Data Breach Prevention and Response: Front-End Detection an PowerPoint Presentation, PPT - DocSlides

Data Breach Prevention and Response: Front-End Detection and Back-End Protection

Today’s Moderator

Bruce MacDougall

Senior Vice President WGA

“If we do not act, we leave our nation vulnerable to protect the technologies that have unleashed untold opportunities for people around the globe.”

783 Data Breaches

hit U.S. Business in 2014,

a

27.5% increase over 2013.

Known Attacks

2014-2015

Affecting 80

million

people

costs $8 to $16 billion

$1b bank hack

Latest Hack

Earlier this month, Premera Blue Cross Security breach that exposed medical and financial information 11 million customers Most devastating cyber-attack in the health care industry to date

Response takes center stagePreventionProtection

Cyber Threats: What to expect in 2015

Today’s Featured Speakers

Paul Morville

John Doernberg

FounderVP Product Confer Technologies, Inc.

Vice

President Cyber Practice LeaderWGA

Front End Prevention

Reporter: “Willie, why do you rob banks?”Willie:“Because that’s where the money is.”

Bank Robbers in 2015

Evgeniy

Bogachev$3M reward for his arrest Has stolen an estimated $100MRecently went into hidingUses Zeus malware to steal banking information

Where is the money in 2015?

Other motivations beyond money

All Kinds of Businesses Targeted

45% of breaches in the private sector are of companies with less than 1,000 employees

Source:

2014 Verizon Breach Investigations Report

How do they operate? Attack endpoint?

Confer – What We Do

16

CROWDSOURCED BLACKLIST

Combined power of

50 antivirus engines

BEHAVIORAL ANALYTICS

Detect combinations of attacker techniques that all attacks share

APPLIED INTELLIGENCE

Apply

crowdsourced

threat

intelligence on endpoint

LIGHTWEIGHT SENSOR

MOBILE

PCS

SERVERS

WINDOWS, MAC, ANDROID

(IOS and LINUX Coming Soon)

The

Confer

Cloud

THREAT PREVENTION

Stop advanced and

zero day attacks

INCIDENT RESPONSE

Who, what, when, where,

a

nd how?

APPLIED INTEL

Automated threat sharing and

i

ntelligence-based protection

Multi-Engine Approach Dramatically Improves Detection

Signatures

Static Behavioral

Dynamic Behavioral

Signatures

5%

Static Behavioral

20%

Confer has > 99% Detection Rates

Plus, incident

r

esponse and applied

i

ntelligence

p

rovide context and understanding

Exceptionally Lightweight Sensor

CPU

Disk

Network

< 1% increaseover baseline CPUutilization< 1% increaseover baseline disk I/O utilization< 3.5MB datatransferred per day

In comparison, leaving the CNN web page open for 60 seconds results in 10MB data transferred and dramatically higher CPU utilization versus Confer

Confer: Redefining Endpoint Security

Lightweight and cloud-based

: simple to deploy and use

Multiplatform

: Windows, Mac, Android,

iOS

, Linux

P

revents

advanced attacks

AND

simplifies incident response

Back End Protection

Board are showing more concern about cyber threats SEC pushing for board members to take greater responsibility for cyber risksNot all measures are technical (i.e. deciding which breach prevention measures should we adopt)Legal Compliance and Disclosure Issues

Governance Cyber Considerations

Cyber Concern at Board Level – 74%

According to a 2014 NYSE Corporate Governance/FTI Consulting research study

Generally fall into three major categories:Human ErrorSystem GlitchesCriminal Attack

Causes of a Breach

Most frequent cause

Most costly

Current Cyber Trends

Sony Pictures breach a reminder that (1)

data loss

is a major exposure (the attackers wiped out much of the data on Sony’s network), and (2)

employee privacy

is a major exposure

Anthem breach a reminder that (1) attackers can penetrate a network months before an attack is discovered (thought to have broken into network in April 2014) and (2)

notification responsibilities

aren’t always clear

Renewed focus on healthcare and HIPAA/HITECH:

Breach notification requirement

State Attorney Generals can bring civil actions in federal court

Civil monetary penalties range from $50k-$100k per violation and $25k-$1.5M in a calendar year

Cost of a breach in U.S. $5.9m average

Cost of dealing with a breach

Forensic

costs -- can be significant

Data

loss -- Sony Pictures situation

Business

interruption exposures

Thinking within the NIST Framework

What is

your

risk

W

hat

are your

cyber security practices

Where

do you want/need to be

Risk Practices

Distinction between privacy breach and network security breach

Not all

losses are technical

Can

face significant cyber losses even if you don't have a lot of PII or PHI 

The role of cyber insurance

Risk management and insurance drives behavioral change in the marketplace

Mitigates loss by forcing insureds to assess the potential risk and their cyber defense mechanisms

Response Plan

Having

the right players as initial responders

Practicing

and revising 

Transfer

r

isk ​

A look at the insurance marketplace

$2B estimated total premium for cyber insurance in 2014

Survey of insurance brokers finds:

61% say cyber is viewed in the top three most significant business threats to their clients

But just 18% of brokers say over 40% of their clients have some cyber liability coverage

Insurance Trends

Some carriers are reasonably flexible on coverage terms, others more cautious

Some carriers increase or eliminate

sublimits

on first-party costs (forensics, notification, credit monitoring, legal)

Firming prices in industries where carriers see greater exposure (healthcare and especially retail)

More information

Overwhelming amount of information out there when it comes to data security and privacy

No shortage of new Cyber Threats

WGA has launched an open-source online forum to collect data

C

yberRiskHub.com

Contact Information

Paul Morville Conferpaul@confer.net617.821.1341

John DoernbergWGAjdoernberg@wgains.com617.646.0336

Bruce MacDougallWGA bmacdougall@wgains.com617.646.0279

Thank you for joining us today

Confer Technologies http://www.confer.net/

WGA

http://www.WGAins.com