Presentation is loading. Please wait.

Presentation is loading. Please wait.

Michael Wright • Chief Security Officer • Tech Lock

Published byTrevor Cummings Modified over 6 years ago

Similar presentations

Presentation on theme: "Michael Wright • Chief Security Officer • Tech Lock"— Presentation transcript:

1 Michael Wright • Chief Security Officer • Tech Lock
Introduces Data Breach Root Causes Michael Wright • Chief Security Officer • TECH LOCK Michael Wright • Chief Security Officer • Tech Lock

2 Cyber Security Risks While this data
Data Breach Root Causes Cyber Security Risks While this data management method wasn’t as efficient, it might have been more secure.

3 Cyber Security Risks 30% $73.7 Billion 12% 99% 56%
Data Breach Root Causes Cyber Security Risks 30% of users open phishing s* $73.7 Billion 12% increased spending worldwide on cybersecurity in 2016** click on the links contained in the * 56% 99% of breaches occurred due to phishing attacks* of computers use software that is vulnerable to attack if not updated* *Heimdel Security **IDC

4 Cost of a Breach How will your customers react to a breach?
Data Breach Root Causes Cost of a Breach Average consolidated cost of a data breach rose to $4 million in 2016* Average cost for each stolen record is $158 Additional cost is reputational harm How will your customers react to a breach? *Ponemon Institute 2016 Cost of a Data Breach Study: Global Analysis

5 1 2 Making Compliance a Competitive Advantage
Data Breach Root Causes Making Compliance a Competitive Advantage The following slides cover a dual role: 1 They can do to set yourself above the rest from a compliance perspective. 2 They can protect you from a breach --- these are a distillation of the vast majority of our pen test and audit findings. Mike

6 Making Compliance a Competitive Advantage
Data Breach Root Causes Making Compliance a Competitive Advantage Regulations dictate that companies must validate all of their vendors’ data security and compliance. What sets you apart from everyone else? Reputation… No security breaches (yet)… is not enough is not enough Mike Operational excellence… is not enough

7 Data Breach Root Causes
Overview Data Breach Root Causes While you can’t guarantee a breach will never occur, there are best practices you can implement to better secure your data and lower your risks. Lax or Ineffective Access Control Non-authoritative Policies No Third-Party Data Security Audits Data Security Not Part of Daily Processes Insufficient Vendor Oversight Business Leaders Not Involved

8 Lax or Ineffective Access Control
Data Breach Root Causes Lax or Ineffective Access Control Provide only the level of access required to perform job duties Providing higher than necessary access often exacerbates ransomware attacks Train your team, including C-Level executives, why having only required access helps protect your company

9 Data Security Not Part of Daily Processes
Data Breach Root Causes Data Security Not Part of Daily Processes Many organizations focus on data security only during their annual audits “Bake” it into your daily routines and business processes

10 Data Security Not Part of Daily Processes
Data Breach Root Causes Data Security Not Part of Daily Processes Assess the impact to data security and compliance when making technology or business process changes Examples include: • Moving software systems or data “to the cloud” • Switching from traditional telephony to Voice over IP Build data security requirements in the planning and transition

11 Document Vendor Oversight Program
Data Breach Root Causes Insufficient Vendor Oversight Execute Due Diligence Determine Risk Level Identify Data Flows Document Vendor Oversight Program

12 Non-Authoritative Policies
Data Breach Root Causes Non-Authoritative Policies Documents created by IT to satisfy audit requirements and sitting neglected on a server are not effective Create appropriate IT Security Policies – Say what you Do and Do what you Say Disseminate Policies Create Security Policies IT policies can protect your organization only when enforced Enforce Policies

13 No Third-Party Data Security Audits
Data Breach Root Causes No Third-Party Data Security Audits Independent audits and penetration tests are effective ways to validate your data security measures You don’t know if you are secure if you don’t test the system

14 Business Leaders Not Involved
Data Breach Root Causes Business Leaders Not Involved As a business leader within your organization, what are YOU doing to ensure your company stays out of the news? BE INVOLVED! Compliance and Security Best Practices You probably have a formal compliance program for CFPB, FDCPA, etc. Do you include data security like PCI, HIPAA, GLBA Safeguards Rule, etc.? Or do you just trust that your technical and operations staff are staying compliant with standards they may know little-to-nothing about? Mike

15 Questions? Ensure Appropriate Access Control
Data Breach Root Causes Questions? Ensure Appropriate Access Control Create Authoritative IT Policies Make Data Security Part of Daily Processes Validate Your Data Security Oversee Your Vendors BE INVOLVED!

16 Michael Wright • Chief Security Officer • Tech Lock
Thank you Michael Wright • Chief Security Officer • Tech Lock

Download ppt "Michael Wright • Chief Security Officer • Tech Lock"

Similar presentations

2 Assessing the Threatscape Addressing compliance requirements Respond, dont just report Youre already a statistic, how do you rebound? Q&A.

2 Assessing the Threatscape Addressing compliance requirements Respond, dont just report Youre already a statistic, how do you rebound? Q&A.
2 Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A.

2 Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation.

STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.

Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
April 14, 2003- A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
1Copyright 2009. Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.

BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security.

Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security.
HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.
Cyber-Security among American Local Governments Donald F. Norris, Anupam Joshi and Timothy Finin University of Maryland, Baltimore County Baltimore, Maryland.

Cyber-Security among American Local Governments Donald F. Norris, Anupam Joshi and Timothy Finin University of Maryland, Baltimore County Baltimore, Maryland.

Similar presentations

Ads by Google