securing your business for 2014, leveraging lessons of 2013 oc chapter

Securing your Business for 2014, Leveraging Lessons of 2013

Regents & Park – ISACAOC Chapter

2

The 10 Worst Data Breaches of 2013

Adobe (150 million exposed account credentials) (Source Code lost)

Had to be told by third part – Where was DLP?

Edward Snowden (pervasive signals intelligence, subversion of encryption standards, collaboration with overseas intelligence communities and other bombshells)

Snowden didn’t work for one of the agencies. He worked for an outside defense contractor. He wasn’t even a full-time employee of that contractor either, but a part-timer who had only been there for a few months.

NSA

The MUSCULAR program involved intercepting data from Yahoo and Google private clouds where the data is unencrypted. The data collected included email, pictures, video, text documents, spreadsheets, and an array of other similar file types.

With this new revelation, Google has taken a considerably stronger stance against the NSA’s spying programs

Data Broker Botnet (D&B, LexisNexis, Kroll Background America)

Using a Botnet hackers were able to work undetected for months to consolidate massive amounts of PII.

When its your job to collect, store and sell data !

Proprietary and Confidential. Do Not Distribute. @ Regents and Park, Inc. All rights reserved

3


Living Social

Attackers having access to those users’ information (name, email, password, buying history),

Encrypted password hashes can be "cracked" with computer software that essentially tries millions of different possible passwords looking for a match. The bad guys will successfully crack the passwords of many Living Social users, and knowing the password, name, and email address for a person, they may be able to break into other accounts that those people maintain on other websites.

AHMC Hospitals

In October, more than 729,000 patients were put in jeopardy when two unencrypted laptops were stolen from California-based AHMC hospitals. It took this breach for an encryption policy to be put into place at the AHMC hospital network

Media Outlets

The Syrian Electronic Army (hacktivist) claim an attack on President Obama from the Associated Press’ Twitter handle, causing a brief $136 billion dollar dive in the stock market


4


New York Times (Chinese hackers)

The New York Times revealed that its computers were stealthily compromised by Chinese hackers for a period of four months

The attackers first installed malware — malicious software — that enabled them to gain entry to any computer on The Times’s network.

Google, Facebook, Twitter, Yahoo (Pony Botnet)

The botnet is responsible for the theft of 2 million passwords and user names from a number of different locations, including Google, Facebook, Twitter and Yahoo

The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing login credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.


5


Target (40-150 mil data elements) (AT&T or Trustwave) would can you trust?

Let discuss

Who should you listen to?

What Encryption should you use (3DES)

Can you trust your Vendors Security (e.g. HVAC)

How do you create good Network Segmentation

Who is running your IT?


6


Target continues Tools

FireEye

Turned on but functions disabled

Data Monitoring Noc

Bit9

AV or No AV?

Encryption

P2PE


7

What do you have to loose?

PII

Customers

Money

Investors

Reputation

And….

What is your Managements Risk Appetite?


8

Security Layers

FirewallsIs your out most layer secure from cyber attack. How do you use them? Is a Vendor a firewall or vulnerability?

PeopleDo you have BOYD and segregation of duties and employee loyalty and…..

PolicyDoes the company know what security they want and does the employee get the message


9

Firewalls – what are they

Traditionally a devise to secure the network from the internet

Are they used internally and why?

Is a vendor a breach in your firewall?

Does your vendor access your network over a public network?

Do they have elevated privileges

What happens when a firewall gets breached

Does Encryption help?

In motion and at rest

How long before you know (Adobe)


10

People – who needs them!

People (staff) make the work go round. They also are responsible for most breaches

BYOD – MDM (Mobile Devise Management) Does your employees access there bank via a insecure access method?

Does your employees care if their phone is insecure when accessing your network, email, systems and software?

Big Data

Vacation? Not me! Fraud indicator is someone who never takes a holiday

They cant afford to leave their post else their replacement might notice something wrong


11

Policy

Are you training your employees?

Do they know what you expect of them?

How does a employee stop a attack if they don’t know what to look for

Maybe if I ignore it, it will go away?

Does a post it note message constitute remediation of a breach?

What was the security policy for the companies in the top ten list?


12

Roundtable Discussion

Questions from the group?

PCI

HIPAA

SOX

ISO

ISMS

Scanning

Training


13


Copied Track 1 and 2 dataUsed Mum & Pup web retails site to receive stolen data without alerting the retailer. Store data and retrieve later.

14


15


16

Regents & Park

Jason James

President

+1 (949) 903-2524

[email protected]


securing your business for 2014, leveraging lessons of 2013 oc chapter

Documents

worst data breaches

massive data breach

botnet hackers

programs data broker

yahoo pony botnet

new york times chinese

computer software

social attackers