Lessons from Beyond Tolling: Securing and Managing Data

Fred Philipson, Cognizant Technology SolutionsJuly 2017

Who can’t be hacked?

Where is the law enforcement?

Who are these attackers?

Why are they so successful?

What can we learn from others and apply to our organizations?

3

Attacks and Motives Over TimeTime Period Typical Attackers Goals /

MotivationsExamples

Mid 1980’s to early 2000’s Mostly individuals or small teams

Disruption, Hacktivism Worms (Morris, Nimba, Code Red, SQL Slammer)

Early to mid 2000’s Organized groups of cybercriminals

Theft, Fraud - Money is the motivation

Phishing, Identity Theft, Data Theft, Click Fraud, Pharming

Mid 2000’s to 2013 Nation-states Steal intellectual property, identify dissidents, disruptnuclear arms development

Watering Holes

2013 and afterward Cybercriminals and Nation-states and individuals

Mass identity theft and credit card theft

Target, Home Depot, Anthem, JPMChase

2015 Security researchers Safety Jeep / Chrysler

everything is becoming networkable.

Reduce risk and be ready. Balance this. Like a Ninja.

12

Root Causes of Breaches & ConclusionsBreaches Root causes

Target (2014), OPM (2013-2015), Experian (2015) Third-party suppliers (which in turn had a root cause from below)

Target (2014), JPMChase (2014) Spear Phishing

Aurora (2009), Watering Hole (2013), Target (2014), Experian (2015)

Malware / Drive-by-downloads (browser or plug-in vulnerabilities, point-of-sale malware)

JPMChase (2014), OPM (2013-2015) Lack of authentication or two-factor authentication

Anthem (2015), Target (2015), Experian (2015) Stolen credentials

• Most attacks are perpetrated using known vulnerabilities• Compliance does not guarantee security; most compromised organizations were compliant and passed

their audits• About half of the breaches are caused by malicious intent and the other half via human error• “Data stewardship” needs to be every employee’s responsibility. Security is not just the responsibility of

the information security team. At best, the information security team members are the shepherds, guides, and “force multipliers” for security initiatives

13

Lessons from Beyond Tolling

Watch the third parties: Even if you’ve vetted your organization’s information security set up, when you connect to a third party, they must be at the same standard – if they get hacked, you can get hacked

Educate your users to reduce the risk of Spear Phishing and Malware attacks

Add two-factor authentication: Something you know and something you have, e.g. know a password and have a phone or fingerprint

Employ effective restrictions of user rights; rights to install software, install data loss prevention software, mine email, sms, other communications

Maintain Best Practice Security Policies: Maintain up-to-date antivirus, apply patches for OS and apps immediately after testing, pen test and remediation

Mitigate ransomware incidents via backups, anti-virus software, promptly applying security patches, avoiding malicious links. https://www.nomoreransom.org/ for more

Tokenize. When tokens replace live data in systems, it minimizes exposure of sensitive data, reducing risk of compromise or accidental exposure and unauthorized access to sensitive data

Create an Incident Management Planand practice

ProcessPeople Technology

Fred Philipson @ Alfred.Philipson@Cognizant.com or 512.751.8411