. Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 17 Let’s communicate  Source: https://www.headsup.org.au/training-and-resources/news/2015/04/24/seven-essentials-to-communicate-your-commitment-to-improving-workplace-mental-health

18. Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 18 Backupslides

19. Hackers focuson Srinivas Thimmaiah | DB - TWF | 20 July 2017 Page 19 Source: https://en.wikipedia.orr • Credit card details • Bank accountnumbers and PINs • Passport numbers • Drivers licenses • Usernames and passwords • Birthdays and anniversaries • Not prepared • Don’t understand legal obligations • Financial liability • They arethe nexus for largercompany breaches

Data breaches the way forward

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Data breaches the way forward

Similar to Data breaches the way forward (20)

Recently uploaded

Recently uploaded (20)

Data breaches the way forward