Surviving the Era of Hack Attacks Cyber Security on a Global Scale



Similar documents
Cybersecurity Workshop

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

CYBER-ATTACKS THE GLOBAL RESPONSE

PCI Compliance: How to ensure customer cardholder data is handled with care

Privacy, the Cloud and Data Breaches

Legislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence

2/9/2012. The Third International Conference on Technical and Legal Aspects of the e-society CYBERLAWS 2012

SecurityMetrics Vision whitepaper

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

Data Management Session: Privacy, the Cloud and Data Breaches

Matthew Howes Senior Vice President, Strategic Services inventiv Digital+Innovation

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Internet threats: steps to security for your small business

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

Cyber Security - What Would a Breach Really Mean for your Business?

White Paper on Financial Institution Vendor Management

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

PCI Compliance for Healthcare

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

Cyber Threats: Exposures and Breach Costs

Privacy in the Cloud: Data Protection and Security in Cloud Computing

The Evolution of Data Breaches

NATIONAL CYBER SECURITY AWARENESS MONTH

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

The era of hacks and cyber regulation

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014

May 14, Statement for the Record. On behalf of the. American Bankers Association. Consumer Bankers Association

Cloud Computing: Legal Risks and Best Practices

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

Cybersecurity and the Threat to Your Company

7 Steps to Protect Your Company from a Data Breach

Cyber Risks in Italian market

Summary of the Dutch Data Protection Authority s guidelines for the Data Breach Notification Act

The Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor

Collateral Effects of Cyberwar

CAGNY Spring 2015 Meeting Fundamentals of Cyber Risk. Brad Gow June 9th, 2015 Endurance

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

Cyber and Data Security. Proposal form

ITAR Compliance Best Practices Guide

Medical Information Breaches: Are Your Records Safe?

Article 29 Working Party Issues Opinion on Cloud Computing

Cyber/ Network Security. FINEX Global

Cyber Security Recommendations October 29, 2002

AB 1149 Compliance: Data Security Best Practices

Is the PCI Data Security Standard Enough?

Compromises in Healthcare Privacy due to Data Breaches

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Big Data for Law Firms DAMIAN BLACKBURN

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

OCIE Technology Controls Program

Frequently Asked Questions

CSR Breach Reporting Service Frequently Asked Questions

Privacy Law in Canada

Cyber Risks October

Cybercrime: risks, penalties and prevention

PCI (Payment Card Industry) Compliance For Healthcare Offices By Ron Barnett

A HELPING HAND TO PROTECT YOUR REPUTATION

CYBERSECURITY HOT TOPICS

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Guided HIPAA Compliance

Mitigating and managing cyber risk: ten issues to consider

Adobe Systems Software Ireland Ltd

Marble & MobileIron Mobile App Risk Mitigation

SECTION-BY-SECTION ANALYSIS

Identity Theft Regulation. *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA. *Corresponding Author, 490 Piya Wiconi Road-Kyle, South Dakota

Datacenter Hosting - The Best Form of Protection

How to get from laws to technical requirements

Cybersecurity: Emerging Legal Risks

Privacy Legislation and Industry Security Standards

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches.

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

Page 1. Copyright MFA - Moody, Famiglietti & Andronico, LLP. All Rights Reserved.

How-To Guide: Cyber Security. Content Provided by

BSA GLOBAL CYBERSECURITY FRAMEWORK

Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED March 2015

Is There Such a Thing as Internet Privacy?

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

TELEFÓNICA UK LTD. Introduction to Security Policy

What the Biggest Data Breaches in Retail Have Taught Us about Cyber Security

Cyberprivacy and Cybersecurity for Health Data

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Using AWS in the context of Australian Privacy Considerations October 2015

Acceptable Use Policy

Data, Privacy, Cookies and the FTC in Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

The HR Skinny: Effectively managing international employee data flows

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

Reducing Cyber Risk in Your Organization

INFORMATION SECURITY MANAGEMENT POLICY

Transcription:

Surviving the Era of Hack Attacks Cyber Security on a Global Scale Dr. Adriana Sanford ASU Lincoln Professor of Global Corporate Compliance and Ethics Clinical Associate Professor of Law and Ethics This presentation represents my own views and not those of any other person. Information Society Environments where new technologies can threaten the right to privacy Camera Phones Video Surveillance Email Spyware 2 1

Data-Driven Society 2013 Telefonica analysis based on Social and Digital Media Statistics 2013 from Mistmediagroup 3 Hack Attacks A wake of high profile data breaches Hacking and data breaches at major retailers Hackers breached the Twitter and the YouTube accounts of the U.S. military's Central Command, which oversees the war against Islamic State militants in Iraq and Syria (according to the Pentagon) 4 2

U.S. President Barack Obama January 2015 Speech at Federal Trade Commission Direct threat to the economic security of American families Proposed legislation to require companies to notify customers within 30 days of discovering customers personal information was exposed to hackers Federal protection for information collected from students, who increasingly are using computers, tablets and other electronic devices in the classroom 5 Financial Institutions The aftermath of these retail breaches Fraudulent charges made on compromised payment cards Cancellation and reissuance of compromised payment cards Lost profits Lost business opportunities 6 3

Companies/ Multinationals The aftermath of these retail breaches Implement global privacy programs Closely monitor compliance Raise awareness in connection with the cross-border data transfers that accompany international assignments marketing strategies internal investigations legal actions other business activities 7 Senior Executives & Supply Chain Leaders Need a sophisticated understanding of data information risk Many corporate cybersecurity attacks come through third parties that handle personal and confidential information --- often stealing credentials from those suppliers Companies can no longer financially afford to track only their top 25 suppliers, as legal expenses associated with a massive data breach can become insurmountable Companies must vigilantly manage every step of the information life cycle to ensure adequate protection along the supply chain and supporting systems 8 4

Senior Executives & Supply Chain Leaders Safeguards against cyber attacks Identify smaller or less significant suppliers that may have previously fallen off the radar and any servers that may be owned by subcontractors in foreign countries Check whether these suppliers have a history of data security breaches (such information is available by consulting industry sources) Request recent third-party audit reports on their data security systems to ensure that appropriate safeguards are in place to protect personal information 9 Criminal Hackers Motivations of attackers can be varied and complex Employ anonymous networks Encrypt communications Use virtual currencies in private forums referred to as darknets 10 5

Criminal Hackers An 83 page comprehensive report by RAND Corp. and Juniper Networks Inc. Hackers from the U.S., Russia and Ukraine hawk computer exploits for as much as US$300,000 on an underground market fueled by digital currencies (like Bitcoin) U.S. government and industry officials warn that digital attacks are becoming more sophisticated and dangerous 11 Data Brokers Often lack direct interaction with consumers. Consumers often lack the ability to correct inaccurate personal data or opt out of having personal information sold or shared Buy and sell consumer data (commercial, government, or other publicly available resources) Intertwine information to form a more detailed composite of consumers lifestyles, likes and dislikes Provide data not only to endusers, but also to a series of other data brokers in the industry 12 6

Pushing Privacy In The Name of Collecting Data Online services are developing at a rapid rate and businesses differ significantly in terms of how and why they collect your data Many data brokers have access to some of the most intimate details about your life, which they obtain from various different resources 13 A Data Broker s Database The problem is that some of them not only combine information, but then analyze the data to make inferences about consumers, including potentially sensitive inferences regarding consumer interests to then place consumers into categories Potentially cover one trillion dollars in consumer transactions Some of these businesses have the ability to add three billion new records each month to their databases 14 7

The Challenge Can potentially create security risks identity thieves may use information to predict passwords, challenge questions, or authenticate credentials Most consumers are not be aware of these categories Consumers generally do not have the ability to access this information Information can sometimes be stored indefinitely 15 Some Businesses that Collect Data Background research companies provide law enforcement information they collect by cameras mounted on parking garages, bridges and roads Other businesses provide credit information to businesses and consumers As you surf the web, others companies collect your computer s IP address or provide you information on your eighth-grade crush 16 8

Fragmented Data Protection Rules A global approach is necessary to alleviate operational challenges Make compliance costly for businesses Create uneven levels of protection for individuals Make it difficult to sell or shop cross-border for small and medium-sized companies 17 The Future of Privacy A global approach is necessary to alleviate operational challenges from the perspective of a global business Intercompany shared services Handling of HR and customer data Outsourcing to third-party providers Product development 18 9

Europe Data protection since the 1970s Strasbourg Convention of 1981 (Protection of Individuals with regard to Automatic Processing of Personal Data) EU Data Protection Directive 95/46 E-Privacy Directive 2002/58 (Privacy and Electronic Communications) 19 Europe Data protection since the 1970s Article 8 of the Charter of Fundamental Rights of EU (2009) Upcoming EU Data Protection Regulation 20 10

EU Data Protection Directive U.S. multinationals should not only be careful to abide by the EU directive, but also by each of laws of the EU countries Under the current EU system, each EU member has a data protection czar with responsibility for implementing the law There are civil and criminal penalties for violations The U.K. Information Commissioner s Office, for example, has the authority to fine companies up to 500,000 for noncompliance with the U.K. s Data Protection Act 21 The Future of Privacy Upcoming EU Data Protection Regulation Broad Extra-Territorial Application One-Stop-Shop Data Protection Officer The Right-To-Be-Forgotten Shorter Breach Notification Privacy by Design Privacy by Default Heftier Fines 22 11

Upcoming EU Data Protection Regulation Benefits of the reform Assure businesses and EU consumers alike consistent legislation and adequate protection Strengthen individual rights Tackle some of the current challenges to privacy 23 Providing a Basic Framework It is anticipated that upcoming EU Data Protection Reform will provide a basic framework for data privacy legislation to other regions and countries around the globe 24 12

The Future of Privacy Must be familiar with various new initiatives for cross border data transfers Companies must not only comply with local laws, but also often with the privacy laws of the jurisdictions where the individuals identified in the data reside In addition to the EU, a number of other countries have also recently enacted their own privacy legislation More than 89 countries have laws and regulations protecting data privacy 25 The Weak Link Vulnerabilities of digital information A single point of failure in one application can potentially give corporate hackers access to sensitive data Customer data could potentially be hosted on any of hundreds of servers owned by suppliers subcontractors around the world A weak link can create a direct threat to the economic security of American families 26 13

THANK YOU 27 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information