More Related Content


More from Ulf Mattsson(20)


Data Protection & Privacy During the Coronavirus Pandemic

  1. Data Protection & Privacy During the Coronavirus Pandemic mashviral Ulf Mattsson
  2. Data Protection & Privacy During the Coronavirus Pandemic mashviral Please submit your questions during our session!
  3. 1. Head of Innovation at TokenEx 2. Chief Technology Officer at • Protegrity • Atlantic BT • Compliance Engineering 3. Architect & Developer at IBM Research and Development 4. Inventor of more than 70 awarded US Patents 5. Products and Services • Data Encryption, Tokenization, and Data Discovery, • Security and Privacy Benchmarking/Gap-analysis for Financial Industry • Managed Security Services, and Security Operation Centers • Cloud Application Security Brokers, and Web Application Firewalls, • Robotics and Applications in Manufacturing, Ulf Mattsson 3
  4. Data from different sources: WHO, CDC, NHC, earlyAlert and more
  5. Global Risk Perception Source: ISSA
  6. Source: ISSA Evolution of Cyber Attacks
  7. Source: The US FEDERAL TRADE COMMISSION (FTC) , 2019 Credit card fraud tops the list of identity theft reports in 2018 • FTC received nearly three million complaints from consumers in 2018 • The FTC received more than 167,000 reports from people who said their information was misused on an existing account or to open a new credit card account
  8. Mass move to work from home in coronavirus crisis creates opening for hackers: cyber experts us-health-coronavirus-cyber/ mass-move-to-work-from-home- in-coronavirus-crisis-creates-opening- for-hackers-cyber-experts-idUSKBN2153YC Passwords Masquerading Update VPN
  9. New Windows 10 bug hits home working: Outlook, Office 365, Teams can't access internet 10aaa6b&bhid=29092732071845353741741261859287
  10. FBI: Cybercrime Gang Mailing 'BadUSB' Devices to Targets Malicious USB Devices Accompanied by Fake Gift Cards to Entice Would-Be Victims 31_ENEWS_SUB_DBT__Slot1_ART14029&mkt_tok=eyJpIjoiT1RBd1ltRXpaamsxTmpFMCIsInQiOiJQYnh5YWtpVVZqNThvb0RldkszS1F6dFExUXBLS1wva1RmTmhrVkdhckIrSWdYV2dTeFVBNDZcL3FPTFBxM El5NXRGZExmV29KaEJhbGsyMFJDXC8ycDZlR3dOeHdpN1V6WjNEUlRkWmE3Y09NMXd6RXNPNGVaZkhtWDNaNmluVlN2NzlOVEJOQUZYWmFxaXdSMENJVkxcLzNBPT0ifQ%3D%3D
  11. Email Fraudsters Take Advantage Of Coronavirus Opportunity , Mar 2020 Officials are warning of a rise in phishing attacks, while retailers have also been warned about fraud risks, with Amazon recently removing 1 million products for allegedly making fraudulent claims, recent Forbes reports said. “Another side effect of the Coronavirus is increased teleworking, which furthers the reliance on email for communication adding yet another multiplier to these email fraud schemes,” the U.S. Secret Service Department of Homeland Security wrote in a warning published earlier this month. $2.1 billion in losses were reported to the FBI as a result of hackers targeting Microsoft Office 365 and Google G suite in a slew of business email compromise attacks, Bleeping Computer reported earlier this month. The attacks that target workforce platforms reflects fraudsters’ shift to cloud email services as businesses themselves migrate away from on-premise email systems, the publication noted, with the FBI warning that fraudsters are infiltrating these email portals to better mimic legitimate employees to conduct their scams. Trust only original/known links/sources!
  12. Coronavirus: Warning over surge in Zoom security incidents Check Point researchers have observed a surge in suspicious Zoom domains as cyber criminals target popular remote working and collaboration tools incidents?asrc=EM_EDA_125549257&utm_medium=EM&utm_source=EDA&utm_campaign=20200331_Coronavirus:%20Warning%20over%20surge%20in%20Zoom%20s ecurity%20incidents 70 have now been identified as fake sites, which are impersonating genuine Zoom domains with the intention of capturing and stealing personal information. The numbers reinforce a trend for cyber criminals to take advantage of home working via Zoom, which is used by over 60% of the Fortune 500, and has been downloaded more than 50 million times from the Google Play app store. “We have seen a sharp rise in the number of Zoom domains being registered, especially in the last week,” said Omer Dembinsky, manager of cyber research at Check Point. “This increase means that hackers have taken notice of the work-from-home paradigm shift that Covid-19 has forced, and are seeing it as an opportunity to deceive, lure and exploit people. “Each time you get a Zoom link or document messaged or forwarded to you, we recommend double- checking to make sure it’s not a trap.”
  13. China Suspected In Surge Of US Cyberattacks cyberattacks/ Cyberspying 13
  14. Working in a coronavirus world: Strategies and tools for staying productive -and-tools-for-remote-work-during-coronavirus// We tend to prefer the choice that ticks all the technical boxes and/or is the most trusted/cost-effective. However, if you want your investment in remote work to pay off, pay special attention to whether the average worker will be easily able to use your solution, as tools for digital access span the range of complexity and user experience. Whenever possible, put a strong emphasis on tools that are simple, straightforward, and "just work." The risk in not doing so is that your support costs for remote work will simply be higher, with less to show for it in terms of preserving productivity, as workers spend more of their time getting the solution to work. 14
  15. Coronavirus: How one team switched 4,000 staff to remote working in just a week Delivering laptops 15 Example: Separate laptops for Work vs Private (Working from home for several years)
  16. walmart-says-its-seeing-increased-sales-of-tops-but- not-bottoms-202959379.html , The Independent Amid coronavirus, Walmart says it's seeing increased sales of tops — but not bottoms
  17. Authentication and Passwords Business Data VPN tunnel performanceInternet access Working in a coronavirus world: Strategies and tools for staying productive -and-tools-for-remote-work-during-coronavirus// Remote worker Enterprise 1 7 2 3 Microsoft Teams, Zoom 5 17 Tele-health 4 eLearning 6
  18. Mobile and Desktop Operating Systems Market Share 18 Windows •In April 2019, Windows had a desktop market share of 79.24%. (Source: StatCounter) •Windows 10 had a desktop/laptop market share of 39.22%. This established it as the most popular operating system on the market. (Source: The Inquirer) •Windows 7 was used by 33.38%. (Source: StatCounter) •6.05% of users relied on Windows 8.1. (Source: StatCounter) •2.2% of people used Windows 8. (Source: StatCounter) •5.26% of Windows PCs still ran on Windows XP. (Source: WIRED) •Microsoft’s revenue for 2018 was $110.36 billion. That is a 14.28% increase since 2017. (Source: Macrotrends) •Microsoft’s revenue for Q1 of 2019 was $30.571 billion. (Source: Macrotrends) Mac •OS X reached a 14.64% desktop market share during the period of April 2018 – April 2019. (Source: StatCounter) •MacOS reached 9.65% of the desktop/laptop OS market share in February 2019. (Source: AppleWorld) Upgrade to Windows 10 ! Keep Updated / patch
  19. Malwarebytes: *: how-to-defend-against-this-password-stealing-tool.html 1. Enable BitLocker. ... 2. Use a "local" login account. ... 3. Enable Controlled Folder Access. ... 4. Turn on Windows Hello. ... 5. Enable Windows Defender. ... 6. Don't use the admin account. ... 7. Keep Windows 10 updated automatically. ... 8. Backup. Source: Forbes How To Secure Microsoft Windows 10 There’s been an increasing move over the last two years to organizations over consumers. Overall consumer threat detections are down by 2 percent from 2018, but business detections increased by 13 percent in 2019. This resulted in a mere 1 percent increase in threat volume year-over-year. The sophistication of threat capabilities in 2019 increased, with many using exploits, credentialstealing tools, and multi-stage attacks involving mass infections of a target. While seven of 10 top consumer threat categories decreased in volume, HackTools—a threat category for tools used to hack into systems and computers— increased against consumers by 42 percent year-over- year, bolstered by families such as MimiKatz*, which also targeted businesses. 19
  20. PC Backup Example 20
  21. The Best Password Managers for 2020 Example 21
  22. Example of Password Manager (Free Edition) 22
  23. Examples of Anti-virus Software products Enterprise AV Product Issues (Source: Remtcs-secure): 1 2 3 4 No built in vulnerability scanner to detect CVEs (common vulnerability and exposures) on local hosts x x x Cloud only deployment model x x No domain reputation filtering x x No built in searchable database of CVE with direct links to mitigation details x x No built in sandboxing x x The sandbox is cloud based and not local to the appliance. Malware must be sent over for analysis, increasing discovery latency x No CSO (Chief Security Officer) level reporting x High false positive rate x Must have cloud connectivity to see advanced alerts x No Active Directory Integration x Only supports Firewall integration with one vendor x Endpoint only. No visibility into network proliferation of files/malware x Malware remediation requires separate software and licensing x Cannot determine the entry point for malware x Can block a file from executing, but does not remove the file x No domain reputation filtering x Threat intel and malware analysis not included by default x No built in searchable database of CVE with direct links to mitigation details x Complex and labor intensive management x Product 19 Issues with 4 major AV products 23 PCI DSS - Requirement #5 Source: Antivirus Software (2020):
  24. Example 24 Windows Defender is better than nothing, but McAfee's premium software is much more comprehensive in terms of advanced features and utilities. Also, independent tests prove that McAfee is better than Windows Defender in terms of both malware detection and system performance. Feb 19, 2020, https://www.proficien ws-defender-vs- mcafee/
  25. Wi-Fi Protected Setup , Fi_Protected_Setup Here's how WPS connections can be performed: 1.First, press the WPS button on your router to turn on the discovery of new devices. Then, go to your device and select the network you want to connect to. The device is automatically connected to the wireless network without entering the network password. 2.You may have devices like wireless printers or range extenders with their own WPS button that you can use for making quick connections. Connect them to your wireless network by pressing the WPS button on the router and then on those devices. You don't have to input any data during this process. WPS automatically sends the network password, and these devices remember it for future use. They will be able to connect to the same network in the future without you having to use the WPS button again. 3.A third method involves the use of an eight-digit PIN. All routers with WPS enabled have a PIN code that's automatically generated, and it cannot be changed by users. You can find this PIN on the WPS configuration page on your router. Some devices without a WPS button but with WPS support will ask for that PIN. If you enter it, they authenticate themselves and connect to the wireless network. 4.A fourth and last method also involves using an eight-digit PIN. Some devices without a WPS button but with WPS support will generate a client PIN. You can then enter this PIN in your router's wireless configuration panels, and the router will use it to add that device to the network. 25 Use strong router password: “uppercase and lowercase letters, numbers, and special characters.”
  26. What Are WEP, WPA, and WPA2? Which Is Best? Example 26
  27. VPN use surges as coronavirus outbreak prompts huge rise in remote working The growth in employees forced to work from home due to the COVID-19 coronavirus outbreak has led to a huge spike in people using business virtual private networks (VPN) to secure their remote working. Figures released by VPN provider NordVPN revealed that global use of its virtual private network technology had increased by 165% since 11 March. A business VPN allows users to securely connect to corporate networks to send and receive files, data and applications from anywhere – which in many cases right now is going to be people's homes. The UK's National Cyber Security Centre (NCSC) has issued security advice on using VPN services and remote working in order to help both organisations and employees stay safe from cyberattacks – especially as, for many, this is the first time they'd had to work remotely. That advice includes recommendations for staff to use strong passwords and to use multi-factor authentication, if available, in order to reduce the chances of cyber criminals being able to compromise accounts. European cybersecurity agency ENISA* has also set out similar recommendations for securely working from home. *: 27
  28. Telemedicine is changing the way we see doctors 10aaa0g&taid=5e7f9ffeef5fb4000146a90e&utm_campaign=trueAnthem:+Twitter+Card&utm_medium=trueAnthemCard&utm_source=twitterCard 28 TechRepublic's Karen Roby, Macy Bayern, and Veronica Combs discussed the changes in healthcare during the coronavirus pandemic. The following is an edited transcript of their conversation. Karen Roby: One of the things that's really emerging is telemedicine. Veronica, I know you've put together some great articles here as far as what is available to people, how people can still see and talk to their doctors when they're in need. Talk a little bit about some of the resources that you've found and have been writing about, and how that can really help people at this time? Veronica Combs: I think people always consider the gold standard is a visit with your doctor, like I'm looking at you, you're looking at me. You can tell my health. But now, it's really flipped around that you don't really want to leave your house if you don't want to, and doctors don't really want you breathing on them if you don't have to. Some of the hospital and health systems on the coasts were faster to have these telemedicine platforms.
  29. •Ontario Telemedicine Network •Remote therapy •Ronald S. Weinstein •Tele-epidemiology •Teladoc •Telecare •Telemental health •Teleneuropsychology •Telenursing •Telepathology •Telepsychology •UNESCO Chair in Telemedicine •Telemedecine 360 Telehealth Resources 29 •Medicine portal •Technology portal •Telecommunication portal •American Telemedicine Association •American Well •Center for Telehealth and E-Health Law •Connected health •eHealth •In absentia health care •MDLIVE •Mercy Virtual •mHealth •National Rural Health Association
  30. Can I still use Voice-controlled Devices? 30
  31. The EU Agency for Cybersecurity's guidance and CERT-EU News Monitor 31
  32. CERT-EU News Monitor - Latest Threats 32
  33. European Union Agency for Cybersecurity ENISA Centre of Expertise 33
  34. UK police criticized for using drones to publicly shame walkers in coronavirus lockdown The UK is now following in the footsteps of Spain and Italy in drone usage. 10aaa0g&taid=5e80aa005ef37700017855a2&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitter
  35. How smart city tech is being used to control the coronavirus outbreak 10aaa0g&taid=5e8256ee9a7fcd0001c497db&utm_campaign=trueAnthem:+Twitter+Card&utm_medium=trueAnthemCard&utm_source=twitterCard In Singapore, the Government Technology Agency of Singapore launched TraceTogether on March 20 in collaboration with the Ministry of Health. • The TraceTogether app uses short-distance Bluetooth signals to connect one phone using the app with another user who is close by. • It stores detailed records on a user's phone for 21 days but does not include location data. • Authorities have said they will decrypt the data if there is a public health risk related to an individual's movements. China used a similar method to track a person's health status and to control movement in cities with high numbers of coronavirus cases. • Individuals had to use the app and share their status to be able to access public transportation. David Heyman, founder and CEO of Smart City Works said that the keys to addressing privacy concerns about high- tech surveillance by the state is anonymizing the data and giving individuals as much control over their own data as possible. • "Personal details that may reveal your identity such as a user's name should not be collected or should be encrypted with access to be granted for only specific health purposes, and data should be deleted after its specific use is no longer needed," he said.
  36. Increase in Privacy Rights And Regulations
  37. Are the EU GDPR, California CCPA or US HIPAA rules changing?
  38. In Times Of Pandemic, GDPR Still Applies, EU Warns warns/#744505616215 38 Ensure protection of personal data
  39. Source: IBM Encryption and TokenizationDiscover Data Assets Security by Design GDPR Framework core – Discovery, Encryption and Tokenization 39
  40. 40 Source: BigID
  41. Data sources Data Warehouse In Italy Complete policy- enforced de- identification of sensitive data across all bank entities Example of Cross Border Data-centric Security • Protecting Personally Identifiable Information (PII), including names, addresses, phone, email, policy and account numbers • Compliance with EU Cross Border Data Protection Laws • Utilizing Data Tokenization, and centralized policy, key management, auditing, and reporting 41
  42. 42
  43. CCPA Redefines Personal Data • According to “PI Vs PII: How CCPA Redefines What Is Personal Data” the CCPA definition “creates the potential for extremely broad legal interpretation around what constitutes personal information, holding that personal information is any data that could be linked with a California individual or household.” • CCPA states that ”Personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.“ • This goes well beyond data that is obviously associated with an identity, such as name, birth date, or social security number, which is traditionally regarded as PII. • It’s ultimately this “indirect” information–such as product preference or geolocation data that is material since it is much more difficult to identify it and connect it with a person than well-structured personally identifiable information 43
  44. HHS Issues Limited Waiver of HIPAA Sanctions Due to Coronavirus 44 Information sharing Information sharing
  45. PCI SSC is aware of the unprecedented situation caused by the spread of COVID-19 45
  46. eLearning – 2020 Workplace Learning 46 After years of being under-resourced, L&D (Learning and development, in human resource management) budgets are expected to continue to grow—shifting from Instructor-Led Training (ILT) to online learning—and executive buy-in continues to build. As we enter 2020, talent developers are focused on finding innovative ways to drive engagement, activate managers, and measure the business impact of learning. Simultaneously, they are looking ahead, preparing for the upskilling and reskilling revolution coming in the next 3-5 years, when digital transformation and automation are expected to have a greater impact on the workforce globally.
  47. eLearning – 2020 Workplace Learning 47
  48. eLearning – 2020 Workplace Learning 48
  49. A learning journey is a curated collection of learning content, both formal and informal, that can be used to acquire skills for a specific role or technology area.
  50. Encryption and Privacy Models 50
  51. True Data Privacy requires All of these techniques for On- prem, Hybrid and Cloud environments 51
  52. • Privacy enhancing data de-identification terminology and classification of techniques Source: INTERNATIONAL STANDARD ISO/IEC 20889 Encrypted data has the same format Server model Local model Differential Privacy (DP) Formal privacy measurement models (PMM) De-identification techniques (DT) Cryptographic tools (CT) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) Two values encrypted can be combined* K-anonymity model Responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator** The entity receiving the data is looking to reduce risk Ensures that for each identifier there is a corresponding equivalence class containing at least K records *: Multi Party Computation (MPC) **: Example Apple and Google ISO Standard for Encryption and Privacy Models 52
  53. Data Warehouse Centralized Distributed On- premises Public Cloud Private Cloud Vault-based tokenization y y Vault-less tokenization y y y y y y Format preserving encryption y y y y y Homomorphic encryption y y Masking y y y y y y Hashing y y y y y y Server model y y y y y y Local model y y y y y y L-diversity y y y y y y T-closeness y y y y y y Formal privacy measurement models Differential Privacy K-anonymity model Privacy enhancing data de-identification terminology and classification of techniques De- identification techniques Tokenization Cryptographic tools Suppression techniques Example of mapping of data security and privacy techniques (ISO) to different deployment models 53
  54. Risk reduction and truthfulness of some de-identification techniques and models Singling out Linking Inference Deterministic encryption Yes All attributes No Partially No Order-preserving encryption Yes All attributes No Partially No Homomorphic encryption Yes All attributes No No No Masking Yes Local identifiers Yes Partially No Local suppression Yes Identifying attributes Partially Partially Partially Record suppression Yes Sampling Yes N/A Partially Partially Partially Pseudonymization Yes Direct identifiers No Partially No Generalization Yes Identifying attributes Rounding Yes Identifying attributes No Partially Partially Top/bottom coding Yes Identifying attributes No Partially Partially Noise addition No Identifying attributes Partially Partially Partially Cryptographic tools Suppression Generalization Technique name Data truthfulness at record level Applicable to types of attributes Reduces the risk of Source: INTERNATIONAL STANDARD ISO/IEC 20889 54
  55. Cloud
  56. 56
  57. Shared responsibilities across cloud service models Source: Microsoft Still Customer Responsibility for: • User security • (App security) • Data security 57
  58. User Payment Applicatio n Payment Network Payment Data Tokenization (VBT), encryption and keys User CASB User Call Center Applicatio n Format Preserving Encryption (FPE) PII Data Vault-based tokenization (VBT) Examples of Data Protection Use Cases User Data Warehous e PII Data Vault-less tokenization (VLT) Salesforce 58
  59. On Premise tokenization • Limited PCI DSS scope reduction - must still maintain a CDE with PCI data • Higher risk – sensitive data still resident in environment • Associated personnel and hardware costs Cloud-Based tokenization • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance Total Cost and Risk of Tokenization in Cloud vs On-prem Source: TokenEx 59
  60. Risk and Operational Aspects with different Cloud Models Risk Elasticity Out-sourcedIn-house On-premises system On-premises Private Cloud Hosted Private Cloud Public Cloud Low - High - Compute Cost - High - Low Risk Adjusted Computation 60
  61. References: 1. Coronavirus disinformation unit, unit 2. Here are 2,780+ free ebooks and 100 free audiobooks, =social&utm_source=twitter&utm_content=reddit&utm_campaign=text 3. All the free online resources parents need in home 'schooling' during coronavirus outbreak , free-online-resources-parents-guardians-need-in-home-schooling/?ftag=COS- 0510aaa0g&taid=5e7e0e06ef5fb4000146a263&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&ut m_source=twitter 4. California Consumer Privacy Act, OCT 4, 2019, you-need-to-know-to-be-compliant.html 5. GDPR and Tokenizing Data, 6. GDPR VS CCPA, 7. General Data Protection Regulation, 8. IBM Framework Helps Clients Prepare for the EU's General Data Protection Regulation, Z/03/2018/ibm-framework-gdpr 9. INTERNATIONAL STANDARD ISO/IEC 20889, k3sXd5gIVw56zCh0Y0QeeEAAYASAAEgLVKfD_BwE 10. INTERNATIONAL STANDARD ISO/IEC 27018, ISOIEC270182019?gclid=EAIaIQobChMIleWM6MLd5gIVFKSzCh3k2AxKEAAYASAAEgKbHvD_BwE 11. ISO/TS 25237:2008(E), Health Informatics—Pseudonymization, 12. NIST PRIVACY FRAMEWORK: A TOOL FOR IMPROVING PRIVACY THROUGH ENTERPRISE RISK MANAGEMENT, 13. NISTIR 8053, De-Identification of Personal Information, 14. Data Security: On Premise or in the Cloud, ISSA Journal, December 2019, 61
  62. 2 2 THANK YOU www.TokenEx.comUlf Mattsson