slva - werksmans security for privacy
TRANSCRIPT
Protecting Personal InformationBuilding your Security for Privacy program
Kris BudnikApril 2014
Information is a valuable asset…
• Incidence and costs of fraud rose markedly in the past 12 months
• Information related fraud is common and evolving
• Employee abuse still the major cause (39%) but instances of external hacking almost doubled (35% vs 18%)
• Worse still, instances of hacking via 3rd party supplier or service provider have trebled (17% vs. 5%)
• Complexity of IT infrastructures seen as contributing factor
Source: 2013/2014 Kroll Global Fraud Report
The fraud case involving a single location is now a rarity: the client is in one country, the fraud in a second, the perpetrator in a third and the money...well, that’s often the challenge.
Volume and frequency of personal data theft on the increase…
Pesonal data a commodity on a vast underground market…
• Online Bank Accounts: – Name your Bank and Country preference
• Fullz available here!– US, EU, Australia, UK, Canada, Asia
• Malware Infected Computers – 1k, 5k, 10k or 20k?
• Malware and Exploit Kits to lease– 3mts, 6mths and 1yr terms
• Hacker Services for Hire– DDoS Attacks – Hacking of Websites – Doxing
Services PriceVISA & Master Card (US) $4
VISA & Master Card (EU) $7 - $8
Credit Card with track 1 & 2 data (UK)
$19 - $20
Credit Card with track 1 & 2 data (EU)
$28
Fullz (UK, EU) $30 - $40
Bank Accounts with $70k - $115k
$300
Doxing $25 - $100
Health Data $150 - $200
Infected Computers (5k bots) $90
Denial of Service $3 -$5 per hour$400 -$600 per
week
Source: Dell SecureWorks, 2013
Corporate response often inadequate or misplaced...
Consequences avoidable…
Analysis of over 50 incidents reported in 2009 – 2013 (source: wiki.openrightsgroup.org/wiki/UK_Privacy_Debacles)
Design error Email error Insecure disposal
Insecure handling
Lost/Stolen Laptop
Lost/Stolen Media
0
100000
200000
300000
400000
500000
600000
55000 5885
235
173
397748
539840
No. of records lost
Learning from others…
Preparing a suitable response…
Your IT team can help…consider the following as minimum response strategies:
• eLearning to raise awareness• Access Governance to ensure
authorised access to:– networks, – systems, – applications – data
• Data Leak Management to ensure accountability and enforce policy
• Event and Incident Management for early problem detection and efficient resolution
1745
763
468
483
340 395
895
152
87 110
100
121
927
153
92 116
100
121
0200400600800
100012001400160018002000
January February March April May JuneMonth
Unauthorized Webmail Attachments Rule Prompt -2008
# Prompts Associates Workstations
Thank you
For a further conversation:Kris [email protected] 600 7311