Download presentation
Presentation is loading. Please wait.
Published byTrevor Cummings Modified over 7 years ago
1
Michael Wright • Chief Security Officer • Tech Lock
Introduces Data Breach Root Causes Michael Wright • Chief Security Officer • TECH LOCK Michael Wright • Chief Security Officer • Tech Lock
2
Cyber Security Risks While this data
Data Breach Root Causes Cyber Security Risks While this data management method wasn’t as efficient, it might have been more secure.
3
Cyber Security Risks 30% $73.7 Billion 12% 99% 56%
Data Breach Root Causes Cyber Security Risks 30% of users open phishing s* $73.7 Billion 12% increased spending worldwide on cybersecurity in 2016** click on the links contained in the * 56% 99% of breaches occurred due to phishing attacks* of computers use software that is vulnerable to attack if not updated* *Heimdel Security **IDC
4
Cost of a Breach How will your customers react to a breach?
Data Breach Root Causes Cost of a Breach Average consolidated cost of a data breach rose to $4 million in 2016* Average cost for each stolen record is $158 Additional cost is reputational harm How will your customers react to a breach? *Ponemon Institute 2016 Cost of a Data Breach Study: Global Analysis
5
1 2 Making Compliance a Competitive Advantage
Data Breach Root Causes Making Compliance a Competitive Advantage The following slides cover a dual role: 1 They can do to set yourself above the rest from a compliance perspective. 2 They can protect you from a breach --- these are a distillation of the vast majority of our pen test and audit findings. Mike
6
Making Compliance a Competitive Advantage
Data Breach Root Causes Making Compliance a Competitive Advantage Regulations dictate that companies must validate all of their vendors’ data security and compliance. What sets you apart from everyone else? Reputation… No security breaches (yet)… is not enough is not enough Mike Operational excellence… is not enough
7
Data Breach Root Causes
Overview Data Breach Root Causes While you can’t guarantee a breach will never occur, there are best practices you can implement to better secure your data and lower your risks. Lax or Ineffective Access Control Non-authoritative Policies No Third-Party Data Security Audits Data Security Not Part of Daily Processes Insufficient Vendor Oversight Business Leaders Not Involved
8
Lax or Ineffective Access Control
Data Breach Root Causes Lax or Ineffective Access Control Provide only the level of access required to perform job duties Providing higher than necessary access often exacerbates ransomware attacks Train your team, including C-Level executives, why having only required access helps protect your company
9
Data Security Not Part of Daily Processes
Data Breach Root Causes Data Security Not Part of Daily Processes Many organizations focus on data security only during their annual audits “Bake” it into your daily routines and business processes
10
Data Security Not Part of Daily Processes
Data Breach Root Causes Data Security Not Part of Daily Processes Assess the impact to data security and compliance when making technology or business process changes Examples include: • Moving software systems or data “to the cloud” • Switching from traditional telephony to Voice over IP Build data security requirements in the planning and transition
11
Document Vendor Oversight Program
Data Breach Root Causes Insufficient Vendor Oversight Execute Due Diligence Determine Risk Level Identify Data Flows Document Vendor Oversight Program
12
Non-Authoritative Policies
Data Breach Root Causes Non-Authoritative Policies Documents created by IT to satisfy audit requirements and sitting neglected on a server are not effective Create appropriate IT Security Policies – Say what you Do and Do what you Say Disseminate Policies Create Security Policies IT policies can protect your organization only when enforced Enforce Policies
13
No Third-Party Data Security Audits
Data Breach Root Causes No Third-Party Data Security Audits Independent audits and penetration tests are effective ways to validate your data security measures You don’t know if you are secure if you don’t test the system
14
Business Leaders Not Involved
Data Breach Root Causes Business Leaders Not Involved As a business leader within your organization, what are YOU doing to ensure your company stays out of the news? BE INVOLVED! Compliance and Security Best Practices You probably have a formal compliance program for CFPB, FDCPA, etc. Do you include data security like PCI, HIPAA, GLBA Safeguards Rule, etc.? Or do you just trust that your technical and operations staff are staying compliant with standards they may know little-to-nothing about? Mike
15
Questions? Ensure Appropriate Access Control
Data Breach Root Causes Questions? Ensure Appropriate Access Control Create Authoritative IT Policies Make Data Security Part of Daily Processes Validate Your Data Security Oversee Your Vendors BE INVOLVED!
16
Michael Wright • Chief Security Officer • Tech Lock
Thank you Michael Wright • Chief Security Officer • Tech Lock
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.