Data breaches and security issues plague financial institutions constantly. They are important to safeguard against for the protection of confidential information housed at institutions and for the regulatory exams that expect detailed security plans in place. Douglas Jambor, Vice President and Director of Technology Consulting at Turner & Associates, provides insight into the topic of data breaches and penetration testing. He reviews these security topics, discusses how to implement a plan in the case of a security breach, and how to limit data breach risk exposures to your organization.
2. Financial information company that provides
credit and risk management solutions to
financial institutions
Data and applications used by thousands of
financial institutions and accounting firms
across North America
Awards
◦ Named to Inc. 500 lit of fastest growing privately
held companies in the U.S.
◦ Named to Deloitte Technology Fast 500
3. Turner and Associates, Inc., was formed in 1994 in
Columbus, Ohio to address the financial needs of
small businesses and the lending functions of Banks.
4. Data Breaches
◦ Lessons Learned
◦ Key Takeaways
5. So, what are data breaches?
◦ Unintended disclosure of sensitive information
◦ Cyber Attacks
◦ Payment card fraud
6. Data breaches are also caused by:
◦ Malicious insiders
◦ Physical data loss
◦ Portable device loss
7. Lastly, data breaches could be caused by:
◦ Hardware loss
◦ Unknown data loss
8. History of the 10 largest data breaches:
1. Shanghai Roadway (March, 2012)
150 Million records
2. Heartland Payment Systems (January, 2009)
130 Million records
3. T.J. Maxx (January 2007)
94 Million Records
9. History of the 10 largest data breaches:
4. TRW / Sears Roebuck (June,1984)
90 Million records
5. Sony Corporation (April, 2011)
77 Million records
6. Unknown Company (August, 2008)
50 Million Records
10. History of the 10 largest data breaches:
7. Card Systems (June, 2005)
40 Million records
8. Tianya (December, 2011)
40 Million records
9. Steam On-line Gaming (November, 2011)
35 Million Records
11. History of the 10 largest data breaches:
10. SK Communications (July, 2011)
35 Million records
12. 2011 was a game changer
◦ Four of the top
10 biggest data
breaches happened
this year
13. 2011 was a game changer
◦ Hackivism come
through the doors
22. Industry groups represented by percent of
breaches
◦ Verizon 2012 DBIR:
23. Industry groups represented by percent of
breaches
◦ Verizon 2012 DBIR:
24. Threat agents over time by percent of
breaches
◦Verizon
2012 DBIR:
25. Compromised assets by percent of breaches
and records
◦ Verizon
2012 DBIR:
26. Timespan of events by percent of breaches
◦ Verizon
2012 DBIR:
27. So why are data breaches so damaging?
◦ They impact your organization’s bottom line
◦ Average cost is almost $18K per day
◦ All industries are susceptible data breaches
28. Average annualized cyber crime cost
weighted by attack frequency
◦ Ponemon:
29. Percentage cost for external consequences
◦ Ponemon:
30. Responding to a data breach - percentage
cost by internal activity centers
◦ Ponemon:
31. What should we consider prior to a data
breach?
◦ Ensure you have developed and tested an Incident
Response Plan
32. Incident Response Plan
Step one
◦ Build a response team
33. Incident Response Plan
Step two
◦ Assign a lead/liaison
34. Incident Response Plan
Step three
◦ Ensure everyone knows their job tasks
35. Incident Response Plan
Step four
◦ Create the contact list
36. Incident Response Plan
Step five
◦ Create a checklist
37. Incident Response Plan
Step six
◦ Document the entire process
39. How do you limit your exposure to a data
breach?
◦ Perform due diligence on pen testers, internal
auditors, and critical vendors
40. How do you limit your exposure to a data
breach?
◦ Read penetration test EL
41. How do you limit your exposure to a data
breach?
◦ Smaller institutions
42. How do you limit your exposure to a data
breach?
◦ Perform gap analysis of the SANS 20 Critical
Security Controls
43. How do you limit your exposure to a data
breach?
◦ If you see bad behavior, call it out
44. How do you limit your exposure to a data
breach?
◦ Invest in security
45. Data breaches described in today’s webinar
have been publicly reported and easily
available over the Internet.
Major Sources include:
◦ http://www.ponemon.org
◦ http://datalossdb.org/
◦ https://www.privacyrights.org/
◦ http://www.databreaches.net/
◦ http://www.ftc.gov/
◦ Verizon 2012 Data Breach Investigations Report
46. Website: www.sageworksinc.com
Phone: (919)-851-7474 ext. 693
Helpful links and resources:
◦ www.sageworksanalyst.com/resources.aspx
◦ web.sageworksinc.com/bank-webinars/
Find us on twitter: sageworksdata