Title: Assessing Data Security Risks: Learning From Recent Breaches
1Assessing Data Security Risks Learning From
Recent Breaches
- Lenny Zeltser
- Security Consulting Manager, Savvis
2A data security breach can be a major disruption
to business.
3Complexities of making risk decisionscan be
overwhelming.
4As a result, status quo often leaves
vulnerabilities.
5Learn from recent breaches to tighten your
security mechanisms.
6Large-Scale Breaches
7?
Sports Authority
Forever 21
DSW
Boston Market
OfficeMax
BJs
Dave Busters
Barnes Noble
TJX
83-Year Undercover Operation
- Belarus ????????
- Unknown Delpiero
- US Gonzalez, Scott, Toey
- China ??, ???
- Ukraine ??????????, ?????, ???????, ???????
Belarus Pavolvich Unknown Delpiero US
Gonzalez, Scott, Toey China Chiu, Wang Ukraine
Yastremskiy, Burak, Storchak, Suvorov
9Foot in the Door
- Wardriving
- SQL injection
- Social engineering
10A sniffer captured magnetic stripe data and PINs.
11Malware helped in a breach of millions of credit
and debit card transactions.
Heartland Payment System
12- How would an attacker get a foot in the door?
- What is your flow of sensitive data?
- What are your malware defenses?
13Malicious Insider Breaches
14Employee used customer data to set up new
accounts and cash out. (380,000)
Citi
15Employee downloaded and sold customer data.
(60,000)
Countrywide Home Loans
16Contractor attempted to destroy data on 4,000
servers after being fired.
Fannie Mae
17- Do employees have just the access they need?
- How can you detect and block data leaks?
18Process Breaches
19Digital photo frames infected during QA.
Sams Club
Best Buy
20202,000 sensitive letters mailed to wrong
recipients.
Blue Cross and Blue Shield of GA
21Personal details of 9,000 people emailed,
believed to be sample data.
ADP
22- How do you share sensitive data?
- How can you detect and prevent processing errors?
23So What?
24As data increases in value, the impact of a
security breach can grow in severity.
25Ask questions to understand your security posture.
26- How would an attacker get a foot in the door?
- What is your flow of sensitive data?
- What are your malware defenses?
- Do employees have just the access they need?
- How can you detect and block data leaks?
- How do you share sensitive data?
- How can you detect and prevent processing errors?
27It is better to know some of the questions, than
all of the answers.
Happy to chat