What do you remember about the Equifax? Something about someone forgetting to patch Struts, and then the bad guys were able to get in and steal all the data? What actually happened was much more nuanced, and there's much to learn by diving into the details.
Information Security Metrics - Practical Security MetricsJack Nichelson
So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.
You have more to secure than ever before. A data breach can happen to any organization, and it's a growing concern among companies both large and small. Take a look at these best practices and see if any of these have gotten lost as you consider your 2017 plan.
What do you remember about the Equifax? Something about someone forgetting to patch Struts, and then the bad guys were able to get in and steal all the data? What actually happened was much more nuanced, and there's much to learn by diving into the details.
Information Security Metrics - Practical Security MetricsJack Nichelson
So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.
You have more to secure than ever before. A data breach can happen to any organization, and it's a growing concern among companies both large and small. Take a look at these best practices and see if any of these have gotten lost as you consider your 2017 plan.
Just as the title says, we go over the humble origins, touch on the notable variants of yesteryear, the big hitters of today, and discuss the future of ransomware. It's no longer just for windows anymore. Linux, Mac and Mobile platforms are all ripe for extortion.
This humorous and entertaining talk teaches everyone, from Mom and Pops to large enterprise organizations what's really happening and how to protect themselves.
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
This post contains detailed Mindmap related to Complex subject of Cyber security and address critical components summarized as below:
- Cyber Security standards
- SOC (Security Operation Center)
- Cybersecurity Lifecycle
- Hacker Kill Chain
- Malware (Types,Protection Mechanism)
- Cyber Architecture
- CSC (Critical Security Standards)
- Incident Management
- Network Perimeter best security practices
- Final Case Study
I hope the Technical post is appreciated and liked by Security Consultants and Subject Matter experts on Cybersecurity.Your criticals Inputs are appreciated.Thank you
- Wajahat Iqbal
(Wajahat_Iqbal@Yahoo.com)
Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them. And, of course, home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items—including family photos, videos, and other data—can be devastating for individuals as well.
This presentation lets you understand about the biggest cyber-attack extortion in the history of the internet. It contains all details of what, how and whys of WannaCry Ransomware.
The case studies in this presentation are real life examples of ransomware attacks on health care organizations, and are intended to help physicians respond appropriately for when this type of cyber crime occurs.
I presented this slides in the "Privacy Protection" subject, teached by Prof. Josep Domingo-Ferrer in the Master in Computer Security Engineering and Artificial Intelligence.
Cyber extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to stop the attack.
Cyber extortions have taken on multiple forms - encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data.
Malware locks out the user’s system and demands ransom.
Creates “Zombie Computer” operated remotely.
Individuals and business targeted.
This form of extortion works on the assumption that the data is important enough to the user that they are willing to pay for recovery.
There is however no guarantee of actual recovery, even after payment is made.
The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
Note: There is an updated version of this slide deck available on SlideShare at
https://www.slideshare.net/DallasHaselhorst/cybersecurity-awareness-training-presentation-v11
--
Do you want an cybersecurity awareness training you can present at *your* business or in *your* community? Awesome!
We spent months putting together this training presentation on cybersecurity awareness. We then presented it multiple times and continued modifying the presentation based on feedback from attendees as well as feedback from those in the information security community. We are now releasing this in the hope it is a call to action for others in their communities.
The slides are available for download on our website. Download it and please present it in your own communities, e.g. at your local library, business events, co-working spaces, schools, etc. We also have a free cybersecurity quiz available on the site that is also based on the material.
Download the latest version as a Microsoft PowerPoint presentation (.pptx) or 'Make a Copy' in Google Slides.
https://www.treetopsecurity.com/slides
Ransomware cyber crime is there any solution or prevention is better than cure.
Cyber criminals have made lucrative business and even 100$ ransom gets collected via bitcoin.
DR. STEVEN GORIAH,
Vice President of Information Technology & CISO
Westchester Medical Center Health Network
The U.S Healthcare system is seeing a
staggering amount of security breaches each
year. In this session, you’ll learn about the role
of a cybersecurity framework, best practices in
choosing a framework, and which framework
best fits your organization and why. Dr. Goriah
will also speak on implementation, roles and
responsibilities and why it's essential to create
a culture of privacy and security
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
This is the security awareness presentation which I will be giving to Quartz Health Solutions, on October 24, 2018. If focuses in on three areas: information security best practices for work, at home, and also contains some tips for kids. Topics include: PHI, ePHI, HIPAA, Identity Theft, Social Engineering, phishing, password management, malware, insider threats, social networks, and mobile devices.
Just as the title says, we go over the humble origins, touch on the notable variants of yesteryear, the big hitters of today, and discuss the future of ransomware. It's no longer just for windows anymore. Linux, Mac and Mobile platforms are all ripe for extortion.
This humorous and entertaining talk teaches everyone, from Mom and Pops to large enterprise organizations what's really happening and how to protect themselves.
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
This post contains detailed Mindmap related to Complex subject of Cyber security and address critical components summarized as below:
- Cyber Security standards
- SOC (Security Operation Center)
- Cybersecurity Lifecycle
- Hacker Kill Chain
- Malware (Types,Protection Mechanism)
- Cyber Architecture
- CSC (Critical Security Standards)
- Incident Management
- Network Perimeter best security practices
- Final Case Study
I hope the Technical post is appreciated and liked by Security Consultants and Subject Matter experts on Cybersecurity.Your criticals Inputs are appreciated.Thank you
- Wajahat Iqbal
(Wajahat_Iqbal@Yahoo.com)
Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them. And, of course, home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items—including family photos, videos, and other data—can be devastating for individuals as well.
This presentation lets you understand about the biggest cyber-attack extortion in the history of the internet. It contains all details of what, how and whys of WannaCry Ransomware.
The case studies in this presentation are real life examples of ransomware attacks on health care organizations, and are intended to help physicians respond appropriately for when this type of cyber crime occurs.
I presented this slides in the "Privacy Protection" subject, teached by Prof. Josep Domingo-Ferrer in the Master in Computer Security Engineering and Artificial Intelligence.
Cyber extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to stop the attack.
Cyber extortions have taken on multiple forms - encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data.
Malware locks out the user’s system and demands ransom.
Creates “Zombie Computer” operated remotely.
Individuals and business targeted.
This form of extortion works on the assumption that the data is important enough to the user that they are willing to pay for recovery.
There is however no guarantee of actual recovery, even after payment is made.
The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
Note: There is an updated version of this slide deck available on SlideShare at
https://www.slideshare.net/DallasHaselhorst/cybersecurity-awareness-training-presentation-v11
--
Do you want an cybersecurity awareness training you can present at *your* business or in *your* community? Awesome!
We spent months putting together this training presentation on cybersecurity awareness. We then presented it multiple times and continued modifying the presentation based on feedback from attendees as well as feedback from those in the information security community. We are now releasing this in the hope it is a call to action for others in their communities.
The slides are available for download on our website. Download it and please present it in your own communities, e.g. at your local library, business events, co-working spaces, schools, etc. We also have a free cybersecurity quiz available on the site that is also based on the material.
Download the latest version as a Microsoft PowerPoint presentation (.pptx) or 'Make a Copy' in Google Slides.
https://www.treetopsecurity.com/slides
Ransomware cyber crime is there any solution or prevention is better than cure.
Cyber criminals have made lucrative business and even 100$ ransom gets collected via bitcoin.
DR. STEVEN GORIAH,
Vice President of Information Technology & CISO
Westchester Medical Center Health Network
The U.S Healthcare system is seeing a
staggering amount of security breaches each
year. In this session, you’ll learn about the role
of a cybersecurity framework, best practices in
choosing a framework, and which framework
best fits your organization and why. Dr. Goriah
will also speak on implementation, roles and
responsibilities and why it's essential to create
a culture of privacy and security
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
This is the security awareness presentation which I will be giving to Quartz Health Solutions, on October 24, 2018. If focuses in on three areas: information security best practices for work, at home, and also contains some tips for kids. Topics include: PHI, ePHI, HIPAA, Identity Theft, Social Engineering, phishing, password management, malware, insider threats, social networks, and mobile devices.
Data Security Read the article below and answer the following questi.pdfinfo48697
Data Security Read the article below and answer the following questions: Answer the following
questions: Identify and describe the security and control weaknesses discussed in this case. What
management, organization, and technology factors contributed to these problems? Discuss the
impact of the Equifax hack. How can future data breaches like this one be prevented? Is the
Equifax Hack the Worst Everand Why? Equifax (along with TransUnion and Experian) is one of
the three main U.S. credit bureaus, which maintain vast repositories of personal and financial
data used by lenders to determine credit-worthiness when consumers apply for a credit card,
mortgage, or other loans. The company handles data on more than 820 million consumers and
more than 91 million businesses worldwide and manages a database with employee information
from more than 7,100 employers, according to its website. These data are provided by banks and
other companies directly to Equifax and the other credit bureaus. Consumers have little choice
over how credit bureaus collect and store their personal and financial data. Equifax has more data
on you than just about anyone else. If any company needs airtight security for its information
systems, it should be credit reporting bureaus such as Equifax. Unfortunately, this has not been
the case. On September 7, 2017 Equifax reported that from mid-May through July 2017 hackers
had gained access to some of its systems and potentially the personal information of about 143
million U.S. consumers, including Social Security numbers and driver's license numbers. Credit
card numbers for 209,000 consumers and personal information used in disputes for 182,000
people were also compromised. Equifax reported the breach to law enforcement and also hired a
cybersecurity firm to investigate. The size of the breach, importance, and quantity of personal
information compromised by this breach are considered unprecedented. Immediately after
Equifax discovered the breach, three top executives, including Chief Financial Officer John
Gamble, sold shares worth a combined $1.8 million, according to Securities and Exchange
Commission filings. A company spokesman claimed the three executives had no knowledge that
an intrusion had occurred at the time they sold their shares on August 1 and August 2.
Bloomberg reported that the share sales were not planned in advance. On October 4, 2017
Equifax CEO Richard Smith testified before Congress and apologized for the breach. The size of
the Equifax data breach was second only to the Yahoo breach of 2013, which affected data of all
of Yahoo's 3 billion customers. The Equifax breach was especially damaging because of the
amount of sensitive personal and financial data stored by Equifax that was stolen, and the role
such data play in securing consumers' bank accounts, medical histories, and access to financing.
In one swoop the hackers gained access to several essential pieces of personal information that
could help attac.
Primer on cybersecurity for boards of directorsDavid X Martin
From Hughes, Hubbard & Reed partner and former SEC commissioner Roel C. Campos, and longtime risk manager and cybXsecure managing partner David X Martin, “A Practical Primer for Boards of Directors in the Age of Uber, Equifax et al
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docxarnoldmeredith47041
The Equifax Data Breach Case
Page 1 of 4
Equifax, along with Experian and TransUnion, is one of the "Big Three" credit reporting agencies
in the United States. All three companies offer credit monitoring services as their core business.
There are many regulations and restrictions governing the collection and use of credit data, but
these companies have enjoyed stable sales and profits for many years. Equifax is based in
Atlanta and its long history traces back to 1913. It employs over 10,400 employees worldwide
and maintains data on 820 million consumers.
All three agencies exchange data with banks and other financial company’s that extend credit.
They develop "credit scores" for how well consumer has handled his or her credit and debt
obligations. This score and the accompanying credit report detailing a person's credit history are
then sold to banks, credit unions, retail credit card Issuers, auto lenders, mortgage lenders, and
others who rely on this information when they make loans, issue credit cards, or offer
consumers mortgages and home equity loans. It Is also used by banks to check this information
before issuing bank credit cards such as Visa or MasterCard. Equifax, Experian, and TransUnion
have most likely compiled credit histories for nearly every adult U.S. citizen.53
In early September 2017, Equifax announced that hackers had gained illicit access to the
personal information of 143 million people. The data included social security numbers, birth
dates, phone numbers, email addresses, driving license numbers, and, in some cases, credit card
numbers. The total number expanded to 148 million by March 201ij. The pilfering of social
security numbers was particularly worrisome since that number in the wrong hands creates
opportunities for identity theft and other types of fraud.
The Equifax data breach is one of the three worst data breaches- in U.S. history along with
Yahoo and Marriott. The Marriott data h ck of 2018 affected 500 million users. In September
2016, Yahoo revealed a serious data security breach that had occurred 2 years earlier when
500,000 million records were compromised. Several months later, in December, 2016, Yahoo
informed its users of another newly discovered data breach. That breach occurred in 2013 and
affected more than 1 billion Yahoo users. However, despite the magnitude of the Yahoo and
Marriott breaches, the Equifax data breach is considered more damaging because social security
numbers and birth dates were involved. As one security expert observed, "This data is the key to
everyone's files and interactions with financial services, government, and health care."
After the announcement was made, the credit reporting agency was heavily criticized for
waiting until September 7th to reveal this data breach to the public. This breach took place in
March 2017 and went undetected for. almost 3 months. It was discovered in late July, but the
company decided to withhold.
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docxtodd701
The Equifax Data Breach Case
Page 1 of 4
Equifax, along with Experian and TransUnion, is one of the "Big Three" credit reporting agencies
in the United States. All three companies offer credit monitoring services as their core business.
There are many regulations and restrictions governing the collection and use of credit data, but
these companies have enjoyed stable sales and profits for many years. Equifax is based in
Atlanta and its long history traces back to 1913. It employs over 10,400 employees worldwide
and maintains data on 820 million consumers.
All three agencies exchange data with banks and other financial company’s that extend credit.
They develop "credit scores" for how well consumer has handled his or her credit and debt
obligations. This score and the accompanying credit report detailing a person's credit history are
then sold to banks, credit unions, retail credit card Issuers, auto lenders, mortgage lenders, and
others who rely on this information when they make loans, issue credit cards, or offer
consumers mortgages and home equity loans. It Is also used by banks to check this information
before issuing bank credit cards such as Visa or MasterCard. Equifax, Experian, and TransUnion
have most likely compiled credit histories for nearly every adult U.S. citizen.53
In early September 2017, Equifax announced that hackers had gained illicit access to the
personal information of 143 million people. The data included social security numbers, birth
dates, phone numbers, email addresses, driving license numbers, and, in some cases, credit card
numbers. The total number expanded to 148 million by March 201ij. The pilfering of social
security numbers was particularly worrisome since that number in the wrong hands creates
opportunities for identity theft and other types of fraud.
The Equifax data breach is one of the three worst data breaches- in U.S. history along with
Yahoo and Marriott. The Marriott data h ck of 2018 affected 500 million users. In September
2016, Yahoo revealed a serious data security breach that had occurred 2 years earlier when
500,000 million records were compromised. Several months later, in December, 2016, Yahoo
informed its users of another newly discovered data breach. That breach occurred in 2013 and
affected more than 1 billion Yahoo users. However, despite the magnitude of the Yahoo and
Marriott breaches, the Equifax data breach is considered more damaging because social security
numbers and birth dates were involved. As one security expert observed, "This data is the key to
everyone's files and interactions with financial services, government, and health care."
After the announcement was made, the credit reporting agency was heavily criticized for
waiting until September 7th to reveal this data breach to the public. This breach took place in
March 2017 and went undetected for. almost 3 months. It was discovered in late July, but the
company decided to withhold.
I’ve Been Hacked The Essential Steps to Take NextBrian Pichman
Description: It happens. A place you shop at frequently gets its data stolen. Someone was able to get access to one of your accounts. Or a system you manage gets compromised. Either way, it is important to be prepared ahead of time before the worst happens. Join Brian Pichman as he helps you put a proactive plan in place and what to do after you or your organization has been hacked.
We've summarised the key findings from 100 cyber security surveys. We choose the best of these each month to discus with our customers, to guide & accelerate their cyber resilience journey.
Slides used in VIP Customer Forums hosted by Cyber Rescue Alliance, for individual thought leaders.
These slides supported discussion about where Third Party Risk Management needs to go in the months and years ahead, in the face of dynamic cyber threats.
Ensuring Cyber Resilience in the Finance SectorKevin Duffey
Presented at the prestigious Operational Resilience, Outsourcing & Third Party Risk conference in London on 22-23 Nov 2022.
Provides data on Ransomware, Cyber Insurance, DDoS and other fast developing aspects of cyber resilience. Focusses on 3rd Party and 4th Party challenges & opportunities to measure & mitigate risks.
Breaches Anticipated in 2022 as Cyber Security Posture so LowKevin Duffey
Sample of over 500 breaches anticipated by SecurityScorecard, as cyber security posture was so low before the ransomware gang or other cyber attack succeeded.
For daily insights follow Cyber Rescue at https://www.linkedin.com/company/cyber-rescue-alliance/posts/
Cyber Insurance - Best Insights of June 2022.pptxKevin Duffey
Cyber Insurance: best insights of June 2022 to help firms improve their cyber resilience against ransomware and other cyber attacks for operational resilience and business continuity.
Best Cyber Risk Insights from 100 reports published in year to March 2022Kevin Duffey
March 2022: includes Budgets, Salaries, Certifications, Ransoms Paid, Business Losses, emerging Threats and how to Respond to cyber attack. Download and share, because every graph in the the pdf is hyperlinked to a detailed report.
Breaches Anticipated - because firms have weak cyber security visible to hac...Kevin Duffey
March 2022: This document lists hundreds of firms that had a low cyber risk score on SecurityScorecard, for months before they were breached, often by ransomware gangs. If you're responsible for your firm's security, operational resilience or cyber insurance, it's well worth five minutes.
Breaches anticipated in 2021 - Published 14th Jjune 2021Kevin Duffey
New report shows 92 breaches anticipated at firms with weaker cyber security posture than their peers.
So forward this report to your colleagues now, and ask: "which of our Suppliers is most likely to be breached today?"
If your colleagues can't give you graphs like these, just send an email to Assistance@CyberRescue.co.uk and we'll give you a complementary report, to help you measure and manage cyber risk across your supply chain.
Cyber Resilience: managing 3rd Party Risks in Financial ServicesKevin Duffey
Presentation given to Chief Risk Officers, Heads of Operational Resilience and CISOs at the annual Marcus Evans conference on Operational Resilience and Business Continuity in Financial Services.
Includes how to measure, mitigate and manage cyber vulnerabilities at outsourcing firms and other suppliers of critical ("material") services, as expected by regulators like the Bank of England / Prudential Regulatory Authority, European Banking Authority, and Financial Stability Board.
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...Kevin Duffey
Presented to an expert audience at the PrivSec Congress in London on 4th Feb 2020, this presentation uses PayPal & Travelex as topical examples, showing why cyber security of private data processed by suppliers is an increasing concern of Financial Regulators.
And then it demonstrates what your peers are doing to comply with those new regulations.
Let’s work together to mitigate risks.
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Kevin Duffey
Chief Risk Officers and CISOs from 25 of our customers & friends debated their SMART objectives for 2020. Here's the results, showing who to involve and how to report progress on cyber risk across 3rd parties during 2020.
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019Kevin Duffey
Opening keynote presentation at Operational Resilience in Financial Services summit, with Freshfields, UK Finance and City & Financial Global. Focus on measuring cyber risk at suppliers to mitigate harm.
London First - cyber attack simulation - 22nd May 2018Kevin Duffey
London First is an association of prestigious companies, working together to make London the best place in the world for business. Cyber Resilience is part of that work, so senior executives were taken through this interactive simulation.
Cyber Attack Simulation for 450 ExecutivesKevin Duffey
Cyber Attack Simulation for 450 Executives at the Finance Malta conference, in May 2018. Will your Board Directors also disagree on how to respond to a Breach?
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...Kevin Duffey
Estonia is famously a leader in digital and cyber technology. This short simulation was presented to Estonian executives, experts and government representatives. It is a very short version of the sort of executive simulation we run for large enterprises across Europe. Follow us at - https://www.linkedin.com/company/cyber-rescue-alliance/
The Security Director's Practical Guide to Cyber SecurityKevin Duffey
Presented at the annual UK Security Expo in London, to help traditional Security Directors understand and feel confident about the practical ways in which their role should extend to cyber security issues. This presentation was followed by a simple cyber attack simulation (not shown here).
Presented by Barrie Millett and Kevin Duffey of Cyber Rescue.
In the Adani-Hindenburg case, what is SEBI investigating.pptxAdani case
Adani SEBI investigation revealed that the latter had sought information from five foreign jurisdictions concerning the holdings of the firm’s foreign portfolio investors (FPIs) in relation to the alleged violations of the MPS Regulations. Nevertheless, the economic interest of the twelve FPIs based in tax haven jurisdictions still needs to be determined. The Adani Group firms classed these FPIs as public shareholders. According to Hindenburg, FPIs were used to get around regulatory standards.
Top mailing list providers in the USA.pptxJeremyPeirce1
Discover the top mailing list providers in the USA, offering targeted lists, segmentation, and analytics to optimize your marketing campaigns and drive engagement.
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...my Pandit
Dive into the steadfast world of the Taurus Zodiac Sign. Discover the grounded, stable, and logical nature of Taurus individuals, and explore their key personality traits, important dates, and horoscope insights. Learn how the determination and patience of the Taurus sign make them the rock-steady achievers and anchors of the zodiac.
An introduction to the cryptocurrency investment platform Binance Savings.Any kyc Account
Learn how to use Binance Savings to expand your bitcoin holdings. Discover how to maximize your earnings on one of the most reliable cryptocurrency exchange platforms, as well as how to earn interest on your cryptocurrency holdings and the various savings choices available.
buy old yahoo accounts buy yahoo accountsSusan Laney
As a business owner, I understand the importance of having a strong online presence and leveraging various digital platforms to reach and engage with your target audience. One often overlooked yet highly valuable asset in this regard is the humble Yahoo account. While many may perceive Yahoo as a relic of the past, the truth is that these accounts still hold immense potential for businesses of all sizes.
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesHolger Mueller
Holger Mueller of Constellation Research shares his key takeaways from SAP's Sapphire confernece, held in Orlando, June 3rd till 5th 2024, in the Orange Convention Center.
Navigating the world of forex trading can be challenging, especially for beginners. To help you make an informed decision, we have comprehensively compared the best forex brokers in India for 2024. This article, reviewed by Top Forex Brokers Review, will cover featured award winners, the best forex brokers, featured offers, the best copy trading platforms, the best forex brokers for beginners, the best MetaTrader brokers, and recently updated reviews. We will focus on FP Markets, Black Bull, EightCap, IC Markets, and Octa.
Company Valuation webinar series - Tuesday, 4 June 2024FelixPerez547899
This session provided an update as to the latest valuation data in the UK and then delved into a discussion on the upcoming election and the impacts on valuation. We finished, as always with a Q&A
Recruiting in the Digital Age: A Social Media MasterclassLuanWise
In this masterclass, presented at the Global HR Summit on 5th June 2024, Luan Wise explored the essential features of social media platforms that support talent acquisition, including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok.
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.AnnySerafinaLove
This letter, written by Kellen Harkins, Course Director at Full Sail University, commends Anny Love's exemplary performance in the Video Sharing Platforms class. It highlights her dedication, willingness to challenge herself, and exceptional skills in production, editing, and marketing across various video platforms like YouTube, TikTok, and Instagram.
Building Your Employer Brand with Social MediaLuanWise
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement – helping to position your organization as an employer of choice in today's competitive talent landscape.
1. Lessons Learned from Equifax Breach
Dr Chaditsa Poulatova
Cyber Rescue
International Advisor
16th May 2018
These sides can be downloaded from our LinkedIn page:
www.linkedin.com/company/cyber-rescue-alliance
Or at this short URL: www.tinyurl.com/cyber999
2. LESSONS TO BE LEARNT AND
MISTAKES NOT TO BE REPEATED
1. Mitigating the Cyber Risks is a Cross-departmental issue
2. Good Governance vs Poor Governance
3. A well thought response plan in place: who to be informed and when?
4. Communication channels should be prepared in advance
5. Cyber Security Ethos is needed across all sectors
Who should be in charge?
All employees should get the ‘basics’ right!
3. WOULD YOU INVEST IN THIS BUSINESS?
Things looked good for the leadership of Equifax:
a $17 billion market value, and praise for innovation.
Share Price since start of2017
4. HOW THINGS LOOKED BEFORE BREACH
Things looked good for the leadership of Equifax:
a $17 billion market value, and praise for innovation.
5. VIEW FROM THE INSIDE = DISTINGUISHED!
John J. Kelley III
Mr. Kelley achieved a rating of “Distinguished” on his
individual objectives for 2016. These objectives included:
• Directing and improving the effectiveness and efficiency of the
Company’s regulatory and government relations operations
• Continuing to improve business unit support and alignment.
• Continuing to refine and build out the Company’s global
security organization.
Mr Kelley received $2.8m compensation including performance
bonus, an 8% increase on the previous year.
Mr Kelley’s contract guarantees a $758,000 pension contribution
if terminated for cause, or $11.3m if terminated without cause.
Senior management were confident.
They were getting results. “Distinguished” results… .
6. VIEW FROM THE OUTSIDE = VULNERABLE!
John J. Kelley III
But what could hackers see?
The above shows vulnerabilities visible from outside.
7. HOW WAS TEAMWORK IN THE MIDDLE?
John J. Kelley III
Equifax says their CFO (above) wasn’t told in a timely way about the breach.
Which is unfortunate, as he sold some shares a few days later… .
Were cyber
vulnerabilities
always reviewed
in a timely way
by the Board?
Was there a plan
for informing
senior execs
about material
cyber incidents?
8. WHAT DID THEY KNOW, WHEN DID THEY KNOW IT?
May 16th
July 29th
August 2nd
Sept 7th
Equifax now believes it was breached before this date
Equifax managers discovered the data breach
Equifax CFO sold 13% of his shares in Equifax
Equifax consultants register domains like equihax.com,
(to prevent some of the fraud that often follows a
breach announcement: criminal phishers spoofing its
domain to get money & data by fraud)
Equifax announces “cybersecurity incident” (after
markets close, and 41 days after breach discovered)
Breach
Identified
Trading
Preparation Sept 5th
Notification
Is 41 days fast enough? When should the CFO be told?
Did Equifax’s leaders pull together to fix things?
10. HOW DID THEY ANNOUNCE? TO WHAT RESPONSE?
Breach affects 143 million people = half the USA
Social Security number, credit card numbers,
home address and birth dates among data lost.
Allegedly, data taken via open-source software,
Apache Struts (for building web applications).
(Two thirds of Fortune 100 companies are using
Apache Struts.)
11. Breach affects 143 million people = half the USA
Social Security number, credit card numbers,
home address and birth dates among data lost.
Allegedly, data taken via open-source software,
Apache Struts (for building web applications).
(Two thirds of Fortune 100 companies are using
Apache Struts.)
Social media reacts within seconds.
HOW DID THEY ANNOUNCE? TO WHAT RESPONSE?
12. AND HOW GOOD WAS THE HELP THEY ANNOUNCED?
Some browsers blocked access
to the site, as it looked like a
scam. (The site wasn’t registered
to Equifax, & its certificates didn’t
perform proper revocation).
The site runs WordPress, which
isn’t very secure.
Frustrations: On Sept 8th the site
told many users to check back on
13th to see if they were affected.
13. THEIR GESTURE OF CREDIT MONITORING
Free credit monitoring is offered on site.
Conflict of interest? Some complain the
monitoring services is owned by Equifax,
and is often used to sell other services.
Legal Conflict? Those who accept the
credit monitoring seem to automatically
give up their right to sue Equifax.
A credit freeze is recommended by many
experts (eg Brian Krebs).
16. SOME RISKS THE 143 MILLION INDIVIDUALS NOW FACE
Tax Refund Fraud Loan Account Fraud
Credit Card Fraud Benefits Fraud
17. Equifax Share Price
since start of2017
Each share was worth$142
at the start of Sept 2017,
giving Equifaxa market
value of $17.2billion.
In 3days, the value fell
exactly a third, wipingout
over $5billion ofvalue.
VALUE DOWN $5 BILLION IN 3 DAYS TRADING
18. CALLED IN FRONT OF THE SENATE
“AsCEO I was ultimately responsible….
“An unpatched vulnerability allowed hackers toaccess
personal identifying information….
“We struggled with the initial effort to meet the
challenges that effective remediation posed….
“Experts told usto prepare for exponentially more attacks
after the notification, from “copycat”attempts….
“The challenge of building a website to notify consumers
proved overwhelming. Regrettably, mistakes weremade.
143 million consumers were notified of the breach, and
7.5 million have registered for ourremediation offer.
Before I decided to step down as CEO, our CIO and CISO
also left thecompany.
Full transcript: https://www.cyberrescue.co.uk/library/response#equifaxoct2017
19. WHAT DOES THE EQUIFAX EXPERIENCE
INSPIRE YOU TO DO, TODAY?
If you were Mark L. Feidler, what would you have done differently?
What actions should your organisation take?
• Provide Online Training about Cyber Risks to staff
• Run Security Scorecard on your (supplier) systems
• Every department needs to prepare to mitigate the
operational, commercial and reputational damage
from a breach.
20. Lessons Learned from Equifax Breach
Dr Chaditsa Poulatova
Cyber Rescue
International Advisor
16th May 2018
These sides can be downloaded from our LinkedIn page:
www.linkedin.com/company/cyber-rescue-alliance
Short URL: www.tinyurl.com/cyber999