Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing your Business for 2014, Leveraging Lessons of 2013 OC Chapter.

Published byMagdalen Tate Modified over 8 years ago

Similar presentations

Presentation on theme: "Securing your Business for 2014, Leveraging Lessons of 2013 OC Chapter."— Presentation transcript:

1 Securing your Business for 2014, Leveraging Lessons of 2013 OC Chapter

2 The 10 Worst Data Breaches of 2013  Adobe (150 million exposed account credentials) (Source Code lost)  Had to be told by third part – Where was DLP?  Edward Snowden (pervasive signals intelligence, subversion of encryption standards, collaboration with overseas intelligence communities and other bombshells)  Snowden didn’t work for one of the agencies. He worked for an outside defense contractor. He wasn’t even a full- time employee of that contractor either, but a part-timer who had only been there for a few months.  NSA  The MUSCULAR program involved intercepting data from Yahoo and Google private clouds where the data is unencrypted. The data collected included email, pictures, video, text documents, spreadsheets, and an array of other similar file types.  With this new revelation, Google has taken a considerably stronger stance against the NSA’s spying programs  Data Broker Botnet (D&B, LexisNexis, Kroll Background America)  Using a Botnet hackers were able to work undetected for months to consolidate massive amounts of PII.  When its your job to collect, store and sell data ! Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 2

3 The 10 Worst Data Breaches of 2013  Living Social  Attackers having access to those users’ information (name, email, password, buying history),  Encrypted password hashes can be "cracked" with computer software that essentially tries millions of different possible passwords looking for a match. The bad guys will successfully crack the passwords of many Living Social users, and knowing the password, name, and email address for a person, they may be able to break into other accounts that those people maintain on other websites.  AHMC Hospitals  In October, more than 729,000 patients were put in jeopardy when two unencrypted laptops were stolen from California-based AHMC hospitals. It took this breach for an encryption policy to be put into place at the AHMC hospital network  Media Outlets  The Syrian Electronic Army (hacktivist) claim an attack on President Obama from the Associated Press’ Twitter handle, causing a brief $136 billion dollar dive in the stock market Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 3

4 The 10 Worst Data Breaches of 2013  New York Times (Chinese hackers)  The New York Times revealed that its computers were stealthily compromised by Chinese hackers for a period of four months  The attackers first installed malware — malicious software — that enabled them to gain entry to any computer on The Times’s network.  Google, Facebook, Twitter, Yahoo (Pony Botnet)  The botnet is responsible for the theft of 2 million passwords and user names from a number of different locations, including Google, Facebook, Twitter and Yahoo  The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing login credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers. Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 4

5 The 10 Worst Data Breaches of 2013  Target (40-150 mil data elements) (AT&T or Trustwave) would can you trust?  Let discuss  Who should you listen to?  What Encryption should you use (3DES)  Can you trust your Vendors Security (e.g. HVAC)  How do you create good Network Segmentation  Who is running your IT? Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 5

6 The 10 Worst Data Breaches of 2013  Target continues  Tools  FireEye  Turned on but functions disabled  Data Monitoring Noc  Bit9  AV or No AV?  Encryption  P2PE Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 6

7 What do you have to loose?  PII  Customers  Money  Investors  Reputation And….  What is your Managements Risk Appetite? Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 7

8 Security Layers Firewalls Is your out most layer secure from cyber attack. How do you use them? Is a Vendor a firewall or vulnerability? People Do you have BOYD and segregation of duties and employee loyalty and….. Policy Does the company know what security they want and does the employee get the message Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 8

9 Firewalls – what are they  Traditionally a devise to secure the network from the internet  Are they used internally and why?  Is a vendor a breach in your firewall?  Does your vendor access your network over a public network?  Do they have elevated privileges  What happens when a firewall gets breached  Does Encryption help?  In motion and at rest  How long before you know (Adobe) Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 9

10 People – who needs them!  People (staff) make the work go round.  They also are responsible for most breaches  BYOD – MDM (Mobile Devise Management)  Does your employees access there bank via a insecure access method?  Does your employees care if their phone is insecure when accessing your network, email, systems and software?  Big Data  Vacation? Not me!  Fraud indicator is someone who never takes a holiday  They cant afford to leave their post else their replacement might notice something wrong Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 10

11 Policy  Are you training your employees?  Do they know what you expect of them?  How does a employee stop a attack if they don’t know what to look for  Maybe if I ignore it, it will go away?  Does a post it note message constitute remediation of a breach?  What was the security policy for the companies in the top ten list? Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 11

12 RoundtableDiscussion  Questions from the group?  PCI  HIPAA  SOX  ISO  ISMS  Scanning  Training Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 12

13 Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 13 Copied Track 1 and 2 data Used Mum & Pup web retails site to receive stolen data without alerting the retailer. Store data and retrieve later.

14 Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 14

15 Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 15

16 Regents & Park  Jason James  President  +1 (949) 903-2524  Jason.james@regentsandpark.com Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved 16

Download ppt "Securing your Business for 2014, Leveraging Lessons of 2013 OC Chapter."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.

Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.

UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.

AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Introduction Our Topic: Mobile Security Why is mobile security important?

Introduction Our Topic: Mobile Security Why is mobile security important?
Social impacts of the use of it By: Mohamed Abdalla.

Social impacts of the use of it By: Mohamed Abdalla.
Alisha Horsfield INTERNET SAFETY. firewall Firewall- a system made to stop unauthorised access to or from a private network Firewalls also protects your.

Alisha Horsfield INTERNET SAFETY. firewall Firewall- a system made to stop unauthorised access to or from a private network Firewalls also protects your.
Protecting Yourself Online (Information Assurance)

Protecting Yourself Online (Information Assurance)
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Similar presentations

Ads by Google