I ve been breached! Now what?

Transcription

1 I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK

2 The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have been 591 reported breaches, exposing more than 175,443,888 individuals personally identifiable information (PII), payment card details, protected healthcare data (PHI), and/or other private information. Average number of breached records per incident. GERMANY 24,103 UNITED STATES 591 BREACHES UK 21,695 DID KNOW? YOU FRANCE 20,650 AUSTRALIA 19,214 CANADA 20,456 ITALY 18,983 90% of organizations have already been breached Organizations collecting and storing data on customers, employees, students, patients, etc. are responsible for protecting data in accordance with all relevant domestic and international regulations including the Data Privacy Acts, PCI DSS, and HIPAA, to name a few. at least once. 2 THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK 3 THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK

3 Cryptzone NEWS THE UNITED STATES OFFICE OF PERSONNEL MANAGEMENT (OPM) The OPM reported that PII and possibly security clearance credentials of 21.5 million federal employees were stolen. A Closer Look at Some Recent Headline Making Breaches. Home Depot Cyber Attack What will a BREACH COST me? Home Depot experienced a cyber attack targeted at their payment terminals, which left approximately 56 million credit and debit card numbers exposed. ANTHEM INC. DATABASE Hackers gained access to an Anthem Inc. database containing PII on 80 million of the health insurer's customers and employees. Target estimates that about 42 million people had their credit or debit information stolen, according to the court documents. A breach at JPMC compromised account information for 83 million households and small businesses. $3.79 $1.57 Average total cost of data breach globally Vodafone Germany said personal details of more than 2 million of its German customer base have been stolen by a hacker. Millions of ebay user accounts hacked Hackers successfully stole ebay credentials to gain access to personal records of 233 million users. 4 THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK $154 PER RECORD $0.17 $0.99 Average loss of business from a breach Average cost paid for each lost or stolen record containing sensitive information Cost to notify victims of a data breach Estimated data breach costs associated with detection and escalation 5 THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK

4 I only have to worry about outside threats. Only 45% of Cyber Attacks are caused by Outsiders 45% OUTSIDE THREATS Phishing Scams Vulnerabilities Mobile access Malware DDOS Attacks Unsecure third party access Nation-state sponsored espionage / IP theft Right? 55% of Cyber Attacks are caused by Insiders 31.5% MALICIOUS INSIDERS IP Theft Insider Espionage Theft of sensitive or customer data for personal gain Disgruntled employees 23.5% INADVERTENT ACTORS Phishing incidents resulting in stolen credentials Sensitive information reaching incorrect recipients Publishing nonpublic data to a public website Incorrect disposal of medical or customer information Regardless of the source of a breach, you need to take steps to harden your environment to better defend your networks and applications. 7WAYS TO PROTECT AGAINST BREACHES SECURITY Think beyond the firewall - Guarding the front door is important, but once someone accesses your internal network, the firewall alone won t prevent them from getting into unlocked doors and the data behind them. Ensure your antivirus and anti-malware is up to date - Check the security posture of clients connecting to your network and prevent access if necessary, to prevent malware from propagating throughout the enterprise. Classify and Encrypt sensitive data - Multiple layers of controls offer a defense in depth security strategy. Be sure to classify and restrict access to sensitive data to limit audience, and encrypt data containing PII, PHI, and PCI to ensure it remains secure no matter where it is. Employ two-factor authentication - Two factor authentication is astronomically more secure than passwords. Amplifying the security level before network access from remote, untrusted networks, or before using highly privileged user accounts, establishes additional context around appropriate data access. Prevent the unauthorized distribution of confidential documents - Restrict downloading, copying, ing or printing to stop sensitive data from PII to IP from leaking out of your organization. Control privileged user access - Who within your organization has a god view of everything? Limit access to the tools and resources privileged users require for their role, rather than giving them unrestricted access to systems. Keep an audit trail - Track access to systems, applications and individual content. This will help you identify suspicious behavior and take action, as well as provide an audit trail in the event of a breach. 6 THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK 7 THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK

5 SOURCES Identity Theft Resource Center, 2015 Breach List ICO, Data Breach Trends, October 6, 2015 Ponemon Institute Survey - IBM, 2015 Cost of a Data Breach, IBM 2015 Cyber Security Intelligence Index TechWorld, The UK s 10 most infamous data breaches, March 17, 2015 Business Insurance, Store s data breach reveals payment card liability quandary, July 5, 2015 CBS News, Target agrees to pay $10 million to data breach victims, March 18, 2015 ZDNet, Anthem data breach cost likely to smash $100 million barrier, February 12, 2015 Cryptzone Network Security Survey, April 2015 Verizon 2015 Data Breach Investigations Report Copyright 2015 Cryptzone North America. Inc.