1 2014 Year of Mega Breaches & Identity Theft Findings from the 2014 BREACH LEVEL INDEX POWERED BY
2 BREACH LEVEL INDEX THE NUMBERS RECORDS BREACHED IN ,023,108,267 NUMBER OF BREACH INCIDENTS 1,541 BREACHED RECORDS INCREASE FROM LAST YEAR 78% RISK ASSESSMENT SCORES 7.0 AND HIGHER - A SEVERE BREACH, POSSIBLY EVEN CATASTROPHIC 106 More and more organizations are accepting the fact that despite their best efforts security breaches are unavoidable. DATA RECORDS WERE LOST OR STOLEN WITH THE FOLLOWING FREQUENCY EVERY DAY 2,803,036 EVERY HOUR 116,793 EVERY MINUTE 1,947 EVERY SECOND 32
3 INTRODUCTION 2014 YEAR IN REVIEW Many information security experts will remember 2014 as the year of the big breaches and with good reason. In addition to several high-profile hack attacks, the year included a number of lesser-known incidents that nevertheless resulted in significant theft of records, according to a comprehensive analysis of security breaches, conducted by Gemalto through data collected in its Breach Level Index. To produce this report, Gemalto, a leading global provider of digital security solutions, has gathered extensive publicly-available information about data breaches throughout the world. This data is aggregated in the Breach Level Index, a database the company maintains on data breaches globally. The information is analyzed in terms of the number of breaches, the number of data records lost, and data breaches by industry, type of breach, source and by country or region. Clearly, the numbers were up in Data breaches totaled 1,540, up 46% from the 1,056 in Even more dramatic was the rise in data records involved in the breaches. That jumped 78%, from about 575 million in 2013 to more than one billion in From a time perspective, in 2014 some 2,803,036 data records were stolen or lost every day, 116,793 every hour, 1,947 every minute and 32 every second. So figure in about the time it took to read the previous sentence, about 400 data records would have been stolen or lost based on the 2014 data breach statistics. And despite the growing interest of encryption technology as a means to protect for information and privacy, only 58 of the data breach incidents in 2014, or less than 4% of the total, involved data that was encrypted in part or in full. But beyond the numbers was the social, economic and even political impact of the breaches. Some of the most high profile data breaches ever, including the ones against retailer Home Depot and entertainment company Sony Pictures Entertainment, occurred in And the year began with the Target breach of the previous year, another highprofile attack, still very much on the public s mind. Many of the breaches in 2014 involved the theft or compromise of identifiable information, such as names, addresses and social security numbers. In comparison, many of the thefts of 2013 involved financial information such as credit card numbers. Following are some of the most notable examples of data breaches in 2014, including the number of records stolen, type of breach and risk assessment score. The score is calculated based on factors such as total number of records breached, the type of data in the records, the source of the breach and how the information was used. A score of 1 to 2.9 is minimal risk, 3 to 4.9 is moderate, 5 to 6.9 is critical, 7 to 8.9 is severe and 9 to 10 is catastrophic. The point of the scoring system in the Breach Level Index is to demonstrate that not all breaches have the same impact on organizations and amount of risk. 3
4 BREACH LEVEL INDEX NOTABLE DATA BREACHES 4 Home Depot ,000,000 records Korean Credit Bureau ,000,000 records JP Morgan Chase ,000,000 records AliExpress ,000,000 records Sony Pictures Entertainment ,000 records The breach against the U.S.-based home improvement specialty retailer was a financial access attack that involved 109 million records and scored a 10.0 on the risk assessment scale. It was one of the largest attacks of the year in terms of records compromised. According to a statement by the company, its payment data systems were attacked. The files containing the stolen addresses did not contain passwords, payment card information or other sensitive personal information, it said. The South Korean financial services provider suffered an identity theft breach that involved some 104 million records and scored a 10.0 on the risk assessment scale. CSO reported that the breach affected 27 million people, with compromised data coming from Web site registrations for various games and online gambling promotions, ringtone storefronts and movie ticketing. Records involved included names, account names and passwords, and resident registration numbers. The U.S.-based financial services provider suffered an identity theft breach that resulted in 83 million records being compromised, scoring a 10.0 on the risk assessment scale. In a post on its Web site, the company said based its forensic investigation there was no evidence that customer account numbers, passwords, user IDs, dates of birth or Social Security numbers were compromised during the attack. However, contact information such as name, address, phone number and address was compromised. A critical but easily exploitable personal information disclosure vulnerability was discovered in the popular online marketplace owned by Chinese e-commerce company Alibaba.com, which affected its millions of users worldwide, according to The Hacker News. The account access breach involved 300 million records and scored 9.5 on the risk assessment scale. The reported vulnerability could allow anyone to steal personal information about hundreds of millions of AliExpress users without knowing their account passwords. Although it scored relatively low in terms of the number of records involved (47,000), the identity theft attack against the U.S. entertainment company was one of the most highly publicized hack attacks ever, garnering much attention because the U.S. federal government blamed the incident on North Korean attackers. The SPE breach scored a 6.5 on the risk assessment scale. But this does not take into account the loss from intellectual property theft from any videos/movies that might have been illegally obtained and released.
5 TOP SCORING BREACHES 2014 YEAR IN REVIEW ORGANIZATION RECORDS TYPE INDUSTRY SCORE HOME DEPOT 109,000,000 FINANCIAL ACCESS RETAIL 10.0 J P MORGAN CHASE 83,000,000 FINANCIAL 10.0 EBAY 145,000,000 RETAIL 10.0 KOREA CREDIT BUREAU, NH NONGHYUP CARD, LOTTE CARD, KB KOOKMIN CARD 104,000,000 FINANCIAL 10.0 BENESSE HOLDINGS 48,600,000 EDUCATION 9.8 WEBSITES FOR ONLINE GAMES, MOVIE TICKETING AND RING TONE DOWNLOADS 27,000,000 TECHNOLOGY 9.6 ALIEXPRESS 300,000,000 ACCOUNT ACCESS RETAIL 9.5 KOREAN MEDICAL ASSOCIATION, ASSOC. OF KOREAN MEDICINE AND KOREAN DENTAL ASSOC. 17,000,000 HEALTHCARE 9.4 NORTHWESTERN CITY OF VERDEN 18,000,000 FINANCIAL ACCESS GOVERNMENT 9.3 NAVER 25,000,000 ACCOUNT ACCESS TECHNOLOGY 9.3 KOREA TELECOM - KT CORPORATION 12,000,000 TECHNOLOGY 9.3 SERBIAN STATE 7,276,604 GOVERNMENT 9.1 ACCOUNT INTERNET COUNTRY GERMANY 16,000,000 GOVERNMENT 9.1 ACCESS 5
6 BREACH LEVEL INDEX HOW THE INDUSTRIES COMPARE RETAIL FINANCIAL SERVICES 8 While the retail sector might not have ranked at the top of the industry list in terms of the number of breaches, it had an astounding number of records exposed and included some of the most high-profile attacks of the year. There were 176 data breaches among retailers, accounting for 11% of the total, which was up slightly from 8% in These attacks resulted in more than half a billion (567,316,824) data records being exposed. That amounted to 55% of all the records involved in data breaches during the year, compared with 29% in The average records lost per breach was 3,223,391, versus 6,600,000 in Among the top breaches in the There were a total of 179 data industry were AliExpress with 300,000,000 records; ebay, with 145,000,000 records; Home Depot, with 109,000,000 records; Hannaford Bros., with 4,200,000 records; Michael s Stores, with 3,000,000 records; Staples, with 1,160,000 records; and Domino s Pizza, with 650,000 records. As in the financial services industry, attacks against retailers put customers financial data at risk. It s clear from the types of attacks in the retail sector that many were financially motivated. These types of breaches tend to receive a lot of publicity, partly because of the number of records involved but also because many people can relate to conducting business with retailers electronically. breaches in the financial services industry, accounting for 12% of the total breaches last year. That percentage was down slightly from the year before, when it was 15%. Finance companies had 205,175,846 data records compromised, representing 20% of the total records and up from The average records lost per breach was 1,146,233 - up sharply from just 112,000 records in Among the top breaches in the finance sector were the Korean Credit Bureau, with 104,000,000 records; JP Morgan Chase, with 83,000,000 records; and HSBC Bank in Turkey, with 2,700,000 records.
7 DATA RECORDS STOLEN/ LOST BY INDUSTRY 2014 YEAR IN REVIEW 3% 3% 5% 5% 9% RETAIL FINANCIAL TECHNOLOGY 55% EDUCATION 20% GOVERNMENT OTHER HEALTHCARE TECHNOLOGY The technology industry, which includes social media sites, had 134 data breaches in That accounted for 9% of the total, down from 11% in The breaches against IT companies involved 96,493,092 data records, or 9% of the total. That percentage is down sharply from 2013, when it was 43%. Average records lost per breach in the industry was 720,097, compared with 5,700,000 in Top breaches in technology for the year included Naver, with an account access breach that exposed 25,000,000 records, and KT Corporation, with 12,000,000 records in identity theft. The breach numbers have to be somewhat good news for an industry that is always concerned about attacks aimed at stealing intellectual property or launched for competitive reasons. Perhaps companies focused on technology are more proactive when it comes to deploying security tools to help protect their networks and data. 9
8 BREACH LEVEL INDEX INDUSTRIES CONTINUED EDUCATION GOVERNMENT HEALTHCARE Educational institutions suffered Government agencies and other No industry experienced as many 157 data breaches in 2014, or public sector organizations data breaches as the healthcare 10% of the total breaches for all industries. These attacks resulted in 51,377,801 data records being experienced 264 data breaches, or 17% of the total, making it one of the most targeted industries. sector, which had 391 compromised, which accounted breaches in That amounted for 5% These attacks involved 50,121,314 data records, or 5% of the total for all industries. Average records to one quarter of all the breaches reported for the year. As high as that percentage is, it s actually of all the records stolen in attacks lost per breach was down from the 2013 share of 31%. last year. Among the top breach targets in 189,853 Healthcare organizations had 29,384,567 data records, or 3% of the industry were the Benesse The top breaches in government the total, compromised in these Holdings, with an identity theft included Northwestern city of attacks. That percentage is up attack involving 48.6 million Verden, with 18,000,000 records from 2% in The average records; Netherlands Primary exposed through a financial records lost per breach for the School, with an identity theft access attack; Serbian State, industry was 75,152, compared attack involving 1 million records; with 7,276,604 records through with 49,000 in and Maricopa County Community identity theft; and Internet country College District, with an identify Germany, with 16,000,000 records Among the top breaches in theft attack that exposed 309,079 through account access. healthcare were the Korean records. Medical Association, with While the average number of 17,000,000 records exposed in an As is clear from the statistics, records involved in each attacks identity theft attack; Community breaches against educational was relatively low compared Health Systems, with 4,500,000 institutions generally involve with financial services, for records in identity theft; and the 10 relatively small numbers of records. example, the total number of attacks was high. State of Texas Department of Health & Human Services, with 2,000,000 records in identity theft. continued on page 12
9 2014 DATA BREACHES THE WHO AND WHAT YEAR IN REVIEW Among the key characteristics of security breaches when it comes to addressing the attacks and making necessary changes to systems to avoid future attacks are the type of breach and the source. In many cases if organizations know how the attacks were conducted and by whom, they can take proactive steps to better protect themselves against similar intrusions and loss of data. The Breach Level Index shows there were a variety of types of attacks and sources in While the sources of the attacks remained largely unchanged from those in 2013, the types of attacks were quite different from year to year in terms of frequency. The most common type of source were malicious outsiders, who were involved in 854 breaches, or 55% of the total. The percentage is essentially unchanged from 57% in Clearly, this is by far the biggest threat organizations face today in terms of potential loss of data. The next type of source, responsible for about one quarter of the breaches, was accidental loss. This caused 380 of the data breaches. In 2013, accidental loss accounted for 27% of the breaches. It s a bit perplexing that so many breaches could be for 229 breaches. That was 15% of caused by accident, and shows the total, quite similar to the 13% that companies need to do a better in job of preventing mishaps that can lead to data loss. Next were state-sponsored attackers, who carried out 56 of Malicious insiders were the next the breaches, or 4%, in While most common source, responsible it s a small percentage of the total, NUMBER OF BREACH INCIDENTS BY SOURCE MALICIOUS OUTSIDER ACCIDENTAL LOSS MALICIOUS INSIDER STATE SPONSORED HACKTIVIST 4% 15% 55% 25% 11
10 BREACH LEVEL INDEX DATA BREACHES THE WHO AND WHAT these sources increased from less than 1% in This is likely to be a continuing trend, as countries launch hacks against each other for political, economic, retaliatory or other reasons. NUMBER OF BREACH INCIDENTS BY TYPE FINANCIAL ACCESS Hacktivists were the sources of ACCOUNT ACCESS just 19, or 1% of the attacks, with the percentage down from 2% the year before. NUISANCE EXISTENTIAL DATA 10% 8% The most common type of attack was identity theft. Organizations were hit with 827 of these attacks, which accounted for more than 11% 54% half of the total (54%). That s up dramatically from just 20% in 2013, which should be a concern 17% for security operations. Clearly they need to do more to prevent identity theft. The next most common type Other types of attacks were 12 of attack was financial access, accounting for 261 or 17% of the breaches. That was down substantially from 50% in So these first two types of attacks basically switched places from year to year, which shows how dynamic and unpredictable the security environment can be. account access (162 attacks or 11%, down from 28%); nuisance (157 attacks, or 10%, up from less than 1%); and existential data (134 attacks or 8%, up from 1%). The last two types represented fairly big increases and there deserve attention from security professionals. continued from page 10 Exposure of records in healthcare is not only a security concern for these organizations; it puts companies at risk for regulatory non-compliance. For example, organizations in the U.S. must comply with the Health Insurance Portability and Accountability Act (HIPAA), which calls for the secure handling of patient information.
11 2014 A NEW MINDSET FOR DATA SECURITY YEAR IN REVIEW Breach Prevention Alone Has Failed The 2014 Breach Level Index from Gemalto shows that data breaches are very much a growing threat for organizations. The number of records compromised is remarkable, considering the lengths many organizations go to in order to protect their data. It s apparent that a new approach to data security is needed if organizations are to stay ahead of the attackers and more effectively protect their intellectual property, data, customer information, employees, and their bottom lines against data breaches in the future. Security is consuming a larger share of total IT spending, but security effectiveness against the data-breach epidemic is not improving at all. Enterprises are not investing in security based on reality as it is; they re investing based on reality as it was: a bygone era where hackers were glory-seeking vandals, sensitive data was centralized, and the edge of the enterprise was a desktop PC in a known location. And in this reality, network firewalls and other network perimeter breach-prevention technologies were good enough. Unfortunately, yesterday s good enough approach to security is obsolete in an age where data is distributed across and beyond the enterprise, and hackers whether skilled criminals or insiders both malicious and accidental are a constant threat to data. There is nothing wrong with network perimeter security technologies they are an added layer of protection. The problem is that many enterprises today rely on them as the foundation of their information security strategies, and unfortunately there is really It s apparent that a new approach to data security is needed if organizations are to stay ahead of the attackers and more effectively protect against data breaches in the future. no fool-proof way to prevent a breach from occurring. Alarmingly, market trends show that the lion share of organizations have no plans of changing this approach. According to IDC, of the $32 billion enterprises spent on security technology in 2013, more than 26% ($8.4 billion) was invested in network perimeter security. 13
12 BREACH LEVEL INDEX A NEW MINDSET FOR DATA SECURITY From Breach Prevention to Breach Acceptance The Breach Level Index indicates that data breaches have been increasing in frequency and size over the last couple of years. So by definition, breach prevention is an irrelevant strategy for keeping out cybercriminals. In addition, every organization already has potential adversaries inside the perimeter. Disregarding these internal threats not only invites blatant misuse but also fails to protect against accidental carelessness. Even nonmalicious behaviors such as bringing work home via personal accounts, lost devices, storing data on USB drives and vendors unknowingly sharing network log-in credentials and passwords are a few examples of how easy it is to innocently leak sensitive data In today s environment, the core of any security strategy needs to shift from breach prevention to breach acceptance. And, when one approaches security from a breach-acceptance viewpoint, the world becomes a relatively simple place: securing data, not the perimeter, is the top priority. Securing the data is a challenging proposition in a world where cloud, virtualization and mobile devices are causing an exponential increase in the attack surface. Many organizations might be inclined to address this problem with a containment strategy - limiting the places where data can go, and only allowing a limited number of people to access it. However, this strategy of no where security is based on restricting data access and movement runs counter to everything technology enables today. The mandate today is to achieve a strategy of yes, which is built around the understanding that the movement and sharing of data is fundamental to business success. From Breach Acceptance to Securing the Breach It s one thing to change mindsets. It s another to implement a new approach to security across an organization. While there is no one size fits all prescription for achieving the Secure Breach reality, there are three steps that every company should take to mitigate the overall cost and adverse consequences that result from a security breach. Control access and authentication of users. Encrypt all sensitive data at rest and in motion, securely manage and store all of your encryption keys. By implementing each of these three steps into your IT infrastructure, companies can effectively prepare for a breach, and avoid falling victim to one. 14 It s not a question if your network will be breached, the only question is when. With the velocity of business increasing, new technologies constantly being deployed and new and sophisticated attacks regularly being launched, is it not inevitable that it is only a matter of time before your business is hacked. Learn more at: CONTROL USER ACCESS ENCRYPT THE DATA STORE AND MANAGE KEYS
13 The year 2014 will be a tipping point for data security and identity protection because data breaches became more prominent in the public consciousness.
14 What s Your Score? Find Out At BREACHLEVELINDEX.COM Information collected from public sources. Gemalto provides this information as-is, makes no representation or warranties regarding this information and is not liable for any use you make of it. Contact Us: For all office locations and contact information, visit and Gemalto NV. All rights reserved. Gemalto and SafeNet logos are registered trademarks. All other product names are trademarks of their respective owners
2014 Year of Mega Breaches & Identity Theft Findings from the 2014 BREACH LEVEL INDEX POWERED BY BREACH LEVEL INDEX THE NUMBERS RECORDS BREACHED IN 2014 1,023,108,267 NUMBER OF BREACH INCIDENTS 1,541 BREACHED
2015 First Half Review Findings from the BREACH LEVEL INDEX POWERED BY BREACH LEVEL INDEX THE NUMBERS More and more organizations are accepting the fact that, despite their best efforts, security breaches
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
SecurityMetrics PCI Starter Kit Orbis Payment Services, Inc. 42 Digital Drive, Suite 1 Novato, CA 94949 USA Dear Merchant, Thank you for your interest in Orbis Payment Services as your merchant service
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
Data Security: Risks, Compliance and How to be Prepared for a Breach Presented by: Sandy B. Garfinkel, Esq. The Data Breach Reality: 2015 AshleyMadison.com (July 2015) Member site facilitating personal
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
Unisys Security Insights: Germany A Consumer Viewpoint - 2015 How consumers in Germany feel about: Personal data security, ranked by industry Experiences concerning security of personal data Research by
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz firstname.lastname@example.org IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
7 VITAL FACTS ABOUT HEALTHCARE BREACHES www.eset.com 7 vital facts about healthcare breaches Essential information for protecting your business and your patients Large breaches of Personal Health Information
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
INDUSTRY REPORT 2015 CENTRI Data Breach Report: An Analysis of Enterprise Data Breaches & How to Mitigate Their Impact P r o t e c t y o u r d a t a Introduction This industry report attempts to answer
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
Mobile Security Checklist An Easy, Achievable Plan for Security and Compliance Introduction Are mobile devices the weak link in your security defenses? Today, organizations are pouring millions of dollars
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
Whitepaper Best Practices for Securing Your Backup Data BOSaNOVA Phone: 866-865-5250 Email: email@example.com Web: www.theq3.com DATA PROTECTION CHALLENGE Encryption, the process of scrambling information
Protecting What Matters Most Terry Ray Chief Product Strategist Trending Technologies Session 11 Cyber attacks are bad and getting Significant economic Stock price fell by 14% Impacted profits by 46% Total
INC Internet Biometric Security Systems Internet Biometric Security System,Inc.White Papers Advanced Biometric Technology THE SIMPLE SOLUTION FOR IMPROVING ONLINE SECURITY Biometric Superiority Over Traditional
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12
The Future of Data Breach Risk Management Response and Recovery Increasing electronic product life and reliability The Cybersecurity Forum April 14, 2016 Today s Topics About Merchants Information Solutions,
Establishing a Data-Centric Approach to Encryption Marcia Kaufman, COO and Principal Analyst Sponsored by Voltage Security Voltage Security: Many data breaches occur at companies that already have a data
Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security RETAIL EDITION #2015InsiderThreat RESEARCH BRIEF RETAIL CUSTOMERS AT RISK ABOUT THIS RESEARCH BRIEF
DATA BREACHES: HOW IT IMPACTS THE CUSTOMER & THE FINANCIAL INSTITUTION. Prepared For: First Citizens Federal Credit Union TABLE OF CONTENTS Data Breach Trends Financial Institutions Impact How First Citizens
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
REPRINT FEBRUARY 2013 healthcare financial management association hfma.org a new approach to IT security FEATURE STORY REPRINT FEBRUARY 2013 healthcare financial management association hfma.org a new approach
CYBERCRIME AND THE HEALTHCARE INDUSTRY Access to data and information is fast becoming a target of scrutiny and risk. Healthcare professionals are in a tight spot. As administrative technologies like electronic
Data Backup for Small and Medium Businesses: Priorities, Current Practices, and Risks November 12, 2008 How safe is small business data? As the power of computers continues to grow, more and more of the
Research Results April 2015 Powered by Introduction Where are organizations investing their IT security dollars, and just how confident are they in their ability to protect data form a variety of intrusions?
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009
Follow the Data: Analyzing Breaches by Industry Trend Micro Analysis of Privacy Rights Clearinghouse 25 215 Data Breach Records Numaan Huq Forward-Looking Threat Research (FTR) Team A TrendLabs SM Research
PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements
The SQL Injection Threat & Recent Retail Breaches Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2014 1 Part 1. Introduction The SQL Injection Threat &
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
Top Five Things You Need to Know About Cybersecurity Larry Mattox, VC3 Session #7 Cyber breaches are more sophisticated and can happen to any size organization. Victims of Cyber-espionage CNN, Washington
10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth
2013 INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT & October 2013 & INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT: The Third Annual Survey on the Current State of and Trends in Information
WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON COMMERCE, SCIENCE, & TRANSPORTATION HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM TESTIMONY
Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving
Classify, Protect, Audit: New Approach to SAP Data Security Aparna Jue, SECUDE About SECUDE SECUDE is an innovarve global provider of IT data protecron solurons for SAP customers. Our user- friendly solurons
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared
Data Security Best Practices & Reasonable Methods September 2013 Mike Tassey Technical Security Advisor Privacy Technical Assistance Center (PTAC) http://ptac.ed.gov/ E-mail: PrivacyTA@ed.gov Phone: 855-249-3072
Building National and Regional Cybersecurity Competences through the UbuntuNet Alliance NRENS UbuntuNet Connect 2015 F.F. Tusubira & A. Ndiwalana Knowledge Consulting Ltd Outline Background Current reality
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
1 of 8 4/23/2016 2:49 PM (http://www.xtelligentmedia.com) Become a member Login HealthITSecurity /) Home /) News /news) Features /features) HIPAA and Compliance /topic/hipaa) EHR Security /topic/ehr-security)
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
Mitigating Server Breaches with Secure Computation Yehuda Lindell Bar-Ilan University and Dyadic Security The Problem Network and server breaches have become ubiquitous Financially-motivated and state-sponsored
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
SURVEY REPORT Gaps in Database An Osterman Research Survey Report sponsored by Published April 2016 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 USA Tel:
Is your Organization SAFE? About Enterprise Risk Management (ERM) About The Presenter Mike Sanchez, Senior Vice President at ERM Captain, USMC (Ret.) COBIT 5 Certified Possesses over 20 years of experience
WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners
Federal Cyber Security Outlook for 2010 National IT Security Challenges Mounting How well prepared are IT professionals within U.S. government agencies to respond to foreign cyber threats? Will government
Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against