Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk.

Published byAbel Hamilton Modified over 6 years ago

Similar presentations

Presentation on theme: "Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk."— Presentation transcript:

1 ID Theft and Data Breach Mitigation Jeremy Gilbert, GCFE, GASF, EnCE, CPA

2 Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk

3 Consumer Identity Theft Issues

4 Consumer ID Theft Statistics
ID theft up 16% in In 2014, IRS paid $5.8 billion in fraudulent refunds 2 Virginia: 56,000 PHI records stolen since 1 Federal Trade Commission 2 Government Accountability Office 3 US Department of Health and Human Services Office for Civil Rights

5 How to Respond to ID Theft
File a police report File a complaint with the FTC File form with the IRS Place fraud alert on your credit report Consider a credit freeze Dispute fraudulent accounts Contact your creditors

6 Personal carelessness External hackers Data breaches
How Your ID is Stolen Personal carelessness External hackers Data breaches Your information is for sale Social engineering Targeting either you or someone you do business with Social engineering example

7 Fusion: Real Future, episode 8

8 The Price of Your Identity
Common prices for ID information: US “Fullz” - $30 Health Insurance Credentials - $20 Bank account with $75,000 - less than $300 Date of birth - $11 Credit card account - $4 to $13 Source: Dell SecureWorks

9 Protecting Yourself Never re-use passwords Guard personal information Use multi-factor authentication Set account access PINs at phone and utility providers Never re-use passwords, seriously

10 Data Breach Trends

11 2015 Data Breaches Xoom: Victim of $31 million Business Compromise (BEC)

12 Anthem and Premara breaches US Office of Personnel Management
Recent Data Breaches Anthem and Premara breaches 80 million and 11 million PHI records US Office of Personnel Management 21 million victims Ashley Madison Equifax 143 million “customers”

13 Phishing and Spear Phishing attacks
Breach Methods Phishing and Spear Phishing attacks 13% of users will click on links in Phishing s1 Stolen, weak, or default credentials Used in 63% of breaches 1 Verizon 2016 Data Breach Investigations Report

14 Point of sale intrusions/card skimmers
Breach Methods Web app attacks Attacks against existing pages Hacking servers to host malicious pages Point of sale intrusions/card skimmers Used to scrape credit card data Target, Home Depot, Hilton Worldwide Insider attacks

15 Deliberate cyber attack
Breach Methods Mistakes Accidental misdelivery Physical theft Malware Malvertising Deliberate cyber attack Industrial espionage

16 Cost of a Breach Average breach cost:1 Notable exceptions:
Small businesses: $86,500 Large businesses: $861,000 Notable exceptions: Anthem Healthcare: $5.55 million fine Cost of Target breach: $252 million Equifax 2017 breach: estimated $300 million to $4 billion 1 Kaspersky Labs survey

17 Laws and Regulations

18 Careful With the Word “Breach”
Breach has legal meaning Suggests you may have legal liability Security teams should use “Security Incident” until it’s determined a breach has occurred

19 Federal Laws and National Regulations
HIPPA-HITECH Healthcare data (PHI) FTC Red Flags Rule Applies to financial institutions PCI-DSS Payment cards FISMA Applies to federal contractors

20 All vary in timing, method, and extent of notice required Virginia
State Laws 48 different state laws All vary in timing, method, and extent of notice required Virginia If breach of PII is identified Must notify Virginia Attorney General and all affected Virginia residents

21 Assessing and Mitigating Your Risk

22 77% of business have suffered some form of data loss1
Assessing Your Risk 77% of business have suffered some form of data loss1 Matter of when, not if Higher risk if you handle Financial information Healthcare data 1 Kaspersky Labs survey

23 Information Security Lifestyle

24 Security Process Identify
Assess Your IT Environment and understand nature of your data Understand industry and regulatory compliance requirements Perform Information Security Risk Assessment

25 Protect the Environment
Implement Controls Based Upon Security Risk Assessment Physical Technical Administrative Assign Roles & Responsibilities for Maintaining Controls

26 Detect Incidents Monitoring & Event Logging Functions
Automated Solutions Where Possible, But….. Tailor Alerting to Limit False Positives! We love our automated alerting systems, don’t we? Useless unless they are customized to the environment and normal system behavior.

27 Respond to Incidents Execution of Incident Response Plan
Strong Response Capabilities Can Limit Impact Understand Specific Reporting Requirements and Key Contacts Response procedures: Target Example

28 Recover Recover Plans and Activities to Restore Business Services
Recovery Planning Key to Organizational Resilience Work with Contracting Officers and Authorities

29 Additional Resources FTC Guide for Assisting Identity Theft Victims
FTC Consumer ID Theft Guide IdentityTheft.gov Experian Credit Freeze Procedures Equifax Credit Freeze Procedures TransUnion Credit Freeze Procedures TwoFactorAuth.org website

30 ID Theft and Data Breach Mitigation Jeremy Gilbert, GCFE, GASF, EnCE, CPA Manager, DHG IT Advisory

Download ppt "Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk."

Similar presentations

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.

Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
By Derek Hahn Washington State Director of Finance and Ian Newby Lake Stevens Member In 3-D.

By Derek Hahn Washington State Director of Finance and Ian Newby Lake Stevens Member In 3-D.
Fighting Back Against Identity Theft A Presentation for CSM564 – Dr. Price By Matt Poole.

Fighting Back Against Identity Theft A Presentation for CSM564 – Dr. Price By Matt Poole.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
Presented By www.fmfcu.org/drexel Drexel and FMFCU.

Presented By Drexel and FMFCU.
Identity Theft Presented by Christina Williams and Lazaro Juarez Orange County’s Credit Union.

Identity Theft Presented by Christina Williams and Lazaro Juarez Orange County’s Credit Union.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
National Association of Student Financial Aid Administrators The following is a presentation prepared for NASFAA’s 2007 Conference in Washington, DC July.

National Association of Student Financial Aid Administrators The following is a presentation prepared for NASFAA’s 2007 Conference in Washington, DC July.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Red Flags Rule & Municipal Utilities

Red Flags Rule & Municipal Utilities
Identity Theft Someone steals your personal information for his/her own gain It’s a crime!

Identity Theft Someone steals your personal information for his/her own gain It’s a crime!
Identity Theft consumer.gov. What is identity theft? When someone uses information about you without your permission. The information can be your: – Name.

Identity Theft consumer.gov. What is identity theft? When someone uses information about you without your permission. The information can be your: – Name.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Section 6.3 Protecting Your Credit. Billing Errors and Disputes Notify your creditor in writing Notify your creditor in writing Pay the portion of the.

Section 6.3 Protecting Your Credit. Billing Errors and Disputes Notify your creditor in writing Notify your creditor in writing Pay the portion of the.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

Similar presentations

Ads by Google