The webinar discusses the rising threat of cybercrime, particularly focusing on data breaches and ransomware, including a detailed overview of the current landscape and the primary causes of breaches. It highlights the importance of breaches reporting, legislation, and best practices for prevention, such as encryption and employee education. The discussion also provides insights into significant data breaches in healthcare and education in 2014, emphasizing the need for organizations to adopt robust security measures.

1. The #1 Cause of Data Breaches
and 3 Ways to Avoid Them
WEBINAR
September 2014
Copyright ©2014 Kaseya 1

2. Speakers
Alex Brandt
Vice President, Americas, Kaseya
Alex Brandt is Vice President, Americas at Kaseya where he manages the national sales force and go-to-market strategies for
Kaseya’s North American customer base. Alex’s career reflects 20 years of experience working with MSPs and IT
organizations to more efficiently manage IT to drive the success of their businesses.
Cynthia James
Global Director Business Development, CISSP, Kaspersky Lab
Cynthia James is Global Director of Business Development at Kaspersky Lab where she has spent the last 7 years. She is a
frequent presenter and blogger on cybercrime topics for hardware and software developers like Kaseya who integrate
Kaspersky’s anti-malware technology into their products. She obtained her CISSP in 2011.
Copyright ©2014 Kaseya 2

3. Agenda
• Threatscape level set -
• 3 worst things going on in cybercrime today
• Ransomware
• Breach definition, legislation and reporting
• The #1 cause of data breaches in 2014
• Top 3 tactics to defeat a breach
• Other security essentials
• Solutions & Case Studies
• Winner of $100 Amazon Gift Card
• Q & A
Copyright ©2014 Kaseya

4. Where are, where we’ve come from
• 200K unique pieces of malware in 2006; 315K per DAY by Q4 2013
• Cybercrime will NEVER stop
(Over
315K/day )
Where many end users
think we are

5. Security threats in 2014
Cybercriminals earn over $100 billion annually!
1. No need to be technical:
malware can be rented – it’s easier than ever
2. Cybercrime markets extremely
organized and sophisticated –
anything can be sold
3. Constant innovation and debugging
- by us!

6. Ransomware
• Cryptolocker – a encryption Trojan (Sept 2013)
• Estimated $27M earned in first 2 months (41% vs 3%
paid)
• Huge issue in Russia
• 52% of infections are in the US
• Spread primarily thru spam & phishing
• Goes after backup files if they are on the network
• Can spread from home network thru VPN to corporate
network
• 2.0 “version” in December + CryptoDefense, etc.

7. Let’s talk about data breaches!
• Definition: “an unauthorized person viewed,
copied, transmitted, used or took possession of
sensitive, protected or confidential data”
1. Did they only have access or did actually view it or take
possession of it?
2. Is there reason to believe they misused it?
3. How many records?
• Why report if no one* will find out?
• *victims, employees, customers, law enforcement, the
press, banks, compliance agencies

8. The data breach reporting problem
• Typical breach-reporting language: “when there is a
reasonable likelihood of harm”; “tell victims in a
timely manner”
• Who to report to? Feds, state, agency?*
• Three states have NO laws
1. Breach notification is costly
– Process, fines, loss of customers, lawsuits
2. No one ever wants to report a breach
3. We don’t hear about the majority of breaches!
4. When we do hear…it’s about PII

9. Legislation & Compliance – it’s only
about PII (although IP matters too)
• Compliance (HIPAA, etc.)
• Federal: US is working to unify breach laws – adding prison
terms for knowingly concealing a breach
• EU will complete that this year (2014)
across 28 European countries –
to apply to any company with data
from EU citizens
• How soon post-breach to report
• What to report
• How to notify customers
• Compliance rules (security minimums, fines, etc.)
• Up to 2% of gross revenues, breaks for SMBs
• Canada – stronger than US law, not as strong as Europe
• Who’s PII are you holding?

10. Looking at breaches: the research
• Who is most likely to report?
• Healthcare – due to HIPAA
• Education – due to HIPAA (on campus healthcare) or
“code of ethics” or transparency or liability
• What are they reporting?
• PII
• How likely is it that we get full reporting?
• Except for Healthcare: far less than 100%

11. University of Maryland breach
• 287,000 records stolen
• 78% were purged after the fact!
• $5M allocated
• Biggest take-away:
• The Three Ps –
• Purge (free)
• Push off-line (cheap)
• Protect (expensive: cost of layers + liability)

12. Biggest Breaches in Education 2014
• College of the Desert, CA – inadvertent email, PII on all employees
• Douglas County School District, Colorado – via stolen laptop
• Univ of Illinois, Chicago – haven’t said yet how many
• Orangeburg Calhoun Tech College, Orangeburg, SC – 20K via stolen laptop
• Penn State College of Medicine - 1176 student records
• University of California Irvine – 1.5 months of key logging student health center
• Uxbridge School District and Milford Schools – 3K students, laptop stolen from a 3rd party billing
provider (Multistate Billing Services)
• Butler University, Indianapolis – 160K records hacked (informed by law enforcement)
• Orange Public School District – teen hacked grades, is being charged
• The University California, Washington Center – didn’t say how many
• Riverside Community College – 35K students – emailed file to the wrong address
• Stanford Federal Credit Union: 18K emailed to the wrong employee (destroyed?)
• Arkansas State University College – “unauthorized access”
• Iowa State – 30K hack
• University Pittsburgh Medical Center – 27K (originally reported 800)
• UMASS Memorial (May) malicious insider hack

13. Biggest Breaches in Healthcare
2014
• Community Health Systems – 4.5 million records…+IP?
• Access Health Connecticut – employee backpack stolen w/500 patient documents
• Rady’s Children’s Hospital, San Diego, CA – 14K patient data emailed out by mistake
• Redwood Regional Medical Group, Santa Rosa, CA 33K patients‘ information on a stolen
thumb drive “back up” left in a “zipped container in an unlocked locker”
• Boulder Community Health, Boulder, CO – “friendly” hack (warning)
• Blue Shield of California, San Francisco – “inadvertent disclosure”
• St Vincent Breast Center, Indianapolis – “inadvertent disclosure via letters”
• Apple Valley Christian Care Center, Apple Valley, CA – breach via “technical glitch”
• 3K patients at Bay Area Pain Medical Associates in Sausalito, CA - stolen laptop
• Penn Medicine – receipts stolen from unlocked office at Pennsylvania Hospital
• Baylor Regional Medical Center, Dallas TX – phishing scam to physicians, at least partially
successful, may have compromised database
• Vermont Health Exchange – easily hacked because default password not changed nor was the
list of authorized people restricted. “No customers compromised”

14. Characterizing breaches in 2014
• Healthcare – records are constantly on the move (Fin Serv
too)
• 85% employee error
• 15% deliberate
• Education Breaches 2014
• 55% based on employee error or stolen, unencrypted laptops
• 45% deliberate hacks
• Almost 100% of these are outside hackers:
• Federal agencies
→ The #1 cause is employee error!!!*
* Doesn’t include the times employees open the door to cybercriminal attacks

15. Top 3 protection strategies
1. Encrypt PII and other valuable data
• At rest or in motion
• Outsource if possible
2. Practice the three Ps for all valued data
• Purge
• Push off-line OR
• Protect
3. Restrict access to only educated employees

16. Employee education
• Make the case based on
failure rates of employees
in your business sector
• Education should be mandated for access to PII
• Will liability or fines be the outcome of future forensics
investigations? (RSA’s $72M man)
• What’s the cost of a breach compared to a
harassment lawsuit?
• A good goal: BEGIN fostering a sense of mutual
accountability for security

17. Other security essentials!
• Forced, automated, application patching
• Remove unused apps (requires inventory)
• Enforced Policies – access, compliance, passwords
• Oversight: ensure logging, auditing, reporting
• To meet compliance
• Support forensics work to ascertain cause
• Keep backups off network!
Copyright ©2014 Kaseya

18. About Kaspersky Lab
• Founded in 1997; largest private
anti-malware company – 100%
focused on anti-malware
• Over $700M annual revenues
• Presence in 27 countries: CEO is Russian; incorporated
in the UK; new to US market in 2005
• #1 vendor in Germany, France, Spain, Eastern Europe
• Protecting over 300 million end points
• Top supplier to OEMs/ISVs of anti-malware worldwide

19. About Kaseya
• Founded in 2000
• Over 10,000 customers and a presence in over 20
countries
• Award-winning IT systems management software offered
both in the cloud and on-premise
• Serving both Managed Service Providers and middle-market
IT departments
• Serving customers across industries including retail,
manufacturing, healthcare, education, government,
media, technology, finance, and more
Copyright ©2014 Kaseya

20. About AuthAnvil acquisition
• Kaseya acquired Scorpion Software in August
• Multi-factor authentication
• Single sign on (SSO) and web-based SSO
• Password management
• Secure, easy access to applications, from any device
• Industry’s first comprehensive and integrated Security
and IT Management as a Service solution
Copyright ©2014 Kaseya

21. How Kaseya can help your security
• Single pane of glass to manage and secure your
systems
• Integrated AuthAnvil
• Integrated Kaspersky AV
• Patch management to keep OS and software up-to-date
and free of vulnerabilities
• Policy management and automation to reduce human
error and ensure compliance
• Logging and reporting to ensure infrastructure
compliance
Copyright ©2014 Kaseya

22. Case Studies – Shield Watch
• Cryptolocker detected
• Ransom = 3 bitcoins per machine
• Timeline
• Deactivated server and workstation network cards
• Kicked off KAV scan on each machine
• Quarantined infected machine
• Put others back on network
• Restored corrupted files from VSS
• Network restored in 1 hour, 35 minutes
• Infected workstation restored from image 10 minutes later
• 1 hour 45 minutes from detection to full fix
Copyright ©2014 Kaseya

23. Case Studies – True North
• Stolen laptop with PII on the hard drive
• Timeline
• Sent alert when laptop was booted up
• Removed company data & PII
• Took control, under the radar so basic functions still worked
• Captured screenshots of the thief’s activity, including
Facebook post: “YES got a new lap top today!!!and I’m loving
it”
• Obtained name and photo from Facebook and sent to police
• Recovered laptop and restored from backup
• 48 hours from theft alert to operational machine
Copyright ©2014 Kaseya

24. Questions and Answers
#Kaseya
Copyright ©2014 Kaseya 24