Upload
norman-w-mayes
View
93
Download
1
Embed Size (px)
Citation preview
RSA Conference 2016 ReviewAKA “THIS WAS THE ONLY WAY TO GET MY TRAVEL EXPENSES APPROVED”
So what did we learn at the RSA Conference this year?
Data Privacy!OR THE LACK OF…
vs
Data Privacy & Breaches
Types of Privacy Data Compromised
Social Security Numbers Credit/Debit Card Numbers Emails/Passwords/User Names Protected Health Information (PHI)
Data Breaches by Category
Insider Theft Hacking Data on the Move Third Party (Subcontractors) Employee Error (Negligence) Accidental Internet Exposure Physical Theft
Data Breaches Galore 2015!
3%10%
0%
20%
67%
2015 Record Breaches
Banking Business Education GovernmentHealthcare
By the Numbers – USA Only:
Banking – 5 Million Records Business – 16 Million Records Education – 750,000 Records Government – 34 Million Records Healthcare – 112 Million Records
Total – 169 Million Records**Report Records
37 Million 22 Million11 Million
80 Million15 Million 330,000
Washington Breaches 2015
Smartlabtoys.com Amazon Password Breach Noble House Hotel and
Resorts – The Commons (20,000)
T-Mobile / Experian (15 Million)
Padklocks4less.com Costco Photo Center SafeandVaultStore.com BigFishGames.com
PeaceHealth Southwest Medical Center
Washington Township Health Care District
PeaceHealth St. John Medical Center
Healthpoint Cancer Care Northwest Premera Blue Cross (11
Million) Providence Hospital St. Joseph
Medical Center
Noble House Hotel and Resorts
Breach Date: Unknown – Detected 9/25/2015Breach Type: ElectronicBreach Category: BusinessRecords Exposed: Yes – 19,472How was it Discovered: Customers were complaining about unauthorized charges on their credit cards.Synopsis: FBI was enlisted and a cyber-security firm examined their payment systems. Malware was detected on the payment card system.Data Breach included Names, Credit Card Numbers, Expiration Date and CVV Numbers.
T-Mobile and Experian
Breach Date: 9/1/2015 – Detected 9/15/2015Breach Type: ElectronicBreach Category: BusinessRecords Exposed: Yes – 15 MillionHow was it Discovered: UndisclosedSynopsis: Experian noticed unauthorized access to a select set of servers and that large amounts of credit data had been downloaded. Experian contacted T-Mobile that a breach had occurred.Data Breach included Names, Addresses, Social Security Numbers, Dates of Birth, Driver License Numbers, Passport Numbers, etc.
Premera Blue Cross
Breach Date: 5/5/2014 – Detected 1/29/2015Breach Type: ElectronicBreach Category: Medical/HealthcareRecords Exposed: Yes – 11 MillionHow was it Discovered: UndisclosedSynopsis: It was reviled that this was the work of a state sponsored espionage group based in China.Data Breach included Names, Addresses, Social Security Numbers, Dates of Birth, Telephone Numbers, Email Addresses, Medical Claims Information and individual Financial Information.
Security Best PracticesOR HOW TO AVOID BEING ON A BREACH LIST IN 2016
Encryption of data at rest, in storage and in transit Enforce effective password management policies Least Privilege User Access Regular Security Design and Code Reviews Penetration and Vulnerability Scans Multi-layer Firewall Protections Mobile Device Management Review Server Certificates Data Breach Response Plan
Questions?
NO ANIMALS WERE HARMED IN THE CREATION OF THIS PRESENTATION