Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295.

Published byBaldric Maximilian White Modified over 8 years ago

Similar presentations

Presentation on theme: "Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295."— Presentation transcript:

1 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com BYOD & Cyber Risks Presenter: Robert Listerman, CPA, CITRMS © Business Technology Resources, LLC June 26, 2014

2 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Robert Listerman (Bob) is a licensed Certified Public Accountant, State of Michigan and has over 30 years of experience as a process improvement business consultant. He graduated from Michigan State University and became a CPA while employed at Touche Ross & Co., Detroit, now known as a member firm of Deloitte & Touche USA LLP Bob added the Certified Identity Theft Risk Management Specialist (CITRMS) designation issued by The Institute of Fraud Risk Management in 2007. The designation is in recognition of his knowledge and experience in identity theft risk management. Today Bob focuses his practice on data security compliance. Over 50% of identity theft can be traced back to unlawful or mishandling of non-public data within the workplace. Currently Bob serves his professional community as an active Board Member for the Institute of Management Accountants (IMA), Mid Atlantic Council “IMA-MAC.” He is currently servicing as President of IMA-MAC (2011-2013). He is a regular seminar presenter for the IMA, Pennsylvania Institute of CPAs (PICPA), and the Michigan Association of CPAs (MACPA). Bob serves on, and is a past chair of the MACPA’s Management Information & Business Show committee which enjoys serving over 1000 CPAs in attendance each year. He is Continuing Education Chair of the PICPA’s IT Assurance Committee. Bob serves his local community as a member of the Kennett Township, PA Planning Commission, Communications, Business Advisory, and Safety Committees. He is an active board member of the Longwood Rotary Club. He serves his Rotary District 7450 as their Interact Club Chair (Rotary in High School) since 2010. Past professional and civic duties include serving on the Board of Directors for the Michigan Association of Certified Public Accountants (1997-2000), past board member of the Delaware Chapter of the IMA and past Chapter president for the IMA Oakland County, Michigan (1994-1995). www.linkedin.com/in/boblistermanidriskmanager/

3 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Convenience = Productivity  Who wants to juggle more than one portable device?  Who’s device are you going to know how to work better?  Which device are you most likely to have with you when you need it? 3 out 4 employees would rather use their own device to connect to work according to Forester Research.

4 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com It makes sense for the employer:  74 % of IT leaders believe “BYOD help our employees be more productive”  58 % of those surveyed cite employee satisfaction is a prime benefit of BYOD. Source: Intel Corporation Survey

5 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com  The operating systems and form factors of consumer technology are rapidly changing  The lines between “on the clock” and “off the clock” have been irrevocably blurred  Having your device 24/7 allows balancing “work life” with “home life”  Don’t need a company-issued device on top of the one they already own (which they really want to use in the first place)  Nobody wants to be that person with two smartphones stuffed in his or her pocket.

6 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com  BYOD isn’t just coming, it’s already here. –Just as employers had to deal with the challenges of social media like Facebook, LinkedIn and Twitter, just to name a few in recent years now BYOD is also the reality that needs to be addressed. –Just saying “no” is not the best solution. When it’s enviable according to Gartner Research that “by 2018, 70% of mobile users will conduct all their work on personal smart devices.” ? How many here, in this room, use a personal device, whether it be a laptop or “smartphone” to connect to their work email, shared data files, or other internally available processes?

7 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com 10 Reasons BYOD May Be A Bad Fit 1.Staff resent paying for their own phones, laptops, or tablets 2.It won’t cut your costs after analysis of your requirements 3.It can make life harder for the IT department – i.e. bad fit 4.Corporate-issue IT makes sense for the same reason schools have uniforms 5.Too many security issues to manage

8 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com 10 Reasons BYOD May Be A Bad Fit 6.Data loss—yours and theirs 7.Short-term gain, long-term pain? 8.It’s a licensing—and legal—minefield 9.Consumer devices will hurt productivity 10.Your staff doesn’t care about gadgets

9 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com  Malware infects the network when employee logs in  Employees unknowingly installing:  Rogue applications or  Unlicensed software, which can violate copyright compliance laws  Using unsecured wireless connections to send and receive company data  IT staff compromise employee’s personal security on device  Unknown third-party accesses via mobile apps  Stolen, lost mobile devices leak data Security Concerns

10 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com  “51 percent *of the organizations surveyed experienced data loss resulting from employee use of insecure mobile devices.”  “58 percent* of organizations surveyed have experienced an increase in malware infections as a result of personally-owned mobile devices used in the workplace.”  “56 percent* say that more confidential data has been lost as a result of these devices.” The challenge is managing numerous fragmented operating systems within the company network. Apart from general network configuration issues, this fact could pose a real exposure for companies using security software not designed with BYOD in mind. Cyber Security Risks for BYOD * Ponemon Institute

11 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Challenges In Supporting BYOD  Managing numerous fragmented operating systems  General network configuration issues  Real exposure for companies using security software not designed with BYOD

12 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com ChallengeRemarks Device ProvisioningNeed automated provisioning for device Device ManagementNetwork tools can see who’s on board SecurityTied to defined user privileges Network SaturationNetwork tools allocate bandwidth resources Trouble ShootingNetwork monitoring alerts (example follows) User PrivacyOpening Personal Doorway to IT BYOD Challenges

13 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Source: Cisco web lecture BYOD - Impact on Infrastructure

14 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com BYOD Deployment Guidelines  Plan for Implementing a BYOD Solution  Develop, Write and Implement a BYOD Policy  IT Capable of Provisioning Infrastructure and Devices  Proactively Manage and Troubleshoot Mobile Devices

15 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Outlining a BYOD Policy  Build an Internal Team –A good approach is to draw together an interdisciplinary team of a customer’s HR, finance, legal, security, privacy, and IT leaders  Create a Customized Program –Create a robust BYOD Policy Statement, and an accompanying Employee Participation Agreement. The Agreement sets clear expectations with employees, and promotes their voluntary compliance with enterprise and security policies, while protecting employers.  Implement a BYOD Program –With BYOD policies in place, organizations can improve the productivity of their mobile workforce as well as start saving money on phones, data plans, and IT labor costs spent on support.

16 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Deliverable  Complete Policy Statement Based On The Results Of A Workshop Conducted Onsite with the Cross-Functional Team  Employee Participation Agreement  Policy Statements Can Be Incorporated Into Provisioning Tools Used to Monitor Mobile Device Access

17 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Scope of BYOD Policy  Regulatory Requirements and Constraints  BYOD Program Eligibility  Financial Parameters and Reimbursement Model  Allowable Devices  Carrier Plans  Approved Uses  Security and Enforcement  End User Support Model

18 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Some BYOD Solution Vendors (many many more)

19 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com

20 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com

21 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com

22 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Future of BYOD While security teams are getting a grip on smartphones and tablets through basic mobile device management (MDM), enterprise mobility requirements continue to evolve. To address these advanced needs, better integrated and more granular MDM tools are emerging. Like any other technology, it will constantly improve and change as devices change.

23 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com a.k.a: the “CLOUD”

24 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com

25 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com The Internet “Web ” Topography

26 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Prize for first person who raises their hand AND can identify what these numbers are!

27 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com IP Tracer Source: http://www.ip-adress.com/ip_tracer/http://www.ip-adress.com/ip_tracer/

28 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com

29 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com THE PROBLEM YOU DIDN’T KNOW YOU HAVE IT Administrators harden their networks by building walls with Anti-Virus software to keep out the bad guys The Result is that Anti-Virus software can’t keep up and the bad guys are already inside your walls The Problem is that 76,000 new malware strains are released into the wild every day The Problem is that 73% of online banking users reuse their passwords for non- financial websites

30 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com STOLEN CREDENTIALS EXPOSE YOU TO UNKNOWN RISK 30,000 The number of new malicious websites created every day 1 80% Of breaches that involved hackers used stolen credentials 14% Of data breaches were due to employees using personal email accounts 2 SOURCES: 1. Sophos, 2012; 2. Verizon Data Breach Investigations Report, 2013 76% of network intrusions exploited weak or stolen credentials. 2

31 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com MALWARE EVADES TRADITIONAL ANTI-VIRUS SOFTWARE 200,000 – 300,000 The estimated number of new viruses discovered each day 1 52% Of malware in a recent study focused on evading security 2 24.5% Antivirus software’s average detection rate for e-mail based malware attacks 3 40% Of malware samples in a recent study went undetected by leading antivirus software 2 SOURCES: 1. Comodo Group, 2012; 2. Palo Alto Networks, 2013 3. Krebs on Security, 2012

32 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com

33 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com DO YOU KNOW WHAT THESE ARE? "automatedtest", "automatedtester", "bagle-cb", "c_conficker", "c_confickerab", "c_confickerc", "c_pushdo ", "c_trafficconverter", "c_zeroaccess", "childpredator", "citadel", "condo", "cutwail", "d_tdss", "darkmailer", "darkmailer2", "darkmailer3", "darkmailer4", "darkmailer5", "deai", "esxvaql", "fakesendsafe", "festi", "fraud", "gamut", "gheg", "grum", "hc", "kelihos", "lethic", "maazben", "malware", "manual", "mip", "misc", "netsky", "ogee", "pony", "relayspammer", "s_kelihos", "s_worm_dorkbot", "sendsafe", "sendsafespewage", "slenfbot", "snowshoe", "spamaslot", "spamlink", "spamsalot", "special", "spyeye", "ss", "synch", "w_commentspammer", "xxxx", "zapchast", "zeus"

34 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com ANATOMY OF A SPEARPHISHING ATTACK Target Victim Target Victim 1 1 Install Malware Install Malware 2 2 Access Network Access Network 3 3 Collect & Transmit Data 4 4 Breach Event Breach Event 5 5

35 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CASE STUDY: Target Corporation Nov. 27 – Dec. 15 2013 Hacker execute extended attach against Target’s point-of-sale system Dec. 18, 2013 News of the breach is reported by data and security blog KrebsOnSecurity Dec. 20, 2013 Target acknowledges the breach, saying it is under investigation Dec. 21, 2013 JP Morgan announces it is placing daily spending caps on affected customer debit cards Dec. 22, 2013 Customer traffic drops over the holiday season, resulting in a 3-4% drop in customer transactions Jan. 10, 2014 Target lowers its fourth- quarter financial projections, saying sales were “meaningfully weaker-than-expected ” Current estimates of the total financial impact to Target is $200 million Target provided affected individuals with 12 months of identity theft protection and insurance coverage 110M user accounts compromised, exposing credit and debit card numbers, CVN numbers, names, home addresses, e- mail addresses and or phone numbers

36 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com “Ongoing forensic investigation has indicated that the intruder stole a vendor's credentials which were used to access our system.” Molly Snyder, Target Corporation January 2014

37 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Email Attack on Vendor Set Up Breach at Target* * Source: http://krebsonsecurity.com/ The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware- laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation. Last week, KrebsOnSecurity reported that investigators believe the source of the Target intrusion traces back to network credentials that Target had issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm in Sharpsburg, Pa.

38 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com THE PROFILE OF AN ATTACKER The malware used to hack Target’s POS system was written by a Ukrainian teen Andrey Hodirevski from southwest Ukraine carried out the attack from his home The card details that he stole were sold through his own forum as well as other communities CyberID-Sleuth™ investigated the breach when it occurred and was able to verify various discussions and identifiers pointing to this suspect

39 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ PROVIDES MORE THAN AUTOMATED ALERTS Credential Monitoring Identifying email addresses from a corporate domain that have been hacked, phished, or breached IP Address Scanning Identifying devices in a corporate network connected to a known malware command and control server Doxing awareness and hacktivist activity monitoring Locating the individuals and exchanges involved in intellectual property theft Hacks, exploits against networks, glitches, leaks, phishing/keylogging monitoring Identification of communities targeting brands, networks or IP addresses Identification of intellectual property distribution Identification of individuals posing a risk to any IP address

40 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ IDENTIFIES PROVIDES EARLY WARNING AT TWO POINTS CyberID-Sleuth™ scours botnets, criminal chat rooms, blogs, websites and bulletin boards, Peer-to-Peer networks, forums, private networks, and other black market sites 24/7, 365 days a year CyberID-Sleuth™ harvests 1.4 million compromised credentials per month Dark Web Dark Web CyberID-Sleuth™ identifies your data as it accesses criminal command- and-control servers from multiple geographies that national IP addresses cannot access CyberID-Sleuth™ harvests 7 million compromised IP addresses every two weeks

41 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth ™

42 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com REMEMBER WHAT THESE ARE? "automatedtest", "automatedtester", "bagle-cb", "c_conficker", "c_confickerab", "c_confickerc", "c_pushdo ", "c_trafficconverter", "c_zeroaccess", "childpredator", "citadel", "condo", "cutwail", "d_tdss", "darkmailer", "darkmailer2", "darkmailer3", "darkmailer4", "darkmailer5", "deai", "esxvaql", "fakesendsafe", "festi", "fraud", "gamut", "gheg", "grum", "hc", "kelihos", "lethic", "maazben", "malware", "manual", "mip", "misc", "netsky", "ogee", "pony", "relayspammer", "s_kelihos", "s_worm_dorkbot", "sendsafe", "sendsafespewage", "slenfbot", "snowshoe", "spamaslot", "spamlink", "spamsalot", "special", "spyeye", "ss", "synch", "w_commentspammer", "xxxx", "zapchast", "zeus"

43 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Zeus Infection targeted towards multiple entities within the Hotel Industry within India CyberID-Sleuth™ identified a targeted Zeus campaign which appears to have been focused and distributed to Hotel chains, mainly within the India region. The attack in question caused active compromises against a number of systems. CyberID-Sleuth™ ’s main focus is the type of data often held within Reservation and other Hotel systems. Personal information such as credit card data, as well as passport scans or copies, are often held on Hospitality systems and the data identified next highlights that these same systems are compromised and under direct control of malicious actors. CyberID-Sleuth™ CASE STUDY ACTUAL CREDENTIAL DATA

44 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ IDENTIFIES ACTUAL MALWARE VARIANT Infection Type: Zeus Infection - V2.1 Payload: Theft of all credentials, Key logging of all data, Remote access to devices Total Infection Count: 487 Total Credential Count: 12894 ( including duplicates ) Command and Control (C2) Domain: matphlamzy.commatphlamzy.com

45 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ IDENTIFIES ACTUAL CREDENTIAL DATA bwstarhotel.combwstarhotel.com - 111.68.31.202,('92', 'RSV1_E532648A3D69E5DE', '-- default --', '33619969', '', '', '1394590108', '7557047', '0', '±\0\0', '1033', 'C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE',\\Program 'RSV1\\owner', '101', 'pop3://reservation@bwstarhotel.com:starrsv1pop3://reservation@bwstarhotel.com:starrsv1 *@116.251.209.92:110/'*@116.251.209.92:110/', '111.68.31.202', 'ID', '1394590104') Date extracted and listed below is related to valid and legitimate accounts which are still active. These are not passwords taken from Breach events or other untrusted sources. They are taken directly from devices that are still infected/compromised!

46 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ IDENTIFIES ACTUAL CREDENTIAL DATA bwmegakuningan.combwmegakuningan.com - 139.0.16.90 ('447', 'USER-PC_E532648A9824115F', '-- default --', '33619969', '', '', '1394593039', '162643491', '0', '±\0\0', '1033', 'C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE',\\Program 'user-PC\\user', '101', 'pop3://reservation@bwmegakuningan.com:pop3://reservation@bwmegakuningan.com: 79r2mz5xrx@116.251.209.92:110/'79r2mz5xrx@116.251.209.92:110/', '139.0.16.90', 'DE', '1394593037 ')

47 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ IDENTIFIES ACTUAL CREDENTIAL DATA townsquare.co.id - '180.250.172.36 ('453', 'RESERVATION_1F3D59E96522DF69', '-- default --', '33619969', '', '', '1394592970', '14267024', '0', '± \0', '1033', 'C:\\Program Files (x86)\\Microsoft Office\\Office12\\OUTLOOK.EXE',\\Program\\Microsoft 'TSPDC\\vitha', '101', 'pop3://reservation.seminyak@townsquare.co.id:tsbali1234@pop3://reservation.seminyak@townsquare.co.id:tsbali1234@ 103.31.232.210:110/'103.31.232.210:110/', '180.250.172.36', 'ID', '1394593095')

48 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Over 257 unique credit cards were stolen during the attack. CyberID-Sleuth ™ identified the botnet, which was made up of infected devices. CyberID-Sleuth™ CASE STUDY ANATOMY OF THE FINDINGS Q. How many credit cards were captured? Q. Specifically what data did it steal and report back that you could see? CyberID-Sleuth ™ could see EVERYTHING that was entered on a user’s device or saved as a password or credential. Q. How much did this breach cost the client? No “price” could be put on the damage caused to a victim after a fraudster has stolen their credentials. The data stolen would allow the fraudster access to internal systems, either via the stolen credentials or via backdoor access to affected systems.

49 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Q. What data about the attacker were we able to find? Limited details. Any information about the attackers are not shared with clients unless a directed attack, and is only shared with US and UK Law Enforcement. Q. How did the authorities use the data to capture the intruders The individual responsible for running the botnet in question is so far still at large. CyberID-Sleuth™ CASE STUDY ANATOMY OF THE FINDINGS

50 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com CyberID-Sleuth™ Credential Monitoring Demo * * Let us see if your credentials are for sale, at no obligation Tier I

51 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com A STANDARD RESPONSE TIMELINE SHOULD BE FOLLOWED Incident Detection / Discovery Incident Notification & Resolution Remediation Efforts Internal and External Communication of Event, Reaction, and Remediation Notification Capabilities Go Live Coordinate Breach Notification Copy and Distribution with Breach Remediation Vendor Establish internal or third party communication channel to affected population Contact and or activate contract with Data Breach Remediation Vendor Prepare Internal and External Communication Plan & Copy Determine Organization’s Public Response Plan (including notification type, verbiage, and remediation offering if any) Implement Breach Response Plan Determine total scope of event, size of affected population, type of data lost or compromised, necessary legal and industry specific guidelines Activate technical / security focused breach response team processes and procedures based on Data Breach Plan Initial Internal Reporting, notifications, and security triage of the “event” Assessment Efforts Plan Ahead By Forming a Breach Response Plan CyberID-Sleuth Tiers II & III

52 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com RECOMMENDATIONS TO REDUCE DATA BREACH EXPOSURE & COSTs Promote Employee Data Management Training & Education Require GC / CISO and their teams to understand industry, state, federal, and event specific data breach response guidelines and recommendations Establish an internal data breach response plan and process flow Prior to a data breach event contract with a data breach remediation, notification, and or forensics provider Utilize and maintain available data loss prevention technologies such as CyberID-Sleuth™ Require advance encryption and authentication solutions be in place across the organization Contractually require notification from vendors who manage data from your organization to alert you of they incur a breach of any data Support enactment of legislation that clearly dictates rules and guidelines for organizations to follow in advance of, and following a data breach event

53 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com Take this 20 Question Assessment to Score Your Risk Level

54 Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295 www.BTR-Security.com 1.Remember to ask us to do a no-obligation credential search for you 2.Allow us to give you the 20 Question Assessment Score on your risk level

Download ppt "Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Compliance with Federal Trade Commission’s “Red Flag Rule”

Compliance with Federal Trade Commission’s “Red Flag Rule”
Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295.

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA
PCI Compliance Roundtable Update Presented by the PCI Compliance Task Force.

PCI Compliance Roundtable Update Presented by the PCI Compliance Task Force.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,

Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Controls – What Works

Security Controls – What Works
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
© 2008. Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Network security policy: best practices

Network security policy: best practices
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
1 ZIXCORP The Criticality of Email Security Dena Bauckman Director Product Management April 2015.

1 ZIXCORP The Criticality of Security Dena Bauckman Director Product Management April 2015.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Similar presentations

Ads by Google