company logo copyright carrie kerskie data breach & identity theft by carrie kerskie kerskie...

Company

LOGO

Copyright Carrie Kerskie

Data Breach & Identity Theft

By Carrie Kerskie

Kerskie Group, Inc.

Copyright Carrie Kerskie

Who am I• Carrie Kerskie

Entrepreneur

Kerskie Group, Inc. (formerly Marcone Investigations, Inc.)

Business identity theft

Intellectual property infringement

Privacy assessment and training

Association of Certified Identity Theft Investigators (aciti.org)

Certified Identity Theft Investigator program

Identity theft expert

Author

“Your Public Identity; Because Nothing is Private Anymore

Numerous articles for various publications

Public speaker

Conferences, corporate events

Copyright Carrie Kerskie

Outline

• Data Breach– Statistics– Sources– Cost– Tips to reduce risk– Consequences

Identity TheftSix types

Sources

Warning Signs

Restoration

Tips to reduce risk

Copyright Carrie Kerskie

Data breach statistics• 2011 Breach Report, Identity Theft Resource Center, December 2011• Worldwide, approximately 1.1 million identities were exposed per breach, mainly owing to the large number of identities breached through

hacking attacks. More than 232.4 million identities were exposed overall during 2011. Deliberate breaches mainly targeted customer-related information, primarily because it can be used for fraud.

• Internet Security Threat Report Volume 17, Symantec, April 2012• Companies in the computer software, IT and healthcare sectors accounted for 93 percent of the total number of identities stolen in 2011.

Theft or loss was the most frequent cause, across all sectors, accounting for 34.3 percent, or approximately 18.5 million identities exposed in 2011.

• Internet Security Threat Report Volume 17, Symantec, April 2012• Incidents involving hacking and malware were both up considerably in 2011, with 81 percent utilized some form of hacking and malware

incorporated in 69 percent of data breaches.

• 2012 Data Breach Investigations Report (DBIR), Verizon Business, April 2012• Most data breach victims fell prey because they were found to possess an (often easily) exploitable weakness rather than because they

were pre-identified for attack; 79 percent of victims were targets of opportunity, and 96 percent of attacks were not highly difficult.

• 2012 Data Breach Investigations Report (DBIR), Verizon Business, April 2012• Total number of records containing sensitive personal information involved in security

breaches in the U.S. is 562,943,732 in 3,241 data breaches since January 2005.

Information is sold on the information black market for $10-50 per record

Copyright Carrie Kerskie

Sources of data breach• Employee negligence

– Internet, email, passwords, not securing sensitive information, portable devices

– Why: money, lack of training, policies not enforced, lack of supervision

• Theft– Laptop, portable storage device, back-up tapes,

passwords, portable devices– Why: money, revenge, lack of training, policies not

enforced, lack of supervision

• Hacker– Wardriving, back doors, malware, spear phishing– Why- money, fame, revenge, espionage

Copyright Carrie Kerskie

Cost of data breach

• Average mitigation expense$200 per compromised record

written notification

monitoring services

investigation

fines & penalties

customer churnF.S 817.5681 45 days

It is more cost effective to be proactive rather than reactive

Copyright Carrie Kerskie

Tips to reduce risk

• Privacy assessments– Technical & non-technical– Internal & External

• Policies & Procedures

• Employee training

Copyright Carrie Kerskie

Consequences of data breach

• Fines & penalties

• Negative publicity

• Customer churn

• Loss of intellectual property

• Increased risk of identity theft– Business and individual

Copyright Carrie Kerskie

Six types of identity theft

Financial

Utilities

Government benefits/documents

Criminal

Medical

Business

Identity theft CANNOT be prevented

Copyright Carrie Kerskie

Sources of information

Theft

Pretexting

Garbology

Internet

Technology

Copyright Carrie Kerskie

Warning signs

• Statements

• Credit report

• Alerts and notifications

• Suspicious activity

• Calls about unknown purchases or collections

Copyright Carrie Kerskie

Restoration

Contact credit bureaus

Police report (ID theft report)

Get it in writing

Documentation crucial

Provide documentation to victims

Individual victim rights do NOT apply to a business victim!!!

Copyright Carrie Kerskie

Tips to reduce risk of ID theft

Monitor and reconcileCredit reports, statements, and online ID

Lock it upOpt outShred

Cyber safetyStop-Think-Click

Data securityEncrypt devices, use passwords, anti-virus, anti-

spyware and a firewall

Copyright Carrie Kerskie

Summary

• Proactive is less expensive than reactive• Data breach mitigation is $200 per record• Risk assessments, training and security crucial• Consequences: loss of IP, increase risk of ID theft• Identity theft cannot be prevented• Monitoring is crucial to reduce loss & save time

Copyright Carrie Kerskie

Assistance availableMarcone Investigations, Inc (Kerskie Group, Inc)

Business identity theft monitoring and restoration services

Privacy assessments and training

Speaking – retreat, annual meeting, etc

Online courses, live training, consulting

Buy the book - “Your Public Identity: Because Nothing is Private Anymore”

Contact Information

Phone: (239) 435-9111 Email:ck@CarrieKerskie.com

www.CarrieKerskie.com Twitter: @naplespi

Sign up for my FREE eNewsletter at www.CarrieKerskie.com