Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security in the Mortgage Industry

Published byValentine Homer Mathews Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Security in the Mortgage Industry"— Presentation transcript:

1 Cyber Security in the Mortgage Industry
… and What YOU Can Do About It April 3, 2018 Page 1

2 Who Am I? Chief Information Security Officer for Pulte Financial Services Pulte Mortgage PGP Title Pulte Insurance Agency Over 18 year in Information Security IT Managed Services, Telecom, Energy, Healthcare, and Financial Services Former Denver Chapter and International Board member for the Information Systems Security Association (ISSA) Co-host of the Colorado = Security Podcast Page 2

3 Cyber Security Goals Protect Confidentiality Integrity Availability
Limit impact to usability and speed Limit impact to user bad choices Page 3

4 Recent Security Events

5 Equifax Breach 143 Million consumers affected
Unpatched Application (Apache Struts) Poor incident response What we can learn from this: Vulnerability management isn’t “one guy’s job” Incident response must be practiced Page 5

6 Facebook Data Leakage 87 Million users affected
Not actually a data breach Lack of control processes What we can learn from this: Understand data flows Legal agreements don’t prevent incidents Communication needs to be part of incident response Page 6

7 DeepRoot Analytics Breach
198M US citizens’ data PII but not SSNs Amazon cloud storage left unprotected What we can learn from this: You are responsible for security in the cloud Correlated public data can be dangerous Page 7

8 SEC EDGAR DB Breach EDGAR DB breached in 2016
Access to non-public financial information Information led to stock trading gains What we can learn from this: Attackers follow the money Financial gain not limited to PII or credit card numbers Page 8

9 Security Trends

10 Ransomware Ransomware ~60% malware payloads ransomware WannaCry
Ransomware-as-a-service Healthcare especially hard hit What we can learn from this: Don’t allow SMB from the Internet Upgrade malware defenses Take away admin rights Page 10

11 Availability Attacks NotPetya caused significant damage
BickerBot “bricked” over 10 million devices IoT used in DDoS networks What we can learn from this: Availability attacks rising Incident response IoT security Page 11

12 Wire Fraud Phishing is easy Over $1B in real estate wire fraud
Realtors are big targets What we can learn from this: Path of least resistance Very little data needed Make attackers work harder Page 12

13 Blockchain Blockchain is going to save the world Cryptomining malware
Attackers follow the money What we can learn from this: Account for attacks using resources Secure blockchain technologies Secure digital wallets Page 13

14 Takeaways Basics are important and we still don’t do them well
Proper incident response can make or break you Your data is everywhere Attackers will follow the money Page 14

15 How Do We Solve These Problems?
Page 15

16 Security Program NIST Cybersecurity Framework
MBA’s “The Basic Components of an Information Security Program” Risk Based Metrics 3rd party oversight Dedicated Security Personnel Page 16

17 Incident Response Plan
What do you do when you suspect a problem? Who do you involve? What do you do when you know you have a problem? Who do you contact and how fast? Practice, practice, practice Page 17

18 Multi-Factor Authentication
A single secret isn’t good enough for most cases Makes account compromise much more difficult Use a modern MFA (or even risk based) product NIST Digital Identity Guidelines Page 18

19 Attack Surface Reduction
Threat Modeling Only collect and share the data you need Least privilege access Segmentation DMARC Page 19

20 Data Security Know where your data is stored Know your data flows
Encryption Know what 3rd parties you share data with Page 20

21 Questions? Contact Email: alex.wood@pulte.com Twitter: @abwoodrow
Website: Page 21

Download ppt "Cyber Security in the Mortgage Industry"

Similar presentations

David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.

Emerging Trends: Cyber Threats Bryan Sheppard Cyber Security Defense Center.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Friday, October 23, 2015. Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.

Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
New A.M. Best Cyber Questionnaire

New A.M. Best Cyber Questionnaire
FFIEC Cyber Security Assessment Tool

FFIEC Cyber Security Assessment Tool
Security A Payments Perspective Terry Dooley EVP & CIO SHAZAM Network.

Security A Payments Perspective Terry Dooley EVP & CIO SHAZAM Network.
The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.

The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.
Information Security January 2016. What is Information Security?  Information Security is about the physical security of our equipment and networks as.

Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.
Online Banking. Learning Objectives To learn how society has been affected by online banking.

Online Banking. Learning Objectives To learn how society has been affected by online banking.
Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.

Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.
November 14, 2016 bit.ly/nercomp_defendingyourdata16

November 14, 2016 bit.ly/nercomp_defendingyourdata16
Your Partner for Superior Cybersecurity

Your Partner for Superior Cybersecurity
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.

CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.

Similar presentations

Ads by Google