Download presentation
Presentation is loading. Please wait.
Published byMaryann Cameron Modified over 9 years ago
1
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013
2
Case Study Agenda Data Breach: A Targeted Attack State Response Lessons Learned 2
3
Data Breach: A Targeted Attack Attacker FTPd the files from the agency network. Attacker accessed a database server and copied/compressed targeted files. Attacker logged into the network via a Citrix gateway using valid credentials. Attacker maneuvered laterally within the network to identify potential targets. Attacker gained access through phishing and obtained privileged user credentials. 3
4
Data Breach: A Targeted Attack The attacker compromised a total of 44 systems The attacker used at least 33 unique pieces of malicious software and utilities to perform the attack and data theft activities The attacker remotely accessed DOR using at least four IP addresses The attacker used at least four valid DOR user accounts during the attack. This activity occurred over a period of 60 days SCDOR learned of the breach after being notified by law enforcement Nearly two-thirds of organizations learn they are breached from an external source. Source: Mandiant 4
5
Data Breach: A Targeted Attack On average, it is taking companies nearly three months (80 days) to discover a malicious breach and then more than four months (123 days) to resolve it. Source: Ponemon Institute In 2012, 38% of targets were attacked again once the original incident was remediated. Of the total cases Mandiant investigated in 2012, attackers lodged more than one thousand attempts to regain entry to former victims. Source: Mandiant 5
6
Data Breach: A Targeted Attack 3.8 million Soc. Security Numbers Compromised 400k Credit Card Numbers Compromised Due to the breach, the following were compromised: 6
7
Avg. Cost Per Breached Record: $194 Avg. Cost of Data Breach for an Organization: $5.5 million Source: Ponemon Institute 7
8
State Response: Executive Order #1 – October 26, 2012 Order: State Inspector General - Determine state security posture & how to improve it Interviews conducted, surveys completed Immediate steps provided to help prevent attacks ; 11 recommendations KEY FINDINGS: 1. Develop/implement a statewide info management security program. 2. Establish a federated model for governance. 3. Implement a CISO position to lead program development. 4. Hire a consultant to help the state develop an INFOSEC program 8
9
State Response: Executive Order #2 – November 14, 2012 Order: All 16 cabinet agencies to use DSIT monitoring services Monitor cabinet agencies on a 7x24 basis Upgrade tools and improve level of monitoring Work with agencies to be more proactive; stop flow of traffic if necessary 9
10
State Response Senate and House established cyber security sub-committees Senate Bill 334 – Extends Identity Theft Protection (credit monitoring) up to 10 years – Provides tax credits for individuals who choose to purchase independent identity theft protection and not be covered under the State’s plan – Creates an Identity Theft Unit within the Department of Consumer Affairs – Creates a Division of Information Security within the Budget and Control Board Chief Information Security Officer is appointed by the Governor w/ the advice and consent of the Senate – Creates a Technology Investment Council Plans, Standards and Architecture – Creates a Joint Information Security Oversight Committee Monitor laws, best practices 10
11
State Actions: RFP Issued December 2012 – State Budget and Control Board authorized RFP Hire a Security Expert to help the State develop an enterprise security program; agency assessments May 1 – Identify most serious vulnerabilities and provide recommendations; budget estimates Develop security framework, governance structure, policies/procedures, training requirements 11
12
Lessons Learned 1.Management of security needs to be more centralized in SC 2.Overall, state agencies recognize the need to improve their cyber security program 3.Attacks are becoming more frequent and aggressive – state governments are a target 4.We need to work together; share information 5.Funding is a key challenge (state governments average 1 to2 % of IT spend on Security; financial sector is approx. 6%) 6.Staffing is a key challenge (50% of state security organizations have 1- 5 employees; GFSI Study shows 47% have > 100 employees) 7.State agencies must do more to share status/security position with Leadership 12
13
Questions & Comments Jimmy Earley, Division Director Division of State Information Technology Phone: (803) 896-0222 Email: jearley@cio.sc.govjearley@cio.sc.gov
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.