Michael Wright • Chief Security Officer • Tech Lock

Slides:



Advertisements
Similar presentations
2 Assessing the Threatscape Addressing compliance requirements Respond, dont just report Youre already a statistic, how do you rebound? Q&A.
Advertisements

2 Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A.
HIPAA Regulations What do you need to know?.
Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Vendor Risk: Effective Management is Essential
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
STRONG POLICIES AND INTERNAL CONTROLS – SAFEGUARDING YOUR RESOURCES, AND YOUR REPUTATION Maria Falvo Chief Operating Officer American Savings Foundation.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.
Dell Connected Security Solutions Simplify & unify.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Security Outsourcing Melissa Karolewski. Overview Introduction Definitions Offshoring MSSP Outsourcing Advice Vendors MSSPs Benefits & Risks Security.
HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.
Cyber-Security among American Local Governments Donald F. Norris, Anupam Joshi and Timothy Finin University of Maryland, Baltimore County Baltimore, Maryland.
Riding the Cloud Storm – Responding to Cloud Risks David Rawle Technical Director.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Cybersecurity as a Business Differentiator
Thomas A. Baden Jr. | Commissioner and State Chief Information Officer
Information Security Program
An Update on FERPA and Student Privacy
Cybersecurity - What’s Next? June 2017
Case Study - Target.
Team 1 – Incident Response
Demystifying cybersecurity: Best practices to help strengthen your program Chris Candela Senior Consultant Business Consulting Services Charles Schwab.
What Does GDPR mean for you
Data Minimization Framework
Cyber Risk Presentation to the Board of Directors
Team 4 – Mack, Josh, Felicia, Kevin and Walter
Team 2 – understand vulnerabilities
Regulatory Compliance
Compliance with hardening standards
Microsoft 365 Get help with regulatory compliance
Auditing Cloud Services
Chapter 3: IRS and FTC Data Security Rules
Information Security: Risk Management or Business Enablement?
CMGT 582 Competitive Success-- snaptutorial.com
CMGT 582 Competitive Success/tutorialrank.com
CMGT 582 STUDY Lessons in Excellence--cmgt582study.com.
CMGT 582 Education for Service-- snaptutorial.com
CMGT 582 Education for Service-- tutorialrank.com.
Andy Hall – Cyber & Tech INSURANCE Specialist
Reporting personal data breaches to the ICO
IT Development Initiative: Status and Next Steps
WHAT SHOULD AN EXECUTIVE EXPECT FROM INFORMATION SECURITY
Relational Security Corporation
Cybersecurity compliance for attorneys
Keeping your data, money & reputation safe
Cyber Security Culture
Windows 10 Enterprise subscriptions in CSP – Messaging Summary
Drew Hunt Network Security Analyst Valley Medical Center
Data Security Julie D. Wilson Sr
What is an Internal Audit
No!. [NEXT SLIDE] LOGO HERE.
Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019.
GDPR success: Evidencing outcomes
DATA BREACHES 6 4 , 9 3 There were…
Protect data in core business applications
Process and Procedure Documentation
Guidelines for building security policies. Building a successful set of security policies will ensure that your business stands the best possible chance.
IT and Audit Building a Security Aware Culture
Lecture 15: Cybersecurity management
The state of digital supplier risk management: In partners we trust
Goddard Chamber September 12th, 2019 Hosts: John Ash & Jon Grover
Presentation transcript:

Michael Wright • Chief Security Officer • Tech Lock Introduces Data Breach Root Causes Michael Wright • Chief Security Officer • TECH LOCK Michael Wright • Chief Security Officer • Tech Lock

Cyber Security Risks While this data Data Breach Root Causes Cyber Security Risks While this data management method wasn’t as efficient, it might have been more secure.

Cyber Security Risks 30% $73.7 Billion 12% 99% 56% Data Breach Root Causes Cyber Security Risks 30% of users open phishing emails* $73.7 Billion 12% increased spending worldwide on cybersecurity in 2016** click on the links contained in the email* 56% 99% of breaches occurred due to phishing attacks* of computers use software that is vulnerable to attack if not updated* *Heimdel Security **IDC

Cost of a Breach How will your customers react to a breach? Data Breach Root Causes Cost of a Breach Average consolidated cost of a data breach rose to $4 million in 2016* Average cost for each stolen record is $158 Additional cost is reputational harm How will your customers react to a breach? *Ponemon Institute 2016 Cost of a Data Breach Study: Global Analysis

1 2 Making Compliance a Competitive Advantage Data Breach Root Causes Making Compliance a Competitive Advantage The following slides cover a dual role: 1 They can do to set yourself above the rest from a compliance perspective. 2 They can protect you from a breach --- these are a distillation of the vast majority of our pen test and audit findings. Mike

Making Compliance a Competitive Advantage Data Breach Root Causes Making Compliance a Competitive Advantage Regulations dictate that companies must validate all of their vendors’ data security and compliance. What sets you apart from everyone else? Reputation… No security breaches (yet)… is not enough is not enough Mike Operational excellence… is not enough

Data Breach Root Causes Overview Data Breach Root Causes While you can’t guarantee a breach will never occur, there are best practices you can implement to better secure your data and lower your risks. Lax or Ineffective Access Control Non-authoritative Policies No Third-Party Data Security Audits Data Security Not Part of Daily Processes Insufficient Vendor Oversight Business Leaders Not Involved

Lax or Ineffective Access Control Data Breach Root Causes Lax or Ineffective Access Control Provide only the level of access required to perform job duties Providing higher than necessary access often exacerbates ransomware attacks Train your team, including C-Level executives, why having only required access helps protect your company

Data Security Not Part of Daily Processes Data Breach Root Causes Data Security Not Part of Daily Processes Many organizations focus on data security only during their annual audits “Bake” it into your daily routines and business processes

Data Security Not Part of Daily Processes Data Breach Root Causes Data Security Not Part of Daily Processes Assess the impact to data security and compliance when making technology or business process changes Examples include: • Moving software systems or data “to the cloud” • Switching from traditional telephony to Voice over IP Build data security requirements in the planning and transition

Document Vendor Oversight Program Data Breach Root Causes Insufficient Vendor Oversight Execute Due Diligence Determine Risk Level Identify Data Flows Document Vendor Oversight Program

Non-Authoritative Policies Data Breach Root Causes Non-Authoritative Policies Documents created by IT to satisfy audit requirements and sitting neglected on a server are not effective Create appropriate IT Security Policies – Say what you Do and Do what you Say Disseminate Policies Create Security Policies IT policies can protect your organization only when enforced Enforce Policies

No Third-Party Data Security Audits Data Breach Root Causes No Third-Party Data Security Audits Independent audits and penetration tests are effective ways to validate your data security measures You don’t know if you are secure if you don’t test the system

Business Leaders Not Involved Data Breach Root Causes Business Leaders Not Involved As a business leader within your organization, what are YOU doing to ensure your company stays out of the news? BE INVOLVED! Compliance and Security Best Practices You probably have a formal compliance program for CFPB, FDCPA, etc. Do you include data security like PCI, HIPAA, GLBA Safeguards Rule, etc.? Or do you just trust that your technical and operations staff are staying compliant with standards they may know little-to-nothing about? Mike

Questions? Ensure Appropriate Access Control Data Breach Root Causes Questions? Ensure Appropriate Access Control Create Authoritative IT Policies Make Data Security Part of Daily Processes Validate Your Data Security Oversee Your Vendors BE INVOLVED!

Michael Wright • Chief Security Officer • Tech Lock Thank you www.techlockinc.com info@techlockinc.com Michael Wright • Chief Security Officer • Tech Lock