SlideShare una empresa de Scribd logo

True Cost of Data Breaches

Matthew Rosenquist
Matthew Rosenquist

Matthew Rosenquist, Cybersecurity Strategist at Intel corp, presented at the 2016 iSMG Fraud and Data Breach summit in San Francisco

Tecnología
1 de 19
Descargar para leer sin conexión
Fraud and Data Breach Prevention Summit San Francisco Matthew Rosenquist | Intel Corp The True Cost of Data Breaches Not Just a Dollar-per-Record March 22-23, 2016 – San Francisco, CA
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit2 About the Speaker Matthew Rosenquist Cybersecurity Strategist and Evangelist Matthew Rosenquist is a cybersecurity strategist with a passion for his chosen profession. Benefiting from 25 years of experience in Fortune 100 corporations, he thrives at establishing strategic organizations and capabilities which deliver cost effective security capabilities. As a cybersecurity strategist, he champions the meaningfulness of security, advises on emerging opportunities and threats, and advocates an optimal balance of cost, controls, and productivity throughout the industry. Matthew is an outspoken evangelist of cybersecurity and strives to advance the protection of technology and users. His voice can be heard at conferences, in security whitepapers, videos, and numerous blogs. He specializes in strategic threat analysis, security planning, solution optimization, measuring security value, policy and compliance management, risk assessments, investigations, and crisis response.
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit3 “Sony's own network has been thoroughly penetrated and turned against it” “TalkTalk has been hacked, leaving thousands of customers at risk” It is a Data Breach World
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit4 It is a Data Breach World By 2020, 1.5+ billion people worldwide will be affected by data breaches Source: IDC
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit5 It is a Data Breach World In 2015, overt 700 million records were lost or stolen (that is 80k per hour) Source: Gemalto
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit6 It is a Data Breach World Top 10 Healthcare breaches of 2015, affected almost 35% of the US population Source: Office of Civil Rights
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit7 It is a Data Breach World Just for California… 171 breaches involving 24m million records (3 out of 5 Californians) Source: https://oag.ca.gov/breachreport2016#summary
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit8 Source: http://www.informationisbeautiful.net $252M $88M Size of a Breach Number of Records Lost Is only one aspect
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit9 Source: http://www.informationisbeautiful.net $252M $88M Severity Sensitivity of records lost Is an important consideration
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit10 Impacts of Data Breaches A number of aspects contribute to cascading impacts: • Incident Response Costs • Customer Satisfaction • Tarnished Reputation • Business Disruption • Loss of Leadership • Lower Stock Price • Regulatory Hurdles • Litigation • Opportunity Costs
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit11 Numbers and Models Vary Greatly Ponemon linear calculation Survey Data Costs are flat per record Year Cost per Record 2012 $130 2013 $136 2014 $145 2015 $154 Verizon DBIR variable calculation Costs scale based upon quantity Source: Ponemon Source: Verizon
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit12 Cost Estimates are Not Consistent Rough estimation of some numbers… The various cost models are not consistent or accurate for all cases Breach Records Ponemon Per Record Verizon Scale Model NetDilligence Calculator Reported or Estimated Loss Target 70000k $10800 million $15 million (.7m-$329m range) $345 million (IR & Cust Mgmt) $252m TalkTalk 150k $23 million $.7 million $3.2 million $88m Anthem 80000k $12300 million $17 million $478 million $100-$200m est.
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit13 Costs walkthrough • Every breach is different! • Big Costs: – Incident Response and customer risk mitigation (ex. credit monitoring) – Litigation, lawsuits, regulatory reviews, etc. – New security controls, insurance, auditing – Business impacts (customer loyalty, stock price, etc.) • Insurance coverage can offset some costs • Effective Incident Response can limit damages • Improved security can reduce recurrence risks Typical SMB Incident Response1: • Incident Response $25-$30k (A few days work for the pro’s) • Root cause analysis with infrastructure and policy recommendations: $100k (~10 weeks) • Does not include other costs… Source: Foundstone 1 Many factors at play, this is just a ballpark figure based on actual cases worked. Mileage will vary.
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit14 The Real Costs AspectsBreachImpacts&Recovery • Incident Response & Forensics • User Notification • Public Relations & brand protection • Crisis Management • Customer risk mitigation measures (new cards, password resets, credit watch, etc.) SecurityImprovement Investments • Prevention controls • Product/Service design & test (including vendors & 3rd parties) • Breach Insurance, audit, & certification • Management, staffing, oversight, and reporting BusinessDisruption& OpportunityCosts • Customer goodwill, trust • 3rd party (vendors and suppliers) relationships • Design for security costs and product-to-market delays • Security assurance overhead • Impacts to innovation • Leadership disruption • Marketing & new message campaigns
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit15 Response of Breach Victims Vary Risk Mitigation Crisis Management Incident Response Breach Discovery Management Oversight and Ownership Risk Assurance & Transfer Product & Service production Broader Risk Assessment Optimize security posture & costs Offset impacts to innovation and product delivery Plan & Prepare for future security incidents BASIC MATURE PROFESSIONAL
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit16 Recommendations • Secure the environment & data with industry best practices • Align/pre-stage resources (ex. legal, CERT, PR, management, etc.) • Plan for a breach, test response annually • Implement/tune Disaster Recovery and Business Continuity (DRBC) • Tighten data policies (retention, access, storage, oversight, etc.) • Evaluate cyber data-breach insurance • Risk assessment for vendor and suppliers weaknesses
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit17 Future data security challenges • More data breaches! (both indirect targeting and directed attacks) • Secondary attacks against previous victims, who have not taken proper steps to secure their environment • Tuning of insurance rates and coverage • Integrity attacks gain momentum (ex. ransomware, CEO email fraud, transaction tampering, etc.)
Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit18 Conclusions • The risks of Data Breaches are real and broadening • Actual costs of Data Breaches are more complex than the perception • Eventually everyone will experience a loss… • Manage your Risks! (this greatly determines the amount of loss) • Common sense applies: – Follow industry best-known-methods to secure data to reduce risks – Organize and prepare. Be proactive! – React quickly with professionals (organic or external) to limit losses – Apply learnings to protect from recurrence …Yes, this means you!
Thank You for Attending!

Recomendados

Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
Matthew Rosenquist
 
Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014
Symantec
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Matthew Rosenquist
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016
Matthew Rosenquist
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
Matthew Rosenquist
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
Matthew Rosenquist
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 

Recomendados

Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
Matthew Rosenquist
 
Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014Symantec Intelligence Report - October 2014
Symantec Intelligence Report - October 2014
Symantec
 
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistTop 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Top 10 cybersecurity predictions for 2016 by Matthew Rosenquist
Matthew Rosenquist
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016
Matthew Rosenquist
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
Matthew Rosenquist
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
Matthew Rosenquist
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
Bloxx
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
PECB
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
IBM Security
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Matthew Rosenquist
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew Rosenquist
Matthew Rosenquist
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
PECB
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for Investors
OurCrowd
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
PECB
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
Matthew Rosenquist
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sector
Olivier Busolini
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist
Matthew Rosenquist
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - Cybersecurity
AbhilashYadav14
 
Cyber security
Cyber securityCyber security
Cyber security
Vaibhav Jain
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016
DWP Information Architects Inc.
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
IBM Security
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
Inderjeet Singh
 
2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist
Matthew Rosenquist
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
PECB
 
Diversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
Diversity in Cybersecurity Education - 2016 ICT keynote - M.RosenquistDiversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
Diversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
Matthew Rosenquist
 
Intel® Xeon® Processor E7-8800/4800 v4 EAMG 2.0
Intel® Xeon® Processor E7-8800/4800 v4 EAMG 2.0Intel® Xeon® Processor E7-8800/4800 v4 EAMG 2.0
Intel® Xeon® Processor E7-8800/4800 v4 EAMG 2.0
Intel IT Center
 

Más contenido relacionado

La actualidad más candente

Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
PECB
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
IBM Security
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
PECB
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for Investors
OurCrowd
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
PECB
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
IBM Security
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
PECB
 

La actualidad más candente (20)

Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew Rosenquist
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for Investors
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew Rosenquist
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
cybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sectorcybersecurity strategy planning in the banking sector
cybersecurity strategy planning in the banking sector
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - Cybersecurity
 
Cyber security
Cyber securityCyber security
Cyber security
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist2017 InfraGard Atlanta Conference - Matthew Rosenquist
2017 InfraGard Atlanta Conference - Matthew Rosenquist
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 

Destacado

Disrupting the Data Center: Unleashing the Digital Services Economy
Disrupting the Data Center: Unleashing the Digital Services EconomyDisrupting the Data Center: Unleashing the Digital Services Economy
Disrupting the Data Center: Unleashing the Digital Services Economy
Intel IT Center
 
Intel® Xeon® Processor E5-2600 v4 Product Family EAMG
Intel® Xeon® Processor E5-2600 v4 Product Family EAMGIntel® Xeon® Processor E5-2600 v4 Product Family EAMG
Intel® Xeon® Processor E5-2600 v4 Product Family EAMG
Intel IT Center
 

Destacado (11)

Diversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
Diversity in Cybersecurity Education - 2016 ICT keynote - M.RosenquistDiversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
Diversity in Cybersecurity Education - 2016 ICT keynote - M.Rosenquist
 
Intel® Xeon® Processor E7-8800/4800 v4 EAMG 2.0
Intel® Xeon® Processor E7-8800/4800 v4 EAMG 2.0Intel® Xeon® Processor E7-8800/4800 v4 EAMG 2.0
Intel® Xeon® Processor E7-8800/4800 v4 EAMG 2.0
 
Data breach at sony
Data breach at sonyData breach at sony
Data breach at sony
 
Three Steps to Making a Digital Workplace a Reality
Three Steps to Making a Digital Workplace a RealityThree Steps to Making a Digital Workplace a Reality
Three Steps to Making a Digital Workplace a Reality
 
Disrupting the Data Center: Unleashing the Digital Services Economy
Disrupting the Data Center: Unleashing the Digital Services EconomyDisrupting the Data Center: Unleashing the Digital Services Economy
Disrupting the Data Center: Unleashing the Digital Services Economy
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples Story
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on Sony
 
Sony Corporation:
Sony Corporation:Sony Corporation:
Sony Corporation:
 
Sony Playstation Hack Presentation
Sony Playstation Hack PresentationSony Playstation Hack Presentation
Sony Playstation Hack Presentation
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Intel® Xeon® Processor E5-2600 v4 Product Family EAMG
Intel® Xeon® Processor E5-2600 v4 Product Family EAMGIntel® Xeon® Processor E5-2600 v4 Product Family EAMG
Intel® Xeon® Processor E5-2600 v4 Product Family EAMG
 

Similar a True Cost of Data Breaches

{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
Taiye Lambo
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls Presentation
Bill Lisse
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
Scott Geye
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Randall Chase
 
Core Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBCore Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MB
Alan Greggo
 

Similar a True Cost of Data Breaches (20)

{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls Presentation
 
Preparing for the Inevitable
Preparing for the InevitablePreparing for the Inevitable
Preparing for the Inevitable
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress Nyc
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
 
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPAREDDATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
 
Nearly 80 billion dollars were spent in 2016 to fight cybercrime
Nearly 80 billion dollars were spent in 2016 to fight cybercrimeNearly 80 billion dollars were spent in 2016 to fight cybercrime
Nearly 80 billion dollars were spent in 2016 to fight cybercrime
 
CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
 
Security Industry Overview
Security Industry OverviewSecurity Industry Overview
Security Industry Overview
 
Core Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MBCore Elements of Retail LP Shortened version 15MB
Core Elements of Retail LP Shortened version 15MB
 

Más de Matthew Rosenquist

Improving Healthcare Risk Assessments to Maximize Security Budgets
Improving Healthcare Risk Assessments to Maximize Security BudgetsImproving Healthcare Risk Assessments to Maximize Security Budgets
Improving Healthcare Risk Assessments to Maximize Security Budgets
Matthew Rosenquist
 
2015 August - Intel Security McAfee Labs Quarterly Threat Report
2015 August - Intel Security McAfee Labs Quarterly Threat Report2015 August - Intel Security McAfee Labs Quarterly Threat Report
2015 August - Intel Security McAfee Labs Quarterly Threat Report
Matthew Rosenquist
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Matthew Rosenquist
 

Más de Matthew Rosenquist (17)

Improving Healthcare Risk Assessments to Maximize Security Budgets
Improving Healthcare Risk Assessments to Maximize Security BudgetsImproving Healthcare Risk Assessments to Maximize Security Budgets
Improving Healthcare Risk Assessments to Maximize Security Budgets
 
Six Scenarios How Russia May Use Nukes.pdf
Six Scenarios How Russia May Use Nukes.pdfSix Scenarios How Russia May Use Nukes.pdf
Six Scenarios How Russia May Use Nukes.pdf
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity Predictions
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats Predictions
 
Cybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree ProgramsCybersecurity Curricula Guidelines for Post-Secondary Degree Programs
Cybersecurity Curricula Guidelines for Post-Secondary Degree Programs
 
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...
How Cyber Attacks are Changing Security - CSE ISCWest 2017 - Matthew Rosenqui...
 
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew Rosenquist
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew RosenquistCybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew Rosenquist
Cybersecurity Risks and Recommendations - PSA TEC 2017 - Matthew Rosenquist
 
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...
2019 Keynote at the Techno Security and Digital Forensics Conference - The Ve...
 
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018
Preparing for the Next Evolutions of Ransomware - Matthew Rosenquist 2018
 
2015 August - Intel Security McAfee Labs Quarterly Threat Report
2015 August - Intel Security McAfee Labs Quarterly Threat Report2015 August - Intel Security McAfee Labs Quarterly Threat Report
2015 August - Intel Security McAfee Labs Quarterly Threat Report
 
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
 
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

True Cost of Data Breaches

  • 1. Fraud and Data Breach Prevention Summit San Francisco Matthew Rosenquist | Intel Corp The True Cost of Data Breaches Not Just a Dollar-per-Record March 22-23, 2016 – San Francisco, CA
  • 2. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit2 About the Speaker Matthew Rosenquist Cybersecurity Strategist and Evangelist Matthew Rosenquist is a cybersecurity strategist with a passion for his chosen profession. Benefiting from 25 years of experience in Fortune 100 corporations, he thrives at establishing strategic organizations and capabilities which deliver cost effective security capabilities. As a cybersecurity strategist, he champions the meaningfulness of security, advises on emerging opportunities and threats, and advocates an optimal balance of cost, controls, and productivity throughout the industry. Matthew is an outspoken evangelist of cybersecurity and strives to advance the protection of technology and users. His voice can be heard at conferences, in security whitepapers, videos, and numerous blogs. He specializes in strategic threat analysis, security planning, solution optimization, measuring security value, policy and compliance management, risk assessments, investigations, and crisis response.
  • 3. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit3 “Sony's own network has been thoroughly penetrated and turned against it” “TalkTalk has been hacked, leaving thousands of customers at risk” It is a Data Breach World
  • 4. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit4 It is a Data Breach World By 2020, 1.5+ billion people worldwide will be affected by data breaches Source: IDC
  • 5. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit5 It is a Data Breach World In 2015, overt 700 million records were lost or stolen (that is 80k per hour) Source: Gemalto
  • 6. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit6 It is a Data Breach World Top 10 Healthcare breaches of 2015, affected almost 35% of the US population Source: Office of Civil Rights
  • 7. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit7 It is a Data Breach World Just for California… 171 breaches involving 24m million records (3 out of 5 Californians) Source: https://oag.ca.gov/breachreport2016#summary
  • 8. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit8 Source: http://www.informationisbeautiful.net $252M $88M Size of a Breach Number of Records Lost Is only one aspect
  • 9. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit9 Source: http://www.informationisbeautiful.net $252M $88M Severity Sensitivity of records lost Is an important consideration
  • 10. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit10 Impacts of Data Breaches A number of aspects contribute to cascading impacts: • Incident Response Costs • Customer Satisfaction • Tarnished Reputation • Business Disruption • Loss of Leadership • Lower Stock Price • Regulatory Hurdles • Litigation • Opportunity Costs
  • 11. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit11 Numbers and Models Vary Greatly Ponemon linear calculation Survey Data Costs are flat per record Year Cost per Record 2012 $130 2013 $136 2014 $145 2015 $154 Verizon DBIR variable calculation Costs scale based upon quantity Source: Ponemon Source: Verizon
  • 12. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit12 Cost Estimates are Not Consistent Rough estimation of some numbers… The various cost models are not consistent or accurate for all cases Breach Records Ponemon Per Record Verizon Scale Model NetDilligence Calculator Reported or Estimated Loss Target 70000k $10800 million $15 million (.7m-$329m range) $345 million (IR & Cust Mgmt) $252m TalkTalk 150k $23 million $.7 million $3.2 million $88m Anthem 80000k $12300 million $17 million $478 million $100-$200m est.
  • 13. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit13 Costs walkthrough • Every breach is different! • Big Costs: – Incident Response and customer risk mitigation (ex. credit monitoring) – Litigation, lawsuits, regulatory reviews, etc. – New security controls, insurance, auditing – Business impacts (customer loyalty, stock price, etc.) • Insurance coverage can offset some costs • Effective Incident Response can limit damages • Improved security can reduce recurrence risks Typical SMB Incident Response1: • Incident Response $25-$30k (A few days work for the pro’s) • Root cause analysis with infrastructure and policy recommendations: $100k (~10 weeks) • Does not include other costs… Source: Foundstone 1 Many factors at play, this is just a ballpark figure based on actual cases worked. Mileage will vary.
  • 14. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit14 The Real Costs AspectsBreachImpacts&Recovery • Incident Response & Forensics • User Notification • Public Relations & brand protection • Crisis Management • Customer risk mitigation measures (new cards, password resets, credit watch, etc.) SecurityImprovement Investments • Prevention controls • Product/Service design & test (including vendors & 3rd parties) • Breach Insurance, audit, & certification • Management, staffing, oversight, and reporting BusinessDisruption& OpportunityCosts • Customer goodwill, trust • 3rd party (vendors and suppliers) relationships • Design for security costs and product-to-market delays • Security assurance overhead • Impacts to innovation • Leadership disruption • Marketing & new message campaigns
  • 15. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit15 Response of Breach Victims Vary Risk Mitigation Crisis Management Incident Response Breach Discovery Management Oversight and Ownership Risk Assurance & Transfer Product & Service production Broader Risk Assessment Optimize security posture & costs Offset impacts to innovation and product delivery Plan & Prepare for future security incidents BASIC MATURE PROFESSIONAL
  • 16. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit16 Recommendations • Secure the environment & data with industry best practices • Align/pre-stage resources (ex. legal, CERT, PR, management, etc.) • Plan for a breach, test response annually • Implement/tune Disaster Recovery and Business Continuity (DRBC) • Tighten data policies (retention, access, storage, oversight, etc.) • Evaluate cyber data-breach insurance • Risk assessment for vendor and suppliers weaknesses
  • 17. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit17 Future data security challenges • More data breaches! (both indirect targeting and directed attacks) • Secondary attacks against previous victims, who have not taken proper steps to secure their environment • Tuning of insurance rates and coverage • Integrity attacks gain momentum (ex. ransomware, CEO email fraud, transaction tampering, etc.)
  • 18. Fraud and Data Breach Prevention Summit San Francisco #ISMGFraudSummit18 Conclusions • The risks of Data Breaches are real and broadening • Actual costs of Data Breaches are more complex than the perception • Eventually everyone will experience a loss… • Manage your Risks! (this greatly determines the amount of loss) • Common sense applies: – Follow industry best-known-methods to secure data to reduce risks – Organize and prepare. Be proactive! – React quickly with professionals (organic or external) to limit losses – Apply learnings to protect from recurrence …Yes, this means you!
  • 19. Thank You for Attending!