Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk.

Similar presentations


Presentation on theme: "Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk."— Presentation transcript:

1 ID Theft and Data Breach Mitigation Jeremy Gilbert, GCFE, GASF, EnCE, CPA

2 Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk

3 Consumer Identity Theft Issues

4 Consumer ID Theft Statistics
ID theft up 16% in In 2014, IRS paid $5.8 billion in fraudulent refunds 2 Virginia: 56,000 PHI records stolen since 1 Federal Trade Commission 2 Government Accountability Office 3 US Department of Health and Human Services Office for Civil Rights

5 How to Respond to ID Theft
File a police report File a complaint with the FTC File form with the IRS Place fraud alert on your credit report Consider a credit freeze Dispute fraudulent accounts Contact your creditors

6 Personal carelessness External hackers Data breaches
How Your ID is Stolen Personal carelessness External hackers Data breaches Your information is for sale Social engineering Targeting either you or someone you do business with Social engineering example

7 Fusion: Real Future, episode 8

8 The Price of Your Identity
Common prices for ID information: US “Fullz” - $30 Health Insurance Credentials - $20 Bank account with $75,000 - less than $300 Date of birth - $11 Credit card account - $4 to $13 Source: Dell SecureWorks

9 Protecting Yourself Never re-use passwords Guard personal information Use multi-factor authentication Set account access PINs at phone and utility providers Never re-use passwords, seriously

10 Data Breach Trends

11 2015 Data Breaches Xoom: Victim of $31 million Business Compromise (BEC)

12 Anthem and Premara breaches US Office of Personnel Management
Recent Data Breaches Anthem and Premara breaches 80 million and 11 million PHI records US Office of Personnel Management 21 million victims Ashley Madison Equifax 143 million “customers”

13 Phishing and Spear Phishing attacks
Breach Methods Phishing and Spear Phishing attacks 13% of users will click on links in Phishing s1 Stolen, weak, or default credentials Used in 63% of breaches 1 Verizon 2016 Data Breach Investigations Report

14 Point of sale intrusions/card skimmers
Breach Methods Web app attacks Attacks against existing pages Hacking servers to host malicious pages Point of sale intrusions/card skimmers Used to scrape credit card data Target, Home Depot, Hilton Worldwide Insider attacks

15 Deliberate cyber attack
Breach Methods Mistakes Accidental misdelivery Physical theft Malware Malvertising Deliberate cyber attack Industrial espionage

16 Cost of a Breach Average breach cost:1 Notable exceptions:
Small businesses: $86,500 Large businesses: $861,000 Notable exceptions: Anthem Healthcare: $5.55 million fine Cost of Target breach: $252 million Equifax 2017 breach: estimated $300 million to $4 billion 1 Kaspersky Labs survey

17 Laws and Regulations

18 Careful With the Word “Breach”
Breach has legal meaning Suggests you may have legal liability Security teams should use “Security Incident” until it’s determined a breach has occurred

19 Federal Laws and National Regulations
HIPPA-HITECH Healthcare data (PHI) FTC Red Flags Rule Applies to financial institutions PCI-DSS Payment cards FISMA Applies to federal contractors

20 All vary in timing, method, and extent of notice required Virginia
State Laws 48 different state laws All vary in timing, method, and extent of notice required Virginia If breach of PII is identified Must notify Virginia Attorney General and all affected Virginia residents

21 Assessing and Mitigating Your Risk

22 77% of business have suffered some form of data loss1
Assessing Your Risk 77% of business have suffered some form of data loss1 Matter of when, not if Higher risk if you handle Financial information Healthcare data 1 Kaspersky Labs survey

23 Information Security Lifestyle

24 Security Process Identify
Assess Your IT Environment and understand nature of your data Understand industry and regulatory compliance requirements Perform Information Security Risk Assessment

25 Protect the Environment
Implement Controls Based Upon Security Risk Assessment Physical Technical Administrative Assign Roles & Responsibilities for Maintaining Controls

26 Detect Incidents Monitoring & Event Logging Functions
Automated Solutions Where Possible, But….. Tailor Alerting to Limit False Positives! We love our automated alerting systems, don’t we? Useless unless they are customized to the environment and normal system behavior.

27 Respond to Incidents Execution of Incident Response Plan
Strong Response Capabilities Can Limit Impact Understand Specific Reporting Requirements and Key Contacts Response procedures: Target Example

28 Recover Recover Plans and Activities to Restore Business Services
Recovery Planning Key to Organizational Resilience Work with Contracting Officers and Authorities

29 Additional Resources FTC Guide for Assisting Identity Theft Victims
FTC Consumer ID Theft Guide IdentityTheft.gov Experian Credit Freeze Procedures Equifax Credit Freeze Procedures TransUnion Credit Freeze Procedures TwoFactorAuth.org website

30 ID Theft and Data Breach Mitigation Jeremy Gilbert, GCFE, GASF, EnCE, CPA Manager, DHG IT Advisory


Download ppt "Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk."

Similar presentations


Ads by Google