your background Data Breaches & Cyber€¦ · Source: Beazley –2018 statistics 17 September, 2019 Slide 15 • 2015-2016 – “Turning Point” in Ransomware • 9% of 2018 Incidents

How to customise

your background

1. Right click on your slide and click Format

Background.

3. Click on Fill then Picture or Texture Fill

and choose the image from your computer.

4. Click Picture on the Format Background

Menu to alter your image.

5. Choose Picture Colour to adjust the

Saturation, Tone, and Colour.

6. Choose Picture Correction to adjust the

Sharpness, Brightness, and Contrast.

2. Click Solid Fill then choose your colour

from the palette.

Solid Colour Background

Image Background

Data Breaches & Cyber : Understanding the Risk .

Alex Ricardo, CIPP/US Beazley Breach Response

Beazley plc

This presentation and content is not meant to be considered

professional legal advice.

The presenter is not a licensed attorney and all information

obtained from this presentation should be considered for

informational purposes only.

You should consult with a licensed privacy counsel for any

decisions surrounding your corporate privacy initiatives,

incident response plan or data breach response methodology.

Disclaimer

2

Beazley plc November 2017

A cyber breach isn’t always a disaster.

Mishandling it is.

Slide 3

Threat landscape

Beazley plc

The loss or disclosure of personal or sensitive data continues to be a huge concern and risk for companies.

2009:

2014

2015:

2016:

2017:

2018:

2019 Projection:

“Let’s go to the

tote board”

Beazley – Breach statistics

Managing breach incidents since 2009

Handled 750+ incidents

Handled 1,200+ incidents




4,500+ incidents

As of 1/1/2019 – 11,000+ incidents

Slide 5 17 September, 2019

Beazley plc Source: Beazley – 2018 stats

Physical loss:

Breach Incidents – It’s not all cyber-related

17 September, 2019

5% of breach incidents involve physical loss

Accident or Unintended disclosure:

20% of breach incidents result from broken business practices

Company/3rd party:

30% of breach incidents are a result of a 3rd party

Slide 6

Approximately

Beazley plc

Unintended Disclosure

Paper / Physical Records

• Un-shredded Documents

• Dumpster Diving

• File cabinets – sold/donated

• Natural Disasters

• X-Ray Images

Where’s the Risk?

7

Beazley plc

Where’s the Risk?

8

Unintended Disclosure

Electronic assets

• Computers

• Smart phones

• Backup tapes

• Hard drives

• Servers

• Copiers

• Fax machines

• Scanners

• Printers

Leasing Contracts - Review

Beazley plc

Business Email Compromise

– 24% of 2018 incidents (vs 13% of 2017), 811 incidents in 2018 (vs 348 2017)

– Financial Institutions, Healthcare, Education

– MM (59%) vs SME (41%)

– Examples

– “CFO” email

– “HR – Payroll Form” email

– CEO “W2 Request” email

– Payroll Diversion emails

Where’s the Risk?

9

Beazley plc

Lost/Missing/Stolen Electronic Assets

• 6% of 2018 Incidents

• #1 issue with regulators

• encrypt – Encrypt – ENCRYPT!

• Unencrypted portable media exclusions

Where’s the Risk?

10

Beazley plc

Mishaps due to Broken Business Practices – Unintended Disclosure

• 20% of 2018 incidents (source: Beazley statistics)

• Industry Agnostic

Where’s the Risk?

11

Beazley plc

Rogue Employees

9% of 2018 incidents (source: Beazley statistics)

• Disgruntled

• Information Security / Information Technology

• Enticed

• Human Resources

• Call Centers

• Finance

Where’s the Risk?

12

How to customise

your background


Background.










from the palette.


Image Background

Beazley plc

Most Recent Threats

How to customise

your background


Background.










from the palette.


Image Background

Beazley plc

Ransomware

Beazley plc

Ransomware incidents

The cyber threat landscape is changing

17 September, 2019 Slide 15 Source: Beazley – 2018 statistics

• 2015-2016 – “Turning Point” in Ransomware

• 9% of 2018 Incidents - 298 in 2018

• Healthcare, Financial Services, Professional Services

• SME vs MM – 72% vs 28%

Beazley plc

“ To ‘B’reach Or Not To ‘B’reach ”

Ransomware

17 September, 2019 Slide 16

• Most are not breaches

• Forensics is necessary

• Industry mandate may apply (ie: Covered Entities under HIPAA)

• Retain under counsel

• Need for regulatory inquiries in the future

Beazley plc

Ransom Amounts

Ransomware


• $100s/$1000s/$10000s

• Beazley highest paid ransom – nearly 7 figures

• Outliers are becoming more common and actors more bold

• Actors make up in volume

• FBI estimated in 2017, $1B were paid in ransomware demands

Beazley plc

Who Are These Actors?

Ransomware


• No More ‘Dark Hoodies’

• Professional Business Model

• “Best Customer Service”

• Bitcoin Wallet ID

• “Double Dippers”

• “Honor Amongst Thieves”

• Known Terrorist Organizations

Beazley plc

Why Would You Pay?

Ransomware


• “You Are Not the US Government”

• Technical Challenges at Data Restoration

• Bad segmentation

• Corrupt restored data

• Improper backup intervals for data purpose

Beazley plc

Who Do Actors Target?

Ransomware


• All industries targeted

• LinkedIn is their friend

How to customise

your background


Background.










from the palette.


Image Background

Beazley plc

CryptoJacking

Beazley plc

CryptoJacking



• Hacker does not seek PII/PHI but “CPU Power”

• Hacks and Hijacks IOT devices throughout an organization

• PCs / Laptops

• Servers

• Security Cameras

• “Coffeemakers & Refrigerators”

• Leverages IOT devices’ CPU power to mine for crypto-currency, like BitCoin

How to customise

your background


Background.










from the palette.


Image Background

Beazley plc

MS Office 365

Beazley plc

MS Office 365 - Technical Issues Necessitating Data Discovery and Review



• O365 Default Settings Provide Insufficient Logging

• MS has disabled the “magic logs”

• Attackers Synching the Inbox

• Programmatic searches do not work on unsearchable PDFs

• Large spreadsheets of data can require manual review

Beazley plc

MS Office 365 - Data Discovery and Review Costs are Costly



Email

Platform No. of Inboxes

No. of

Documents Cost

BBR Legal /

Forensic Sublimit No. of Notified

Individuals

MS O365 70 inboxes 450,000 $2,000,000.00 $2,500,000.00 83,000

MS O365 189 inboxes 1,750,000 $1,850,000.00 $1,000,000.00 362,000

MS O365 120 inboxes 855,000 $1,400,000.00 $2,500,000.00 TBD

MS O365 24 inboxes 365,000 $675,000.00 $1,500,000.00 TBD

Beazley plc

MS Office 365 - Lessons Learned



• Multi-Factor Authentication

• MS Logging Script and O365 Audit Logs Turned ON

• Email Retention Settings

How to customise

your background


Background.










from the palette.


Image Background

Beazley plc

The Breach Response Methodology

Beazley plc

The Data Breach Response Methodology

28

Phase 4

Claims Defense

Phase 3

Response

Phase 2

Investigation

Phase 1

Discovery & Assessment

Privacy Counsel

Crisis

Management

Class-Action Lawsuits

Regulatory Investigations, Fines,

Penalties

Communications

& Services Reputational Damage

Business

Income Loss

Incident Discovery

Trigger Incident Response Plan

Forensics

Conclusion & Results

Risk Can Still Be Managed “Cannot Un-Ring the Bell”

How to customise

your background


Background.










from the palette.


Image Background

Beazley plc

Last Bit of Advice …

Beazley plc

Perception is Half the Regulatory Battle

– People use “breach” too frequently and you don’t want your customers or regulators to think

you are subject to numerous breaches

– “Breach” suggests something bad happened or is going to happen

– “Breach” has legal significance. Don’t prematurely call an “incident” or an “event”, a

“breach”

Best Practices

– Refrain from using “Breach” in anything memorialized

– Emails, Voicemails, Text Messages, Written Memos

– Train your incident response team to not use “Breach” within internal communications as they assess &

investigate the “incident” or “event”

Why we should be careful with the word “Breach”

30

Beazley plc

“It’s bad enough a company may possibly face liability from the data breach itself. The last thing you want is to create further liability

exposure from how you respond to the incident.

Making sure you are kept in the best defensible position possible during the course of your breach response methodology should be a

priority.”

31

Alex Ricardo, CIPP/US Breach Response Services

Beazley Group Rockefeller Center 1270 Avenue of the Americas New York, NY 10020 t: +1 (917) 344 3311 c: +1 (646) 934-4100 e: [email protected]

For More Information: www.beazley.com

The descriptions contained in this broker communication are for preliminary informational purposes only. The product is available on an admitted basis in some but not all US jurisdictions through Beazley

Insurance Company, Inc., and is available on a surplus lines basis through licensed surplus lines brokers underwritten by Beazley syndicates at Lloyd’s. Certain Lodestone services may not be available on an

admitted basis at this time. The exact coverage afforded by the product described herein is subject to and governed by the terms and conditions of each policy issued. The publication and delivery of the

information contained herein is not intended as a solicitation for the purchase of insurance on any US risk. Beazley USA Services, Inc. is licensed and regulated by insurance regulatory authorities in the

respective states of the US and transacts business in the State of California as Beazley Insurance Services (License#: 0G55497).

Questions?