Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
How to customise
your background
1. Right click on your slide and click Format
Background.
3. Click on Fill then Picture or Texture Fill
and choose the image from your computer.
4. Click Picture on the Format Background
Menu to alter your image.
5. Choose Picture Colour to adjust the
Saturation, Tone, and Colour.
6. Choose Picture Correction to adjust the
Sharpness, Brightness, and Contrast.
2. Click Solid Fill then choose your colour
from the palette.
Solid Colour Background
Image Background
Data Breaches & Cyber : Understanding the Risk .
Alex Ricardo, CIPP/US Beazley Breach Response
Beazley plc
This presentation and content is not meant to be considered
professional legal advice.
The presenter is not a licensed attorney and all information
obtained from this presentation should be considered for
informational purposes only.
You should consult with a licensed privacy counsel for any
decisions surrounding your corporate privacy initiatives,
incident response plan or data breach response methodology.
Disclaimer
2
Beazley plc November 2017
A cyber breach isn’t always a disaster.
Mishandling it is.
Slide 3
Threat landscape
Beazley plc
The loss or disclosure of personal or sensitive data continues to be a huge concern and risk for companies.
2009:
2014
2015:
2016:
2017:
2018:
2019 Projection:
“Let’s go to the
tote board”
Beazley – Breach statistics
Managing breach incidents since 2009
Handled 750+ incidents
Handled 1,200+ incidents
Handled 1,900+ incidents
Handled 2,600+ incidents
Handled 3,300+ incidents
4,500+ incidents
As of 1/1/2019 – 11,000+ incidents
Slide 5 17 September, 2019
Beazley plc Source: Beazley – 2018 stats
Physical loss:
Breach Incidents – It’s not all cyber-related
17 September, 2019
5% of breach incidents involve physical loss
Accident or Unintended disclosure:
20% of breach incidents result from broken business practices
Company/3rd party:
30% of breach incidents are a result of a 3rd party
Slide 6
Approximately
Beazley plc
Unintended Disclosure
Paper / Physical Records
• Un-shredded Documents
• Dumpster Diving
• File cabinets – sold/donated
• Natural Disasters
• X-Ray Images
Where’s the Risk?
7
Beazley plc
Where’s the Risk?
8
Unintended Disclosure
Electronic assets
• Computers
• Smart phones
• Backup tapes
• Hard drives
• Servers
• Copiers
• Fax machines
• Scanners
• Printers
Leasing Contracts - Review
Beazley plc
Business Email Compromise
– 24% of 2018 incidents (vs 13% of 2017), 811 incidents in 2018 (vs 348 2017)
– Financial Institutions, Healthcare, Education
– MM (59%) vs SME (41%)
– Examples
– “CFO” email
– “HR – Payroll Form” email
– CEO “W2 Request” email
– Payroll Diversion emails
Where’s the Risk?
9
Beazley plc
Lost/Missing/Stolen Electronic Assets
• 6% of 2018 Incidents
• #1 issue with regulators
• encrypt – Encrypt – ENCRYPT!
• Unencrypted portable media exclusions
Where’s the Risk?
10
Beazley plc
Mishaps due to Broken Business Practices – Unintended Disclosure
• 20% of 2018 incidents (source: Beazley statistics)
• Industry Agnostic
Where’s the Risk?
11
Beazley plc
Rogue Employees
9% of 2018 incidents (source: Beazley statistics)
• Disgruntled
• Information Security / Information Technology
• Enticed
• Human Resources
• Call Centers
• Finance
Where’s the Risk?
12
How to customise
your background
1. Right click on your slide and click Format
Background.
3. Click on Fill then Picture or Texture Fill
and choose the image from your computer.
4. Click Picture on the Format Background
Menu to alter your image.
5. Choose Picture Colour to adjust the
Saturation, Tone, and Colour.
6. Choose Picture Correction to adjust the
Sharpness, Brightness, and Contrast.
2. Click Solid Fill then choose your colour
from the palette.
Solid Colour Background
Image Background
Beazley plc
Most Recent Threats
How to customise
your background
1. Right click on your slide and click Format
Background.
3. Click on Fill then Picture or Texture Fill
and choose the image from your computer.
4. Click Picture on the Format Background
Menu to alter your image.
5. Choose Picture Colour to adjust the
Saturation, Tone, and Colour.
6. Choose Picture Correction to adjust the
Sharpness, Brightness, and Contrast.
2. Click Solid Fill then choose your colour
from the palette.
Solid Colour Background
Image Background
Beazley plc
Ransomware
Beazley plc
Ransomware incidents
The cyber threat landscape is changing
17 September, 2019 Slide 15 Source: Beazley – 2018 statistics
• 2015-2016 – “Turning Point” in Ransomware
• 9% of 2018 Incidents - 298 in 2018
• Healthcare, Financial Services, Professional Services
• SME vs MM – 72% vs 28%
Beazley plc
“ To ‘B’reach Or Not To ‘B’reach ”
Ransomware
17 September, 2019 Slide 16
• Most are not breaches
• Forensics is necessary
• Industry mandate may apply (ie: Covered Entities under HIPAA)
• Retain under counsel
• Need for regulatory inquiries in the future
Beazley plc
Ransom Amounts
Ransomware
17 September, 2019 Slide 17
• $100s/$1000s/$10000s
• Beazley highest paid ransom – nearly 7 figures
• Outliers are becoming more common and actors more bold
• Actors make up in volume
• FBI estimated in 2017, $1B were paid in ransomware demands
Beazley plc
Who Are These Actors?
Ransomware
17 September, 2019 Slide 18
• No More ‘Dark Hoodies’
• Professional Business Model
• “Best Customer Service”
• Bitcoin Wallet ID
• “Double Dippers”
• “Honor Amongst Thieves”
• Known Terrorist Organizations
Beazley plc
Why Would You Pay?
Ransomware
17 September, 2019 Slide 19
• “You Are Not the US Government”
• Technical Challenges at Data Restoration
• Bad segmentation
• Corrupt restored data
• Improper backup intervals for data purpose
Beazley plc
Who Do Actors Target?
Ransomware
17 September, 2019 Slide 20
• All industries targeted
• LinkedIn is their friend
How to customise
your background
1. Right click on your slide and click Format
Background.
3. Click on Fill then Picture or Texture Fill
and choose the image from your computer.
4. Click Picture on the Format Background
Menu to alter your image.
5. Choose Picture Colour to adjust the
Saturation, Tone, and Colour.
6. Choose Picture Correction to adjust the
Sharpness, Brightness, and Contrast.
2. Click Solid Fill then choose your colour
from the palette.
Solid Colour Background
Image Background
Beazley plc
CryptoJacking
Beazley plc
CryptoJacking
The cyber threat landscape is changing
17 September, 2019 Slide 22
• Hacker does not seek PII/PHI but “CPU Power”
• Hacks and Hijacks IOT devices throughout an organization
• PCs / Laptops
• Servers
• Security Cameras
• “Coffeemakers & Refrigerators”
• Leverages IOT devices’ CPU power to mine for crypto-currency, like BitCoin
How to customise
your background
1. Right click on your slide and click Format
Background.
3. Click on Fill then Picture or Texture Fill
and choose the image from your computer.
4. Click Picture on the Format Background
Menu to alter your image.
5. Choose Picture Colour to adjust the
Saturation, Tone, and Colour.
6. Choose Picture Correction to adjust the
Sharpness, Brightness, and Contrast.
2. Click Solid Fill then choose your colour
from the palette.
Solid Colour Background
Image Background
Beazley plc
MS Office 365
Beazley plc
MS Office 365 - Technical Issues Necessitating Data Discovery and Review
The cyber threat landscape is changing
17 September, 2019 Slide 24
• O365 Default Settings Provide Insufficient Logging
• MS has disabled the “magic logs”
• Attackers Synching the Inbox
• Programmatic searches do not work on unsearchable PDFs
• Large spreadsheets of data can require manual review
Beazley plc
MS Office 365 - Data Discovery and Review Costs are Costly
The cyber threat landscape is changing
17 September, 2019 Slide 25
Platform No. of Inboxes
No. of
Documents Cost
BBR Legal /
Forensic Sublimit No. of Notified
Individuals
MS O365 70 inboxes 450,000 $2,000,000.00 $2,500,000.00 83,000
MS O365 189 inboxes 1,750,000 $1,850,000.00 $1,000,000.00 362,000
MS O365 120 inboxes 855,000 $1,400,000.00 $2,500,000.00 TBD
MS O365 24 inboxes 365,000 $675,000.00 $1,500,000.00 TBD
Beazley plc
MS Office 365 - Lessons Learned
The cyber threat landscape is changing
17 September, 2019 Slide 26
• Multi-Factor Authentication
• MS Logging Script and O365 Audit Logs Turned ON
• Email Retention Settings
How to customise
your background
1. Right click on your slide and click Format
Background.
3. Click on Fill then Picture or Texture Fill
and choose the image from your computer.
4. Click Picture on the Format Background
Menu to alter your image.
5. Choose Picture Colour to adjust the
Saturation, Tone, and Colour.
6. Choose Picture Correction to adjust the
Sharpness, Brightness, and Contrast.
2. Click Solid Fill then choose your colour
from the palette.
Solid Colour Background
Image Background
Beazley plc
The Breach Response Methodology
Beazley plc
The Data Breach Response Methodology
28
Phase 4
Claims Defense
Phase 3
Response
Phase 2
Investigation
Phase 1
Discovery & Assessment
Privacy Counsel
Crisis
Management
Class-Action Lawsuits
Regulatory Investigations, Fines,
Penalties
Communications
& Services Reputational Damage
Business
Income Loss
Incident Discovery
Trigger Incident Response Plan
Forensics
Conclusion & Results
Risk Can Still Be Managed “Cannot Un-Ring the Bell”
How to customise
your background
1. Right click on your slide and click Format
Background.
3. Click on Fill then Picture or Texture Fill
and choose the image from your computer.
4. Click Picture on the Format Background
Menu to alter your image.
5. Choose Picture Colour to adjust the
Saturation, Tone, and Colour.
6. Choose Picture Correction to adjust the
Sharpness, Brightness, and Contrast.
2. Click Solid Fill then choose your colour
from the palette.
Solid Colour Background
Image Background
Beazley plc
Last Bit of Advice …
Beazley plc
Perception is Half the Regulatory Battle
– People use “breach” too frequently and you don’t want your customers or regulators to think
you are subject to numerous breaches
– “Breach” suggests something bad happened or is going to happen
– “Breach” has legal significance. Don’t prematurely call an “incident” or an “event”, a
“breach”
Best Practices
– Refrain from using “Breach” in anything memorialized
– Emails, Voicemails, Text Messages, Written Memos
– Train your incident response team to not use “Breach” within internal communications as they assess &
investigate the “incident” or “event”
Why we should be careful with the word “Breach”
30
Beazley plc
“It’s bad enough a company may possibly face liability from the data breach itself. The last thing you want is to create further liability
exposure from how you respond to the incident.
Making sure you are kept in the best defensible position possible during the course of your breach response methodology should be a
priority.”
31
Alex Ricardo, CIPP/US Breach Response Services
Beazley Group Rockefeller Center 1270 Avenue of the Americas New York, NY 10020 t: +1 (917) 344 3311 c: +1 (646) 934-4100 e: [email protected]
For More Information: www.beazley.com
The descriptions contained in this broker communication are for preliminary informational purposes only. The product is available on an admitted basis in some but not all US jurisdictions through Beazley
Insurance Company, Inc., and is available on a surplus lines basis through licensed surplus lines brokers underwritten by Beazley syndicates at Lloyd’s. Certain Lodestone services may not be available on an
admitted basis at this time. The exact coverage afforded by the product described herein is subject to and governed by the terms and conditions of each policy issued. The publication and delivery of the
information contained herein is not intended as a solicitation for the purchase of insurance on any US risk. Beazley USA Services, Inc. is licensed and regulated by insurance regulatory authorities in the
respective states of the US and transacts business in the State of California as Beazley Insurance Services (License#: 0G55497).
Questions?