90% of health insurers surveyed have had a data breach 3. 72% increase in cyberattacks against healthcare companies occurred between 2013 and
|
|
- Allan Bryan
- 8 years ago
- Views:
Transcription
1 Health Savings Account (HSA) Data security and employee benefits providers by Elon Ginzburg, Information Security Officer, Wells Fargo Wholesale Banking Information security is a critical corporate responsibility. High-profile breaches make national and international headlines, with impacts across the spectrum. Financial liability to your customers may lead the way, but close behind are damages to your brand, negative public relations, loss of consumer trust, and the expense to mitigate the breach. In this paper, we will explore the entities committing the crimes that result in these breaches, what they hope to accomplish, common tactics used today, and the controls that organizations are putting in place to keep attackers at bay. With recent healthcare breaches, companies are zeroing in on their employee benefits providers. Healthcare records contain personally identifying information, and employers want to understand the potential risk of sharing data with the vendors they use, including Health Savings Account (HSA) administrators. Recent breaches bring added scrutiny to security for organizations The stakes are increasing as the pace of high-profile breaches escalates. The average cost of a data breach is now $3.8 million. 1 Security is no longer the siloed domain of IT professionals. It now receives board-level attention, as no company wants to be in the headlines, and no executive wants to lose their job over a data breach. The past few years have shown that legacy technologies are less effective at detecting advanced malware and new threats, which are growing in volume and sophistication. As a result, there is a tremendous need for companies to upgrade their information and cyber defense programs and invest in next-generation security solutions. Healthcare is hard hit by security breaches The healthcare industry has been profoundly impacted by cyberattacks. The recent Anthem breach affected as many as 80 million Americans and included names, addresses, and Social Security numbers. More than 90% of health insurers surveyed have had a data breach, and 0% have had more than five, over the past two years. 3 This has served as a wake-up call to some HR leaders, since employers may share detailed employee Breaches are directly affecting the healthcare industry: 90% of health insurers surveyed have had a data breach 3 7% increase in cyberattacks against healthcare companies occurred between 013 and million Americans were affected by the recent Anthem breach 10x A person s medical information is worth 10 times more than his or her credit card number on the black market 5 information with many benefits vendors. A person s medical information is worth 10 times more than their credit card number on the black market. 5 Who are the hackers and what are they trying to accomplish? Cyberspace has experienced a significant growth in the number, type, and sophistication of malicious entities. These include nation-states, organized crime, hacktivists, and cyberterrorists groups with sizable resources and enough patience to probe until they find something they can exploit.
2 Impact of breaches has far reach: $3.8 million is the average cost of a data breach 1 10% increase in total breaches occurred between 013 and million identities were exposed by cybercriminals in ,000 pieces of malware are being deployed every day. Malware is responsible for 95% of stolen data and twothirds of all breaches days Are companies responding quickly enough? is the number of days on average that a breach goes undetected 6 Breaches are causing organizations to double down on data security of respondents say their organizations made sure the IT function had the budget necessary to defend itself from data breaches 99.9% of exploitations happen at least one year after a patch was announced 6 7% of organizations enhanced tools and personnel to contain and minimize breaches of victims investigated by Mandiant did not discover the breach themselves, but were informed by a third party of organizations enhanced their budgets to defend the company from data breaches The Target breach was a turning point: Management is more concerned about data breaches now than they were before the Target breach. Management concern about breach on a 10-point scale Before Target 7.8 After Target Before the Target breach, only 13% of respondents thought senior management was extremely concerned (ranked as a 9 or 10) about a possible data breach. After Target, that rose to 55%. Before Target 13% After Target Percentage of respondents who thought senior management was extremely concerned about possible data breach 55%
3 Certain nation-states have moved from traditional government-level espionage to infiltrating private companies to get their intellectual property or, in some well-publicized cases, to cause them harm. Examples include China spying on an insurgent through a 010 Google hack 9 and Iran with distributed denial of service attacks against U.S. banks. 10 Some organized crime groups, with increasing sophistication, have turned to cyberattacks for financial gain. They plan and execute complex crimes, gathering detailed consumer data to sell personal identities and commit fraud. The recent Home Depot and Target attacks are suspected to have been perpetrated by organized crime units from Eastern Europe. Hacktivists are activists who try to further their social protest agendas on the web by disrupting businesses. They typically have nonfinancial motivations, but are looking to gain power or to simply disrupt business or society similar to cyberterrorists, whose main objectives are also to gain power and cause disruption. Current tactics and tools While attack methods vary and continue to evolve, the most common tactics currently include social engineering, exploiting vulnerabilities in webfacing infrastructure, and gaining access through third parties. Social engineering. Social engineering is a nontechnical way of breaching an organization that relies on tricking people into circumventing certain security procedures. Imposter fraud is a current example of social engineering, where a fraudster poses as a company executive and initiates a fraudulent wire transfer. Social engineering typically involves many steps before achieving results, and having procedural controls in place for key organizational processes can help alleviate the risk. Training and awareness, as well as checks and balances, are the controls typically used by companies today to combat breaches that involve social engineering. Exploiting vulnerabilities in web-facing infrastructure. The 01 J.P. Morgan Chase & Co. breach was executed through their public website hackers found a misconfigured remote-access server and gained access to 80 million records.11 External websites are the most likely to be attacked, since they are publicly available. Coding vulnerabilities can allow external access to your systems and allow for malware to be deployed. Malware is malicious software that can help someone gain unauthorized access to systems. Once in, the intruder can expand their footprint into other areas of the business. Hacking through third-party vendors. In highprofile breaches, such as the recent Target breach, the hacker looked for the weakest link a third-party system that had access to Target s main systems.1 The third-party vendor didn t have the same level of sophisticated security parameters in place that Target had, which illustrates the challenge with outsourcing and highlights the importance of being sure that the vendors your company works with have effective oversight of their outsource partners. What are the key controls an organization should have in place today? Security experts suggest focusing on the following key areas to help control the risk of potential data breaches. These controls are generally expensive and require ongoing commitment at the highest levels of the company. Staying up-to-date with software patches issued by software companies. Patches fix flaws in software programs that have been exposed by hackers. Having the patch in place will prevent hackers from exploiting the loophole, yet many organizations don t stay current with patches, or it takes months to get a new patch deployed. A recent Verizon study found that 99.9% of exploits happened when known vulnerabilities remained unpatched for at least a year after the patch was announced meaning companies were slow to respond and remediate known flaws. Implement data encryption for all transactions. Comprehensive data encryption makes it nearly impossible to do anything with the data if it s stolen. Encrypting data immediately, at the point of entry into systems, keeps hackers at bay. Vulnerability management of web-facing systems. Ongoing review of web-facing code and environmental scans to detect and remediate vulnerabilities are baseline components of advanced security programs. Third-party vendor management programs. Strong due diligence and oversight of vendors is another key control for limiting the potential of breaches. Auditing vendors can be time-consuming and expensive, but since outsourcing is so common today, companies need to be vigilant about choosing vendors whose security programs have been validated. 3
4 Key controls an organization should have in place Staying up-to-date with software patches issued by software companies Patches fix flaws in software programs that have been exposed by hackers. Having the patch in place will prevent hackers from exploiting the loophole. Implement data encryption for all transactions Comprehensive data encryption makes it nearly impossible to do anything with the data if it s stolen. Encrypting data immediately, at the point of entry into systems, keeps hackers at bay. Vulnerability management of web-facing systems Ongoing review of web-facing code and environmental scans to detect and remediate vulnerabilities are baseline components of advanced security programs. Third-party vendor management programs Strong due diligence and oversight of vendors is another key control for limiting the potential of breaches. Multi-factor authentication Multi-factor authentication programs require two or more factors to authenticate users before they can access systems. Factors include personal information, unique biometric identifiers, and something in the user's possession, such as a security number on their credit card. Appropriate insurance coverage Many insurance carriers offer network security and privacy coverage. Employers should consider having this in place so they can transfer the financial injury to an insurance product in the event of a breach. Multi-factor authentication. Multi-factor authentication programs are considered a security best practice. These programs require two or more of the following three factors to authenticate users: something the user knows (such as a password or the last of four digits of their SSN), something the user has (such as a mobile phone or the security number on the back of their credit card), and something the user is (biometrics, such as their voice or fingerprint). Appropriate insurance coverage. Many insurance carriers are offering network security and privacy coverage. Employers should consider having this in place to transfer the financial injury to an insurance product in the event of a breach. HSA programs and data security HSAs are an integral part of many employee benefit programs, and HR leaders are now questioning the security environments of the vendors they choose. Some HSA administrators outsource key parts of their HSAs to other vendors, increasing the risk of potential breaches. However, HR decision makers are ramping up their due diligence and verifying that each of their vendors has advanced security and compliance parameters in place, as well as an ongoing commitment to improving and adapting as the security environment changes. Information security is key to maintaining trust in relationships with customers; advanced information security programs are now a competitive advantage. At Wells Fargo, security is everyone s business Wells Fargo has a long-standing focus on data security. Although there are no silver bullets, Wells Fargo deploys a defensive in-depth strategy. This strategy includes controls across multiple systems, processes, and organizational activities. Secure coding, web monitoring, and infrastructure management including network and hardware monitoring and encryption are ingrained in our culture and are part of our everyday business.
5 The Wells Fargo HSA is built on in-house technology Information security is a critical priority at Wells Fargo, and the Wells Fargo HSA is built on our proprietary banking and investment platform, which helps us keep tight control of the security environment. Our commitment to data security includes an enterprise software patching management program, which ensures that we are monitoring and adding software patches as they become available. Data shared outside Wells Fargo is encrypted, and the vendors that support our HSA services (such as Welcome Kit mailings) are subject to a rigorous vendor management program. All our web-facing applications, including our Commercial Electronic Office (CEO ) platform and Online Banking, have ongoing vulnerability management in place. Additionally, multi-factor authentication is required for high-risk online transactions, money movement, and account setup. Contact us for more information on the Wells Fargo HSA Our clients value the Wells Fargo commitment to data security and choose us for our in-house, standalone HSA solution. For more information about the Wells Fargo HSA, contact us at or visit wellsfargo.com/hsa. Elon Ginzburg is responsible for managing information security across the Wholesale division of Wells Fargo, which offers businesses a large selection of products and services including treasury management, insurance, asset management, investment banking, and Health Savings Accounts (HSA). Elon has more than 0 years of diverse financial services experience, bridging the gap between technology and business by managing complex and technology-heavy projects. Over the past 10 years, Elon has focused on information security. Prior to Wells Fargo, Elon worked with Barclays Global Investors, Barclays Capital, and Investor Bank and Trust. Elon served in the Israeli Defense Forces as a soldier, sergeant, and officer in an infantry and parachuting unit. He has a B.Sc. in industrial engineering and management from the Technion (Israel s institute of Technology), and a M.Sc. in information security from Western Governors University. When he is not at work, Elon enjoys spending time with his two daughters and having fun in the great outdoors. 1 Ponemon Institute. USA Today. Massive breach at healthcare company Anthem. February 5, Ponemon Institute s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data. Ponemon Institute. "01: A Year of Mega Breaches." January, Reuters. Your medical record is worth more to hackers than your credit card. September, Verizon Data Breach Investigation; increase is from 013 to Symantec; increase is from 013 to McAfee. 9 BBC News. China leadership orchestrated Google hacking. December, New York Times. Bank Hacking was Work of Iranians, Officials Say. January 8, Wall Street Journal. Bank Hackers Stole Millions Using Remote Access Tools. February 16, Computer World. Target breach happened because of a basic network segmentation error. February 6, 01. This article provides a high-level summary of current data security best practices and suggestions. Wells Fargo Health Benefit Services (HBS) does not provide data security advice. Consult with your attorney or risk management consultant for guidance on the steps your business can take to reduce data security risk. Deposit products offered by Wells Fargo Bank, N.A. Member FDIC. 015 Wells Fargo Health Benefit Services, a division of Wells Fargo Bank, N.A. All rights reserved. WCS-1679 (8/15) 5
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationStatement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives
Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationFinding a Cure for Medical Identity Theft
Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY
More informationRETHINKING CYBER SECURITY
RETHINKING CYBER SECURITY CHANGING THE BUSINESS CONVERSATION INTRODUCTION Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time,
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationCyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private
More informationRETHINKING CYBER SECURITY
RETHINKING CYBER SECURITY Introduction Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time, the traditional cyber security vendor
More informationCyber Security Threats: What s Next and How Do We Reduce the Risks?
Cyber Security Threats: What s Next and How Do We Reduce the Risks? Agenda Cyber Security: A necessity! What threats exist today? What does the future hold? How do we reduce the risks? Key for Risk Reduction
More informationImpact of Data Breaches
Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:
More informationSecurity for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape
White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions
More informationPENETRATION TESTING GUIDE. www.tbgsecurity.com 1
PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationReducing the Cost and Complexity of Web Vulnerability Management
WHITE PAPER: REDUCING THE COST AND COMPLEXITY OF WEB..... VULNERABILITY.............. MANAGEMENT..................... Reducing the Cost and Complexity of Web Vulnerability Management Who should read this
More informationTHE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationCyber Security Management
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
More informationEY Cyber Security Hacktics Center of Excellence
EY Cyber Security Hacktics Center of Excellence The Cyber Crime Underground Page 2 The Darknet Page 3 What can we find there? Hit men Page 4 What can we find there? Drug dealers Page 5 What can we find
More informationTop Ten Fraud Risks That Impact Your Financial Institution. Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC.
Top Ten Fraud Risks That Impact Your Financial Institution Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC Agenda Education on understanding the fraud risk Take away.. Education to
More informationCYBER SECURITY THREAT REPORT Q1
CYBER SECURITY THREAT REPORT Q1 Moving Forward Published by UMC IT Security April 2015 0 U.S. computer networks and databases are under daily cyber-attack by nation states, international crime organizations,
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationCyberSecurity for Law Firms
CyberSecurity for Law Firms Cracking the Cyber Code: Recent Headlines, Reinforcing the Need and Response Planning July 16, 2013 Making the Case Matthew Magner Senior Underwriting Officer Chubb & Son, a
More informationCombatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation
Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting
More informationThe SMB Cyber Security Survival Guide
The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today
More informationDevice Hardening, Vulnerability Remediation and Mitigation for Security Compliance
Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance Produced on behalf of New Net Technologies by STEVE BROADHEAD BROADBAND TESTING 2010 broadband testing and new net technologies
More informationA Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014
A Wake-Up Call? Fight Back Against Cybercrime Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014 1 Coalfire Background Leading Information Security Consulting Firm Offices: Atlanta,
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationBuilding The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord
Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationFERPA: Data & Transport Security Best Practices
FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require
More informationCYBERSECURITY IN HEALTHCARE: A TIME TO ACT
share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity
More informationINFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT. October 2013. Sponsored by:
2013 INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT & October 2013 & INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT: The Third Annual Survey on the Current State of and Trends in Information
More informationHacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking
Hacking Book 1: Attack Phases Chapter 1: Introduction to Ethical Hacking Objectives Understand the importance of information security in today s world Understand the elements of security Identify the phases
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationDefending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationInternal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015
Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More informationBiocryptology is an encryption-based. entry to a network or the Internet that. are vulnerable to third parties through
Biocryptology is an encryption-based authentication technology that represents a generational step forward in online security and a transformative approach to combating cybercrime. entry to a network or
More informationCybersecurity: Emerging Legal Risks
Cybersecurity: Emerging Legal Risks Data Breach Cyber Liability Seminar April 17, 2015 By: Tsutomu L. Johnson tj@scmlaw.com Overview of 2014 Data Breaches: JP Morgan, Home Depot, P.F. Chang s, Healthcare.gov,
More informationStatement for the Record. Martin Casado, Senior Vice President. Networking and Security Business Unit. VMware, Inc. Before the
Testimony Statement for the Record Martin Casado, Senior Vice President Networking and Security Business Unit VMware, Inc. Before the U.S. House of Representatives Committee on Science, Space, and Technology
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationData Breach Lessons Learned. June 11, 2015
Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationJim Bray, Cyber Security Adviser InfoSight, Inc.
Best Practices for protecting patient data Training and education is your best defense! Presented by Jim Bray, Cyber Security Adviser InfoSight, Inc. 2014 InfoSight Cyber Security starts with education
More informationTransforming the Customer Experience When Fraud Attacks
Transforming the Customer Experience When Fraud Attacks About the Presenters Mike Young, VP, Product Team, Everbank Manages consumers and business banking products, as well as online and mobile banking
More informationTHE WHITE HOUSE Office of the Press Secretary
FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly
More informationWhite Paper. Data Breach Mitigation in the Healthcare Industry
White Paper Data Breach Mitigation in the Healthcare Industry Thursday, October 08, 2015 Table of contents 1 Executive Summary 3 2 Personally Identifiable Information & Protected Health Information 4 2.1
More informationGetting real about cyber threats: where are you headed?
Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a
More informationIncident Response. Proactive Incident Management. Sean Curran Director
Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationDefining the Value of Managed Security Services
August 2014 S P E C I A L R E P O R T Defining the Value of Managed Security Services CLOUD & COMMUNICATIONS Table of Contents Introduction... 3 What Is the Security Threat?... 4 What Is a Security Plan?...
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationWhy Data Security is Critical to Your Brand
Why Data Security is Critical to Your Brand Why security is critical to your brand Cybercriminals do not discriminate based on industry or business size. Security is expensive. At least, it is if you wait
More informationAdvanced Biometric Technology
INC Internet Biometric Security Systems Internet Biometric Security System,Inc.White Papers Advanced Biometric Technology THE SIMPLE SOLUTION FOR IMPROVING ONLINE SECURITY Biometric Superiority Over Traditional
More informationWhy is this National Cyber Security Month? Stephen G. Austin, CPA, MBA Swenson Advisors, LLP
Why is this National Cyber Security Month? Stephen G. Austin, CPA, MBA, LLP Created as a collaborative effort between government and industry to ensure every American has the resources they need to stay
More informationWho s next after TalkTalk?
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationPCI Risks and Compliance Considerations
PCI Risks and Compliance Considerations July 21, 2015 Stephen Ramminger, Senior Business Operations Manager, ControlScan Jon Uyterlinde, Product Manager, Merchant Services, SVB Agenda 1 2 3 4 5 6 7 8 Introduction
More informationWHITE PAPER. Preventing Wireless Data Breaches in Retail
WHITE PAPER Preventing Wireless Data Breaches in Retail Preventing Wireless Data Breaches in Retail The introduction of wireless technologies in retail has created a new avenue for data breaches, circumventing
More informationMedical Information Breaches: Are Your Records Safe?
Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationTop Fraud Trends Facing Financial Institutions
Top Fraud Trends Facing Financial Institutions Presented on: October 7, 2015, 2-3 ET Presented by: Ann Davidson - VP of Risk Consulting at Allied Solutions Webinar Agenda 1. Fraud trends in 2015 and beyond
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationCollateral Effects of Cyberwar
Your texte here. Collateral Effects of Cyberwar by Ilia Kolochenko for Geneva Information Security Day 9 th of October 2015 Quick Facts and Numbers About Cybersecurity In 2014 the annual cost of global
More informationThink STRENGTH. Think Chubb. Cyber Insurance. Andrew Taylor. Asia Pacific Zone Product Manager Chubb Pro PI, Media, Cyber
Think STRENGTH. Think Chubb. Cyber Insurance Andrew Taylor Asia Pacific Zone Product Manager Chubb Pro PI, Media, Cyber The World Has Changed Then Now 1992 first text message More txt s that the entire
More informationCyber Attacks and Liabilities Why do so many Organizations keep Getting Hacked, Sued and Fined?
Cyber Attacks and Liabilities Why do so many Organizations keep Getting Hacked, Sued and Fined? PRESENTED BY RICK SHAW, AWAREITY Webinar Objectives Employees (and third parties) are the weakest links Learn
More informationPCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv
PCI Compliance Are you at Risk? September 17, 2014 Dan Garrett/Matt Fluegge Vantiv Security Challenges Desirability of Data 80% of all data breaches is payment card data (Verizon RISK team assessment)
More informationNational Cybersecurity Awareness Campaign
National Cybersecurity Awareness Campaign About Stop.Think.Connect. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department of Homeland Security with creating an ongoing
More informationAnatomy of a Healthcare Data Breach
BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationHow Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
More informationWhite Paper: Are there Payment Threats Lurking in Your Hospital?
White Paper: Are there Payment Threats Lurking in Your Hospital? With all the recent high profile stories about data breaches, payment security is a hot topic in healthcare today. There s been a steep
More informationAccess is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More information東 京 電 機 大 学 国 際 化 サイバーセキュリティ 学 特 別 コース. Cyber Security in the Financial Sector
東 京 電 機 大 学 国 際 化 サイバーセキュリティ 学 特 別 コース Cyber Security in the Financial Sector GREG J. THOMPSON CISSP CANADA 1 Agenda 1. Introductions About me About Scotiabank 2. Definition of Cyber Security 3. Risks
More informationTHE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY
THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY BY DR. BRIAN MCELYEA AND DR. EMILY DARRAJ Approved for Public Release: Case # 16-0276 NORTHROP GRUMMAN WHITE PAPER 2016 Northrop Grumman
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More information