Data risks and Technology Trends. Stephen Reyes Saltmarsh, Cleaveland & Gund

Transcription

1 Data risks and Technology Trends Stephen Reyes Saltmarsh, Cleaveland & Gund

2 RFID as Security

3 How to clone RFID

4 Custom Built RFID Scanner

5 Scanner bag

6 Steps to help secure RFID entry systems Newer, higher frequency devices (Like contactless smart cards) use encryption that is somewhat harder to clone Tell employees not to wear badges outside of bank buildings Separate ID badges from access control Use RFID card shields when cards not in use Use tamper-proof screws on all external readers Add video to all external and sensitive areas protected by RFID systems

7 Steps to help secure RFID entry systems (Cont) Add 2-factor authentication using biometric or PIN as well as card for entry or authentication Deploy security systems with anomaly detection software Pair entry with monitored alarm systems

8 Recent items causing risk changes in Bank IT Large retail CC Breaches Google Map Hacking Social Media Mobile Devices (BYOD) Tablet Computing (BYOD) Sophisticated Phishing Virtualization Increased reliance on vendors Cloud Computing

9 Social Media Not much change this year other than increased adoption Banks realizing the need to review/update SM policies Questions about control of content added by employees Banks need to watch alternate information sites such as Google Maps, yelp, Wikipedia, etc. for information posted by others

10 Mobile Devices More mobile devices than traditional computing Have become the tool of choice by many in banking Now have the ability to store very large amount of data. Even have local databases! Increased allowance of BYOD Maturation of management software AirWatch Mobile Iron Zenprise Exchange?? The Wild Wild West of computing (Criminals will attack)

11 Tablet Computing Similar to Mobile devices Replacing Board Committee packages Could become customer interface or kiosk Cheap POS platform

12 Virtualization Adoption rate is high and growing All banks of any size should consider Considerable benefits DR improvements Hardware utilization Reduce cooling requirements Test environments Need to have qualified staff or vendors Training of staff is valuable

13 Increased reliance on vendors Not necessarily bad Provides access to increased experience and qualifications Can prevent reliance on individuals Can provide DR opportunities Must be managed Increased attention by regulators on VM and VM review processes Changes in audit standards Does not diminish the responsibility of the board of directors and management

14 Cloud Computing Great opportunities Adoption slow by banks (As it should be) Where is your data when using cloud vendors? In US? Overseas? Reporting requirements? Audit coverage Data Classification Encryption How cloud can sneak into your environment Mobile devices (BYOD) Vendors Sub-vendors Office 365

15 Technology Predictions 2013 Virtualization becomes the norm Rapid advance in mobile device control Additional video content ATM Kiosk Social Media Vine? Transition from XP to Windows 7 Windows 8 will be skipped Biometrics Customer Compliance with PCI or other

16 Technology Predictions 2013 Expanded Encryption (workstation, Communication lines) Management of Encryption Banks will become better consumers of vendor audit products as they pertain to information systems We have seen examples of falsified reports Change in licensing models Office 365

17 Technology Predictions 2014 iphone 8

18 Technology Predictions 2014 Advances in alternate payment systems(credit Card Replacement) Smart phone most likely candidate New attacks on mobile devices Proliferation of virus for mobile devices Virtualization becomes the norm (Cont) Rapid advance in mobile device control (cont) Windows 8 will be skipped (Cont) RFID vulnerabilities exploited

19 Technology Predictions 2014 Expanded Encryption (workstation, Communication lines) Management of Encryption Banks will become better consumers of vendor audit products as they pertain to information systems We have seen examples of falsified reports Further adoption of Office 365 by financial institutions More retail uses for tablets (and more risk) More android installs on alternate uses than on cell phones