Cyber Attacks and Liabilities Why do so many Organizations keep Getting Hacked, Sued and Fined?
|
|
- Bernard George
- 8 years ago
- Views:
Transcription
1 Cyber Attacks and Liabilities Why do so many Organizations keep Getting Hacked, Sued and Fined? PRESENTED BY RICK SHAW, AWAREITY Webinar Objectives Employees (and third parties) are the weakest links Learn the best ways to ensure awareness of changing threats and responsibilities for protecting personal information Just having the best recipe (policy, procedure, plan, strategy, law, guideline, checklist, etc.) is not enough How you can effectively enable and motivate your employees and customers to identify and report suspicious activities and possible information breaches The 6 Essential Steps to Proactive Prevention Individual Level Awareness, Collecting Data, Assessing Data, Connecting Data, Intervention and Monitoring, and Prevention (Spoiler Alert! Most Organizations Are Only Addressing 2 or 3 Steps!) 1
2 Quick background information on me 30+ years performing assessments of many types (risk, compliance, threat, physical, cyber security, etc.) The cyber security assessments were by far the most interesting The cyber security assessments provided most value Compliance Failures and Liabilities Why do so many organizations keep getting hacked, sued and fined? 2
3 Did you see the headlines for these hacks? Office of Personnel & Management Centura Regional Medical Center in Colorado Anthem Target Office Depot RSA And lots of others? Did you see the FTC can now sue/fine organizations getting hacked? The law has always imposed responsibility on companies for the care of their customers. When you re in the restaurant you have to be protected against slips and falls or food borne illness Data is just something new that companies have to protect if they want to bear the benefits of collecting it. Chris Hoofnagle, Berkeley Law professor This a huge victory for the FTC, but also for American consumers We see services and companies being hacked on an almost daily basis now. Having the FTC out there, bringing actions against companies that fail to protect consumers data is a critical tool. Alan Butler, Electronic Privacy Information Center attorney Read the full article at says ftccan slap companies getting hacked/ 3
4 Would you rather prevent hacking or react to hacking? Would you rather prevent headlines, lawsuits, fines or react to them? The first step to PREVENTING Do you know how these organizations got hacked? Headlines and articles would have you think the hacks are the result of sophisticated new hacking techniques but are they really? Not exactly employees and third parties were PHISHED and/or SPEAR PHISHED 4
5 Employees and Third Parties Are Your Weakest Link Old Days: Some bad guys knew to target Employees and Third Parties (Service providers, contractors, etc.), so they social engineered (phone, , etc.) your people into giving out sensitive information. Today: Professional hacking groups (criminal groups and groups funded by a country) are taking advantage of the same weakest link (employees) with Phishing and Spear Phishing attacks. Employees and Third Parties Are Your Weakest Link A recent information security report from FireEye revealed cyber attackers have free rein in a victim s systems for a median of 205 days before being detected. How can this be? Firewalls and security devices are very reactive and very predictable and they do not stop Phishing and Spear Phishing attacks! 5
6 How do hackers get passed Firewalls and security devices? What is Phishing? Cyber criminals use e mails as "bait" to fish (phish) for information login IDs, passwords, financial data, credit card numbers, social security numbers, etc. What is Spear Phishing? Phishing attack targeting a specific employee or group of employees within an organization or a group of individuals with common interests. Most attacks arrive as a customized e mail that appears to be from a trusted person (senior official or executive) within your organization. Do your employees know your organization will never ask them for sensitive or confidential information via e mail? How do hackers get passed Firewalls and security devices? And the attacks continue evolve with technology: Vishing: request individuals to place a phone call to verify account information, only the phone number doesn't go to the real organization. Instead the victim is calling a VoIP (voice over IP) phone that can recognize and capture telephone keystrokes and voice messages to steal an individual's personal information as they provide it via phone. Smishing: SMS or text messages attempting to trick customers into divulging their personal account information when they respond to a text or click on a link that takes them to a fraudulent web site that can place malware on their mobile device. 6
7 Myth of it will not happen here? How many of you are thinking, This will never happen to my organization.? How many of you are thinking, We have annual information training, so we are covered.? How many of you are thinking, We have a policy on usage, so we are covered.? How many of you are thinking, Oh my we have lots of employees that would click on a link or open an attachment?? How do you ensure awareness of changing threats and responsibilities for protecting personal information? 7
8 Once a year information security awareness training is not enough Why? Policies (recipes) are not enough Why? 8
9 New Carbanak Gang Threat Operating from Russia, Ukraine and China Between , stole around $1B from 100 banks in 30 countries Temporarily hindered but now changing their tactics, upgrading malware "From our analysis, it becomes clear that Carbanak has returned and has been confirmed [to be] targeting large corporations in Europe and in the USA. Attack methods are spear phishing... Peter Kruse, electronic crime specialist at CSIS Read the full article at banking malware returns upgrades a 8523 Einstein s Definition of Insanity Doing the same things over and over and expecting different results. Bottom line: Organizations wanting different results need different solutions for Employees and Third Parties 9
10 Six Essential Steps to Proactive Prevention Step 1: Individual Level Awareness Organizations must ensure situational and ongoing awareness at the individual level Annual or ongoing training as needed (Safety, Health, etc.) for all employees, based on location, job title, security level, etc., including tests for comprehension Distribution of updated situational information across departments Acknowledging ongoing updates shared across locations, depts. (e.g. restricted visitors, restricted sites, new threats, etc.) 10
11 Step 1: Individual Level Awareness Organizations must ensure situational and ongoing awareness at the individual level Tracked acknowledgment and understanding of: Policies, work practices and administrative procedures Legal regulations and mandates Assigned tasks, responsibilities and obligations What needs to be reported When, where and how to submit a report Pre incident indicators, suspicious activities and concerning behaviors Incidents considered near misses Updates on new and viral risks Emergency and crisis response plans Contingency plans Prevention strategy On going updates Step 2: Collecting Data Organizations must empower and equip all appropriate individuals to recognize and report (i.e. See Something, Say Something ): Empower all individuals with up to date awareness and training on prevention strategies, policies, what pre incident indicators and concerning behaviors look like Organizations must provide tools to empower and equip all appropriate individuals to anonymously and/or confidentially: Submit observations, concerns and reports Upload/share evidence (e.g., documents, pictures, videos, social media screen shots, phishing s, etc.) 11
12 Step 2: Collecting Data Organizations must collect information into a central secure records management platform: Not Silo systems or Employee Records System (ANSI WVPI) Restricted access to privileged information Feeds information into system from all origins (Paper Forms/Reporting Box, E mail/online Forms, Phone Line/Hotline, Verbal reports, Texts/Apps, etc.) Provides tools to ensure right information gets to the right people in time to take right actions Step 2: Collecting Data Organizations must collect ALL relevant information in their central records management platform: Tracked employee, customer and vendor accountability and compliance with awareness topics Records of all training programs, attendees, and qualifications of trainers. Information from Interviews, Investigations, Interventions, Follow ups, etc. Surveys from employees, customers and vendors and feedback from reviews and new changes Reports of cyber security concerns (new icons, locked accounts, unauthorized site changes, data changes, timestamps, etc.) 12
13 Step 2: Collecting Data Organizations must collect ALL relevant information in their central records management platform: Reports of physical security concerns/facilities management (broken glass, faulty camera, unlocked door, burned out bulbs, etc.) Shift reports and incident/near miss logs for all departments/units, work areas, job titles, locations etc. Documentation of minutes of security meetings, records of security assessments and corrective actions recommended and taken. Records of injuries, illnesses, incidents, hazards, corrective actions, employment histories Step 3: Assessing Data Organizations must be equipped with the right tools to evaluate, investigate, collaborate and intervene on threatening situations: Assess the situation to determine if an immediate or urgent threat exists Conduct initial investigation, interviews and gathering of information from resources (activity logs, personnel files, etc.) Conduct a preliminary risk screening of threat, escalation potential, etc. Develop early intervention and prevention actions Monitor intervention and prevention efforts 13
14 Step 3: Assessing Data Organizations must be equipped with the right tools to evaluate, investigate, collaborate and intervene on threatening situations: If concern increases and/or additional incident reports develop, conduct a formal risk assessment to determine if situation is escalating Develop additional intervention and prevention responses, involve external threat assessment professional(s), p.r.n. Continue to monitor behaviors and intervention and prevention efforts Assess current procedures and protocols for efficiency, effectiveness, compliance to legal standards, etc. Assess how are issues being or will be addressed Step 4: Connecting Data Organizations must be equipped with the right tools to securely connect with internal and external resources for further prevention efforts: Review all related incident reports for previous actions taken Review the outcomes of actions taken to determine if an updated plan of action for intervention, prevention and monitoring is needed Re assess any new information, update plan of action for intervention, prevention and monitoring accordingly Gather and utilize lessons learned from similar incidents, lawsuits or tragedies to ensure appropriate intervention and prevention actions are being taken 14
15 Step 4: Connecting Data Organizations must be equipped with the right tools to securely connect with internal and external resources for further prevention efforts: Develop additional intervention and prevention responses involving external threat assessment professional(s) as needed If certain criteria is met, organization should be equipped to securely connect with law enforcement, legal, homeland security, compliance and other appropriate resources Involve crisis management to ensure crisis containment efforts have been updated, communicated and implemented Step 5: Intervention and Monitoring Organizations must be equipped with the right tools to efficiently track and monitor intervention efforts and outcomes, ongoing: Review how intervention efforts are working with all individuals, across departments, locations, etc. Review outcomes of intervention strategy and alternative options: Interviews Surveys Personnel actions Legal considerations 15
16 Step 5: Intervention and Monitoring Organizations must be equipped with the right tools to efficiently track and monitor intervention efforts and outcomes, ongoing: Review individual specific control strategies Monitoring warning signs, triggers, etc. Supervision, surveillance and activity/access restrictions Security planning and other risk mitigation options Analyzing trends and rates relative to initial or baseline rates; Identify patterns of incidents to develop preventative controls Measure improvement in incident rates based on lowered the frequency and severity Step 6: Prevention Organizations must be equipped with the right tools to proactively manage prevention efforts: Review how prevention efforts are working across departments, locations, settings, etc. Keep up to date records of policy and procedural changes put in place to prevent risks and continuously evaluate how well they are working Keep track of new strategies available to prevent and respond to general and field specific risks as they develop Review protocols for cyber security, physical security, asset preservation, etc. 16
17 Step 6: Prevention Organizations must be equipped with the right tools to proactively manage prevention efforts: Prepare post incident efforts for restoration and recovery of business operations, should incident occur Prevent future timely and costly tasks and eliminate mounting liabilities: Record all actions and reasoning so sound decisions are understood and upheld as warranted Transmit essential information to decision makers and reviewers immediately Update records immediately so current circumstances are considered in evaluation process and action plans Questions? Rick Shaw CEO/Founder, Awareity
How to Spot and Combat a Phishing Attack Webinar
How to Spot and Combat a Phishing Attack Webinar October 20 th, 2015 Kevin Patel Sr Director of Information Security, Compliance & IT Risk Mgmt kpatel@controlscan.com Agenda 1) National Cyber Security
More informationRemote Deposit Quick Start Guide
Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationVishing (and SMiShing ) Countermeasures
Vishing (and SMiShing ) Countermeasures Fraud Investigation & Education FIS www.fisglobal.com Vishing What is it? Vishing also called (Voice Phishing) is the voice counterpart to the phishing scheme. Instead
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationCybersecurity: Is Your Company Prepared?
Treasury and Trade Solutions April 29, 2015 Cybersecurity: Is Your Company Prepared? Sabine Mcintosh Managing Director Global Head of TTS Digital Security and Account Services sabine.mcintosh@citi.com
More informationWhite paper. Phishing, Vishing and Smishing: Old Threats Present New Risks
White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationDon t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
More informationAvoid completing forms in email messages that ask for personal financial information.
INTERNET FRAUD Online scams and viruses are constantly evolving and they threaten the security of computers worldwide. As criminals evolve their tactics, you need to keep your PC's security software (virus
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationFraud Trends. HSBCnet Online Security Controls PUBLIC
Fraud Trends HSBCnet Online Security Controls العربیة 文 En français En Español 繁 體 中 文 简 体 中 Contents Types of Fraud Malware Attacks Business E-mail Compromise Voice Phishing ( Vishing ) Short Message
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationProtecting your business from fraud
Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.
More informationPCI (Payment Card Industry) Compliance For Healthcare Offices By Ron Barnett
PCI (Payment Card Industry) Compliance For Healthcare Offices By Ron Barnett Dr. Svenson thought he was doing both his patients and his practice a big favor when he started setting up monthly payment arrangements
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationFinding a Cure for Medical Identity Theft
Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationHow To Help Protect Yourself From Identity Theft
How To Help Protect Yourself From Identity Theft January 20, 2015 Bryan Strong Senior Vice President and Director Information Security This complimentary interactive webinar is sponsored by Zions Bank
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationPresentation Objectives
Gerry Cochran, IT Specialist Jennifer Van Tassel, Associate Examiner Office of the State Comptroller Thomas P. DiNapoli State & Local Government Accountability Andrew A. SanFilippo Executive Deputy Comptroller
More informationProactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
More informationIIABSC 2015 - Spring Conference
IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationBest Practices: Reducing the Risks of Corporate Account Takeovers
Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationLearn to protect yourself from Identity Theft. First National Bank can help.
Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationPanel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices
Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers
More informationBelmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.
Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.
More informationCyber Security. Securing Your Mobile and Online Banking Transactions
Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet
More informationGEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More informationCorporate Account Takeover & Information Security Awareness. Customer Training
Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN
More informationwhitepaper 4 Best Practices for Building PCI DSS Compliant Networks
4 Best Practices for Building PCI DSS Compliant Networks Cardholder data is a lucrative and tempting target for cyber criminals. Recent highly publicized accounts of hackers breaching trusted retailers
More informationManaging Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec
Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics
More informationIncident Response Plan for PCI-DSS Compliance
Incident Response Plan for PCI-DSS Compliance City of Monroe, Georgia Information Technology Division Finance Department I. Policy The City of Monroe Information Technology Administrator is responsible
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationHosted Testing and Grading
Hosted Testing and Grading Technical White Paper July 2014 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or
More informationDon t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks
Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently
More informationPatrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS
Patrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS I want you to take home four points Understand Educate Collaborate Prepare It s a great
More informationPreventing Corporate Account Takeover Fraud
Preventing Corporate Account Takeover Fraud Joe Potuzak Senior Vice President Payment Solutions Risk Manager Member FDIC 1 About Our Speaker Joe Potuzak is the Risk Manager for BB&T s Payment Solutions
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationCovered Areas: Those EVMS departments that have activities with Covered Accounts.
I. POLICY Eastern Virginia Medical School (EVMS) establishes the following identity theft program ( Program ) to detect, identify, and mitigate identity theft in its Covered Accounts in accordance with
More informationSHARING BEST PRACTICES IN INFORMATION SECURITY PREVENTION TIPS & RESPONSE TECHNIQUES
SHARING BEST PRACTICES IN INFORMATION SECURITY PREVENTION TIPS & RESPONSE TECHNIQUES 2 On June 3, 2009, Plante & Moran attended the Midwest Technology Leaders (MTL) Conference, an event that brings together
More informationHealth Care Data Breach Discovery Strategies for Immediate Response
Health Care Data Breach Discovery Strategies for Immediate Response March 27, 2014 Pillsbury Winthrop Shaw Pittman LLP Faculty Gerry Hinkley Partner Pillsbury Winthrop Shaw Pittman LLP Sarah Flanagan Partner
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationInformation Security Incident Management Guidelines
Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationCYBER INFORMATION SECURITY AWARENESS AND PROTECTION PRACTICES. Strengthening Your Community at the Organizational Level
CYBER INFORMATION SECURITY AWARENESS AND PROTECTION PRACTICES Strengthening Your Community at the Organizational Level Las Vegas, Nevada 2012 Security Awareness and Why is it Important? In today s economic
More information1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.
Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft
More informationCyber Security Management
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
More informationRetail/Consumer Client. Internet Banking Awareness and Education Program
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
More informationCyber Threats: Exposures and Breach Costs
Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationTODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures
TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing
More informationLIGC-ACC Presentation November 9, 2015
Bryan Frank, DDIS Info Sec Corp, panelist Jennifer M. Mone, Deputy General Counsel, Hofstra University, panelist Keith J. Frank, Partner, Forchelli, Curto, Deegan, Schwartz, Mineo & Terrana,. LLP, moderator
More informationSBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics
SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationCybersecurity Best Practices
Ten Essential Cybersecurity Best Practices Banking Business Employees Brought to you by: 1 Did you know? One in five small-to-medium-sized companies were the victims of cyber breaches in 2013.1 In 76%
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationIdentity Theft Protection
Identity Theft Protection Email Home EDUCATION on DANGER ZONES Internet Payments Telephone ID theft occurs when someone uses your personal information with out your knowledge to commit fraud. Some terms
More informationU. S. Attorney Office Northern District of Texas March 2013
U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate
More informationOKPAY guides. Security Guide
Название раздела OKPAY guides www.okpay.com Security Guide 2012 Contents SECURITY GUIDE Contents Introduction 1. OKPAY Security Overview 2. Security Tips 3. Security Center 3.1. Basic Protection 3.2. Email
More informationOVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft
OVERVIEW 2 1. Cyber Crime Unit organization 2. Legal framework 3. Identity theft modus operandi 4. How to avoid online identity theft 5. Main challenges for investigation 6. Conclusions ORGANIZATION 3
More informationCYBERSECURITY HOT TOPICS
1 CYBERSECURITY HOT TOPICS Secure Banking Solutions 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance CISSP, CISA, CRISC www.protectmybank.com
More informationHIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates
HIPAA Myths WEDI Regional Affiliates Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the
More informationIdentity Protection Guide. The more you know, the better you can protect yourself.
Identity Protection Guide The more you know, the better you can protect yourself. Be Aware According to a 2012 report, identity theft is one of the fastest growing crimes in America 1 and it can have serious
More informationOIG Fraud Alert Phishing
U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION Washington, D.C. 20507 Office of Inspector General Aletha L. Brown Inspector General July 22, 2005 OIG Fraud Alert Phishing What is Phishing? Phishing is a
More informationWebsite Privacy Policy Statement
Website Privacy Policy Statement This website ( CRSF Website ) is operated by Cal Ripken, Sr. Foundation, Inc. ( Company ) and this policy applies to all websites owned, operated, controlled and otherwise
More informationDissecting the Recent Cyber Security Breaches. Yu Cai School of Technology Michigan Technological University
Dissecting the Recent Cyber Security Breaches Yu Cai School of Technology Michigan Technological University Disclaimers Most information in this presentation was collected from various sources on the Internet.
More informationWebsite Privacy Policy Statement. 1519 York Rd Lutherville, MD 21093. We may be reached via email at julie@juliereisler.com.
Website Privacy Policy Statement This website juliereisler.com is operated by Empowered Living, LLC and this policy applies to all websites owned, operated, controlled and otherwise made available by Company,
More informationProtecting Yourself from Identity Theft
Protecting Yourself from Identity Theft Identity theft is everywhere. In fact, according to a 2013 report by Javelin Research, there is one incident of identity fraud every two seconds. While we cannot
More informationPlan of Attack 5 Step Plan
Plan of Attack 5 Step Plan Naming those Digital Assets Practicing Digital Doomsday Training + Policies and Procedures Technology Tuning Security in the Supply Chain Next Steps Sample Plan 0 to 30 Days
More informationPROTECTING YOURSELF FROM IDENTITY THEFT. The Office of the Attorney General of Maryland Identity Theft Unit
PROTECTING YOURSELF FROM IDENTITY THEFT The Office of the Attorney General of Maryland Identity Theft Unit CONTENTS 1) What is Identity Theft? 2) How to Protect Yourself From ID Theft. 3) How to Tell If
More informationThe Cancer Running Through IT Cybercrime and Information Security
WHITE PAPER The Cancer Running Through IT Prepared by: Richard Brown, Senior Service Management Consultant Steve Ingall, Head of Consultancy 60 Lombard Street London EC3V 9EA T: +44 (0)207 464 8883 E:
More informationAdvanced Security Methods for efraud and Messaging
Advanced Security Methods for efraud and Messaging Company Overview Offices: New York, Singapore, London, Tokyo & Sydney Specialization: Leader in the Messaging Intelligence space Market focus: Enterprise,
More informationThe Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015
The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationInformation Security Awareness
Corporate Account Takeover & Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation
More informationMEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO
E MARITIME SAFETY COMMITTEE 95th session Agenda item 4 MSC 95/4/1 5 March 2015 Original: ENGLISH MEASURES TO ENHANCE MARITIME SECURITY Industry guidelines on cyber security on board ships Submitted by
More informationdeveloping your potential Cyber Security Training
developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company
More informationIdentity Theft: An Introduction to the Scope of the Crime, and Its Prevention, Detection and Remediation
Identity Theft: An Introduction to the Scope of the Crime, and Its Prevention, Detection and Remediation June 2009 Cairo, Egypt Joanna P. Crane Identity Theft Program Manager Senior Attorney The views
More informationCommon Data Breach Threats Facing Financial Institutions
Last Updated: February 25, 2015 Common Data Breach Threats Facing Financial s Although exact figures are elusive, there is no question that the number of data security breaches both reported and unreported
More informationA Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014
A Small Business Approach to Big Business Cyber Security Brent Bettis, CISSP 23 September, 2014 1 First, a Video http://www.youtube.com/watch?v=cj8wakqwlna 2 3 Agenda Threat Landscape Strategic Initiatives
More informationHIPAA Information Security Overview
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
More informationStatement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives
Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations
More informationDATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET
DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET 2014 NSGA Management Conference John Webb Jr., CIC Emery & Webb, Inc. Inga Goddijn, CIPP/US Risk Based Security, Inc. Not just a big business problem
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationCybersecurity and Privacy 2015: Presentation to Institute of International Bankers
Cybersecurity and Privacy 2015: Presentation to Institute of International Bankers Sue Ross Senior Counsel Norton Rose Fulbright US LLP October 27, 2015 Speaker Sue Ross Senior Counsel Norton Rose Fulbright
More informationNetwork Security Policy: Best Practices White Paper
Security Policy: Best Practices White Paper Document ID: 13601 Introduction Preparation Create Usage Policy Statements Conduct a Risk Analysis Establish a Security Team Structure Prevention Approving Security
More information