Data breach presentation

Minimizing the Risk of a
Data Breach in the Workplace
December 8, 2015
Bradford Bach
BradfordBach| bbach@titan-ca.com | 213.784.3070

High profilesecuritybreaches make news
BradfordBach | bbach@titan-ca.com | 213.784.3070

Cyber thieves target smaller companies!
• They are not prepared
• They don’t understand their legal obligations
• They have financial liability
• They are the nexus for larger company breaches

Cyber attacksare on the rise
• Nations, groups & individuals are targeting
– Institutions
– Financial services agencies
– Utilities
– Consumers
• 43 percent of US firms have experienced a data breach in the past year (survey of
735 businesses)
Source: Pew Research Centerand Ponemon Institute

What are the hackers looking for?
• Credit card details
• Bank account numbers and PIN’s
• Social security numbers
• Passport numbers
• Drivers licenses
• Usernames and passwords
• Birthdays and anniversaries

Management’sconcern about data breach
Percentage concern level on 10-point scale
Source: Ponemon Institute

Key steps companieshave taken
• Recognizedtheneedfor a strongercyberdefenseposture
• Allocatedresourcesto preventing,detectingandresolvingdata breaches
• Developedoperationsandcomplianceprocedures
• EstablishedComputerSecurityIncidentResponseTeams(SIRT)

Investments in response to databreaches

What constitutesan incident?
• Report of a physical or criminal act (e.g.:theft of a computer, laptop, tablet or PDA)
• Suspicion that a device has been compromised to allow access to sensitive data
• Security issue with a person using equipment
• Other circumstances that warrant investigation include disruptive viruses, denial
of service attacks, malware, phishing scams, spam etc.

Are youprepared?
• Are you working with your IT team to ensure that you have appropriate security
controls in place?
• Do you have a SIRT team in place including general counsel, executives, key
personnel & IT?
• Have you implemented best practices policies and procedures to secure your
network?
• How are you funded to cover the legal compliance and costs associated with a
breach?
• Do you know what laws impact your industry?

Cybercrime example

SIRT response teams andplan minimums
1. Planning: Have shared goals and describe them in detail
2. TheTeam: Identify, inform and train those you expectto take
action

3. Incident identification methods and triggers
Define events and mechanisms that mighttrigger a security incident investigation. Provide examples
to help othersunderstand what to look for and how to respond.
• Theft or loss ofan unencrypted device
• Hacking ofa system containing protected data
• Employee snooping
• Malwarecapable ofdata exfiltration

4. Breach determination methodology
How will youdetermine if protected data was likelyto havebeen compromised based on the
attack, data classification, jurisdiction andparticular regulations?
Usethe four factor risk assessment methodology required for healthcaredata. If thereis a
probability of compromise, then you have suffered a breach. Thefour factors are:
• Thenatureandextentoftheprotectedinformationinvolved,includingthetypesofidentifiersandthelikelihoodofre-
identification;
• Theunauthorizedpersonwhousedtheprotectedinformationortowhomthedisclosurewasmade;
• Whethertheprotectedinformationwasactuallyacquiredorviewed;
• Theextenttowhichtherisktotheprotectedinformationhasbeenmitigated.

5. Breach response team activation
This will includemembers of the CIRTbut those that are normallynot included in incidents that do
not convert to a breach. Theycan be both internaland external including:
• Technical
• Executive
• Legal andcompliance
• Public relations
• Security vendors, etc.

6. Notification actions
Notification requirements vary by statute, state and data class. It is important to know the
requirements for each class of data youpossess.
7. Reporting and documentation
It is critical that youproduce accurateand complete documentation of the events, actions, and results
that occuras the result of a security incident. Besure to spend the time requiredto accuratelyportray
what happened, who did what, to what and with what? Keep copies of all communications,
notifications and any and all activity.

8. Policy and procedural ortechnological improvement
After a significant security incident and breach is a great opportunity to improveupon the policies and
procedures to prevent another breach in the futureand how to respond if it happens again. Takethis
opportunity to consider what happened and how youreacted. Thenconsider and documentways to
improveon both.

Trainingand updating staff
Onceyou have createdyour Computer Security Incident Response Plan and when you
use the plan to respond; you should then train your staff effectively and consistently.

Trainingand updating staff
• Having plans for which staff are either unaware of or are not familiar with when it
is time to act is much like having no plans at all.
• A lack of training can lead to inaction, delays and mistakes which are avoidable
and canbe incredibly costly. Empoweryour employees to beconfident and ready
to act when the inevitable occurs.

Breakdown of Events Impacting Security
Source: Pew Research Center and Ponemon Institute
Bradford Bach | bbach@titan-ca.com | 213.784.3070

Socialnetworking scams

Understandyour specificlegal obligations
• Health InformationPortability& AccountabilityAct(HIPAA)
• Health InformationTechnologyforEconomicandClinical Health Act (HITECH)
• Customs-TradePartnershipAgainstTerrorism(C-TPAT)
• FairandAccurateCreditTransactionAct(FACTA) includesRedFlagsRule
• NorthAmerican Electric ReliabilityCorp.(NERC)
• CriticalInfrastructureProtection(CIP)
• InternationalTraffickingin Arm Regulation(ITAR)
• Criminal JusticeInformationServices (CJIS)
• FederalInformationProcessingStandards(FIPS)
• FederalInformationSecurityManagement Act(FISMA)
• TheChildren’sOnlinePrivacyProtectionAct(COPPA)

Be prepared!
• Addressing regulatory issuesshould go beyond meeting minimum requirements. It
should also introduce efficiencies and processes that improve your overall
business.

Areas of focus tobe defensible in2016
1. Do a vulnerability or security assessment
2. Conduct patching for software security updates
3. Implement e-mail spam/malware filtering with link reputation checking
4. Set up a network security policy
5. Antivirus/malware
6. Cultivate a culture of safety with end-usertraining
• Source:: LeadingSecurityExpertsAlvakaNetworks

Areas of focus tobe defensiblein 2016
7. Implement backupand disaster recovery/business continuity
8. Network monitoring is an important function
9. Utilize the full security potential of VLAN and VPN
10. Gofor an up-to-date firewall/UTM technology, IPS/IDS
11. Dual factor authentication provides greater security
12. Makesureyou do your budgeting and ROI on security measures
Source:: Leading Security Experts Alvaka Networks

BradfordBach |
bbach@titan-ca.com
| 213.784.3070

Data breach presentation

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Data breach presentation (20)

Recently uploaded (20)

Data breach presentation