270 likes | 392 Views
Assessing Data Security Risks: Learning From Recent Breaches. Lenny Zeltser Security Consulting Manager, Savvis. A data security breach can be a major disruption to business. Complexities of making risk decisions can be overwhelming. As a result, status quo often leaves vulnerabilities.
E N D
Assessing Data Security Risks: Learning From Recent Breaches • Lenny Zeltser • Security Consulting Manager, Savvis
A data security breach can be a major disruption to business.
Learn from recent breaches to tighten your security mechanisms.
Forever 21 Sports Authority ? DSW Boston Market BJ’s OfficeMax Barnes & Noble Dave & Busters TJX
3-Year Undercover Operation Belarus: Pavolvich Unknown: “Delpiero” US: Gonzalez, Scott, Toey China: Chiu, Wang Ukraine: Yastremskiy, Burak, Storchak, Suvorov Belarus: Паволвич Unknown: “Delpiero” US: Gonzalez, Scott, Toey China: 黄明, 王治治 Ukraine: Ястремский, Бурак, Сторчак, Суворов
Foot in the Door Wardriving SQL injection Social engineering
A sniffer captured magnetic stripe data and PINs. Processor Register Server
Malware helped in a breach of millions of credit and debit card transactions. Heartland Payment System
How would an attacker get a foot in the door? What is your flow of sensitive data? What are your malware defenses?
Employee used customer data to set up new accounts and cash out. ($380,000) Citi
Employee downloaded and sold customer data. ($60,000) Countrywide Home Loans
Contractor attempted to destroy data on 4,000 servers after being fired. Fannie Mae
Do employees have just the access they need? How can you detect and block data leaks?
Digital photo frames infected during QA. Sam’s Club Best Buy
202,000 sensitive letters mailed to wrong recipients. Blue Cross and Blue Shield of GA
Personal details of 9,000 people emailed, believed to be sample data. ADP
How do you share sensitive data? How can you detect and prevent processing errors?
As data increases in value, the impact of a security breach can grow in severity.
How would an attacker get a foot in the door? What is your flow of sensitive data? What are your malware defenses? Do employees have just the access they need? How can you detect and block data leaks? How do you share sensitive data? How can you detect and prevent processing errors?
It is better to know some of the questions, than all of the answers. Happy to chat: