keeping data safe at every touch point. that’s what we do best.keeping data safe at every touch...
TRANSCRIPT
© Copyright and Confidential ITSourceTEK, 20171
Keeping data safe at every touch point. That’s what we do best.
© Copyright and Confidential ITSourceTEK, 20172
Industry giants such as JPMorgan Chase, Home Depot, Target, Yahoo, and Anthem BlueCross have suffered significant losses from cyber attacks. Cybercriminals also attacked government agencies, political party officials, and even an electrical grid. The most-talked-about attack last year involved two groups of hackers linked to the Russian government who invaded networks belonging to the Democratic National Committee and exposed thousands of emails relating to the presidential election campaign. This type of attack was not unique: state-sponsored attacks were responsible for 41% of personal record breaches in the first half of 2015 alone. Banks reported numerous cyber thefts, including a February 2016 attack against the Bangladesh Bank, which lost $81 million in just a few hours. Luckily for the bank, a typo in one of the fake money transfer requests alerted the Federal Reserve Bank in New York of the attack.
Customer records were stolen by the millions: LinkedIn’s 117 million users were compromised; Tumblr lost 65 million customer passwords; Yahoo topped them all with 1 billion hijacked customer records. The loss of these
records extended far beyond the individual companies involved. There’s a snowball effect because users--perhaps as many as 50%--often use the same password on numerous accounts.
Chinese hackers pilfered the identities of 20 million Federal workers and contractors by attacking Office of Personnel Management networks. Hackers extracted Social Security numbers, birth dates, and even fingerprint records. It took the OPM six months just to formally notify the millions who were affected.
Sophisticated cybercriminals launched a malware attack using Internet of Things devices such as cameras and DVRs to create a botnet, which took down Twitter, Reddit, Spotify and several other major social media sites for hours. These attacks have huge economic consequences. The average cost of a data breach in 2015 was $3.8 million ($7 million in the US). Globally, the total cost of cybercrime is predicted to reach 6 trillion annually by 2021, some four times higher than in 2015. And it isn’t just large enterprises that are affected. All businesses are at risk. Nearly 20% of cybercrime victims are small-to-midsize firms.
Recent headlines have reported an
epidemic of data breaches at major
firms, alarming consumers and
raising questions about data safety.
© Copyright and Confidential ITSourceTEK, 20173
PII80 millionrecords
Anthem
Credit Cards56 millionrecords
Home Depot
PII83 millionrecords
JPMorganChase
PII145 millionrecords
EBay
CreditCards40 millionrecords
Target
PII117 millionrecords
PII1 billionrecords
Yahoo
Even the big guys aren’t safeAmount of records compromised per breach.
© Copyright and Confidential ITSourceTEK, 20174
Cyber attacks harm everyone
1-LOST BUSINESS
Target lost 40 million customer credit card records in December of 2013. The chain’s traffic and sales took an immediate hit, and its profit for the quarter fell 46 percent.
2-CRITICAL CUSTOMER DATA EXPOSEDIn August 2014, Community Health Service suffered a sophisticated malware attack affecting the personal health information of 4.5 million patients.
3-COST OF CLEAN UP
Company officials at Home Depot, who lost credit card data on 56 million customers in September 2014, estimated the cost of the breach at $62 million, which included expenses related to credit monitoring and additional staffing at call centers.
4-DAMAGED COMPANY REPUTATIONTrusted institutions, such as banks, government agencies, and healthcare companies, are especially hard hit when their information is compromised. Customer confidence is destroyed.
Two of the most damaging types of cyber breaches
1- Credit and debit card breaches, where customer card numbers are stolen.2- Personal identifiable information (PII) breaches, where customer data is stolen. PII breaches expose critical personal information such as social security numbers, date of birth, street addresses, and member IDs.
© Copyright and Confidential ITSourceTEK, 20175
Data records stolen or lost by industry
Banking
Education
Business
GovernmentHealthcare
Shows percentage of total records.ITRC Data Breach Report 2016
Although credit card thefts are serious, they are much more manageable. Losses from card data breaches can be contained by shutting down the compromised cards. While a credit card number can be changed, the identifying information in a person’s medical or insurance history usually stays with them for life.
© Copyright and Confidential ITSourceTEK, 20176
The most destructive type of data breach is the identity theft breach as seen in the 2015 attack on Anthem BlueCross when highly sophisticated hackers broke into Anthem’s health information database and stole 80 million customer records. One in four Americans were affected. Records contained current and previous member data including names, social security numbers, birthdates, street addresses, member IDs, email addresses, employer info, and wages. This was enough data to literally buy a house or get a Government issued ID. PII breaches have much more complex effects that ripple far into the business community. The stolen information
can be used for identity theft in a much broader way. Thieves sell the PII to other criminals who use the victim’s ID to make major purchases, get health insurance, submit fraudulent worker’s comp claims, request tax refunds, and commit countless other harmful acts against their victims. The attack on Anthem BlueCross could have had ZERO impact. Unfortunately, Anthem, like many other insurance, financial services, and healthcare companies, didn’t look at cyber security through the right lens. They were busy trying to protect the edge of their network —their firewalls, servers, and databases — while they left the center — the data itself undefended.
The biggest havoc reapers
The financial repercussions of a security breach
Adding it all up across the 6 major categories.
Reputation & brand damage
Forensics
Lost productivity
Technical support
Lost revenue
Compliance regulatory
29% 21% 20%
12% 10% 8%
© Copyright and Confidential ITSourceTEK, 20177
Our multi-layered approach A simple analogy is look at data as gold and the systems they are stored on as a safe. The strategy Anthem and many other large trusted brands used prior to being breached was to lock the gold in a safe and monitor access to that safe. This is a good start, but there will always be criminals smart enough to break into the safe and stay undetected until they make off with the gold. ITSourceTEK advocates locking up the gold and monitoring and controlling who has access. This is accomplished using automated policy enforcement and adding a security layer by dynamically masking and/or encrypting the data with format preserving encryption (FPE). This layered approach is like turning that gold into fool’s gold for both external and internal threats. The data will be in the same format, meaning it looks the same, but isn’t the same, hence the criminals think they have the valuable data — a.k.a the “gold.” However, it is really nothing but worthless fool’s gold, since they don’t have a key to decrypt the data back into its true state. To accomplish this, we constantly monitor the sensitive data elements from the application layer with a robust application security platform that sits inline, has an
integrated policy management engine to automate the enforcement of policies, and uses the power of data science to provide User Behavior Analytics (UBA). This platform can dynamically mask data and deploy FPE to sensitive data via the easy-to-use functionality of the User Interface. As a part of the UBA, we can also correlate behavior in real-time from many systems including LDAP, IAM, HRIS, DAM, DLP, WAF, and others to feed the SIEM. In many cases, this makes the arduous task of meeting stringent data security compliance requirements — such as GDPR, PCI-DSS, HIPAA, and others--as simple as a few mouse clicks. Another benefit of FPE technology is the ease at which data is searchable for Big Data and other enterprise needs without compromising security. This means insurers, financial services, utilities, and other organizations that need to run algorithms on the data for policy analytics, risk, pricing, and so on, can still protect their data, even in Hadoop (or other Big Data systems), ERPs, CRMs, HRIS, and Cloud-based systems.
How we protect your data
1 2 3
DNS security for prevention of data
exfiltration
Threat Intelligence with unsupervised machine
learning to prevent data from being compromised by zero day, Ransomware, and other
types of malware attacks
Managed Security Services for Third Party / Vendor Risk
Management to ensure companies in the supply
chain are also safeguarding sensitive data
Depending on our client’s environments, we may also recommend other advanced approaches, such as:
© Copyright and Confidential ITSourceTEK, 20178
Our approach to data security includes easy-to-implement and use solutions that are highly scalable for large enterprises and cost pennies on the dollar compared to the cost of a breach and the resultant collateral damage. By leveraging our approach, our clients have also seen cost reductions due to
automation and tool consolidation. Adding these layers to the security plan will ensure that a company’s sensitive data stays secure. Plus, our automated protections include audit trails via easy-to-use and share reporting features.
Our approach
Easy to implement
Highly scalable
Low cost in comparison to
possible loss
Contact us
Learn more about how ITSourceTEK can help protect your company’s data.
Call us toll-free at 866.548.4911
200.0202
00.02
0.020000
www.itsourcetek.com
Or visit us at: