SlideShare una empresa de Scribd logo

November 2017: Part 6

S
seadeloitte

Cyber risks troubling organisations The document discusses data breaches, how they occur, and common types like insider leaks and payment card fraud. It provides a case study on Anthem, a large US health insurer that suffered a major data breach in 2015 affecting 80 million customers. Anthem ultimately paid $115 million to settle lawsuits. The document concludes with lessons learned from the Anthem breach and recommendations for preventing data breaches like maintaining system documentation, having an IT security framework, and conducting continuous auditing.

Empresariales
1 de 10
Cyber risks troubling organisations Supplementary Reading November 2017
Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 2 What is a Data Breach? A data breach is an incident that involves the unauthorized or illegal viewing, access or retrieval of data by an individual, application or service. It is a type of security breach specifically designed to steal and/or publish data to an unsecured or illegal location. How does a Data Breach occur? A data breach occurs when an unauthorized hacker or attacker accesses a secure database or repository. Data breaches are typically geared toward logical or digital data and often conducted over the Internet or a network connection. A data breach may result in data loss, including financial, personal and health information. A hacker may also use stolen data to impersonate himself to gain access to a high security area. For example, a hacker's data breach of a network administrator's login credentials can result in access of an entire network. Definition of Data Breaches "There was no evidence of hacking or that the perpetrator had deployed any brute force attacks," the PDPC said in its grounds of decision. https://www.techopedia.com/definition/13601/data-breach http://www.channelnewsasia.com/news/business/ion-orchard-fined-s-15-000-over-customer-data-breach-9010072
Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 3 Insider Leaks & Unintended Disclosure Insider leaks can be a result of negligence or malicious intent. In order to prevent such a situation, it is vital to educate employees and establishing policies with periodical compliance audits. This is to lower the risk of confidential information falling into the wrong hands. Payment Card Fraud Many cases of stolen credit card information have been reported over the year including the most recent Uber case. Some simple ways to avoid it happening to you include; shredding anything with your credit card number and personal identifiable information on it, avoid giving out your card information, review your billing statements every month and checking ATMs for card skimmers. Combating Common Types of Data Breaches http://uk.businessinsider.com/kpmg-fires-6-people-over-unethical-leaks-of-audit-checks-2017-4/?IR=T https://iapp.org/news/a/2006-10-the-insider-threat-how-to-ensure-information-security-mitigate/ http://www.miamiherald.com/news/local/community/miami-dade/hialeah/article186649473.html https://www.thebalance.com/ways-avoid-credit-card-fraud-960797 https://www.scmagazineuk.com/sowbug-apt-uses-felismus-backdoor-to-for-cyber-espionage-operations/article/706098/ https://www.forbes.com/sites/thomasbrewster/2017/11/27/chinese-hackers-accused-of-siemens-moodys-trimble-hacks/#7133293819ef
Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 4 Case Study: Anthem pays $115M to settle data breach "The Anthem breach and investigation afterward demonstrate how important it is for organizations to clean up and tighten the access control measures and the value of two factor authentication,“ says Mac Mcmillan, CEO of Security Consulting Firm - CynergisTek Information about the case: • Anthem, US largest healthcare insurance company has agreed to settle a class action lawsuit over a 2015 data breach for $115M • The 2015 breach resulted in exposure and theft of nearly 80 millions records, including client names, date of birth, physical & email addresses • Hackers used a stolen password and broke into Anthem’s database using a customized malware containing information of former and current customers • Customized malware is used to infiltrate Anthem’s databases https://www.cnet.com/news/anthem-would-pay-record-115m-to-settle-data-breach-suit/ http://securityaffairs.co/wordpress/60464/data-breach/anthem-115m-settlement.html https://www.bankinfosecurity.com/new-in-depth-analysis-anthem-breach-a-9627 News & information on Anthem which has gone viral online:
Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 5 Conclusion: Referring to the timeline, Anthem was breached more than once. There could be a probability that these cyber attacks are linked to one another. Resolving a cyber attack requires a long time, even years of research and investigation. This is highly dependent on how malicious and severe the attack is. The amount of time taken for Anthem to settle their legal costs, investigations and to salvage the loss of reputation due to the data breach took 7 years and they are still trying to settle the cost of the breach now. Case study: Anthem attack timeline https://www.usatoday.com/story/tech/2015/02/05/anthem-health-care-computer-security-breach-fine-17-million/22931345/ https://www.bloomberg.com/news/articles/2017-06-23/anthem-reaches-115-mln-settlement-in-massive-data-breach-case https://www.forbes.com/sites/brucejapsen/2014/12/03/wellpoint-name-change-to-anthem-official-reflects-brand/#7fd3424dcd54 "The personally identifiable information that HIPAA-covered health plans maintain on enrollees and members — including names and Social Security Numbers — is protected under HIPAA, even if no specific diagnostic or treatment information is disclosed," said Rachel Seeger, a senior HHS adviser. Wellpoint’s data breach of disclosure of personal information affected 612,000 people Cyber attackers gained access to the company’s computers & customer’s private information which affected 80 million customers Anthem settles 2015 Data Breach for $115 million Wellpoint changed name to Anthem. Malware samples used indicate attacks from China hacker group “Deep Panda” 2010 2014 2015 2017
Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 6 Lessons learnt: The Impact on Anthem Impact on Anthem: • Loss of customer relationships • Loss of intellectual property • Lost value of customer relationships • Loss of reputation • Loss of trust towards employees as the culprit misused company data • Cost of Attorney Fees & Litigation • Risk of cyber attackers disguising themselves as customers to make medical claims Impact on customers: • Risk of theft identity from cyber attackers, making claims from Anthem using their name • Loss of trust towards Anthem • Loss of personal confidential information
Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 7 What to do after a Data Breach? “Business continuity management continues to play an important role in determining the impact of data breaches that put organizations at risk worldwide,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. 1) Determine what was stolen. You'll need to pin down exactly what kind of information was lost in the data breach. Understand the severity of the breach and determine the kind of attack which has been executed. 2) Change all affected passwords. If an online account has been compromised, change the password on that account right away. If you used the same password for any other accounts, change those as well, and make up a new, strong password for each and every account. 3) Contact relevant financial institutions. If a payment-card number has been stolen, contact the bank or organization that issued the card immediately. 4) Check for IT systems failure. Routinely assess vulnerabilities in your IT environment. Steps should be taken to find hidden sources, work down the layers of infrastructure to identify the servers and understand the network devices which your hardware and applications depend on and apply business and technology context to scanner results. https://www.tomsguide.com/us/data-breach-to-dos,news-18007.html https://blog.barkly.com/data-breach-crisis-communication-plan-strategy. https://www.classaction.com/data-breach/lawsuit/ http://focus.forsythe.com/articles/211/8-Steps-to-an-Effective-Vulnerability-Assessment http://www.healthcareitnews.com/news/ponemon-business-continuity-management-vital-data-breach-recovery
Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 8 What to do after a Data Breach? Cont’d “Don’t be caught off guard when the next data breach affecting your firm comes to light. Be prepared.”says Caleb Barlow, Vice President at IBM Security 5) Manage the crisis communication. Have a unique strategy planned out for each crisis, the upper management should determine when should they communicate and admit the breach. Effective planning and execution of a data breach may help to salvage the situation. An organisation needs to admit the breach and then prepare for it. 6) Have an incident response plan. A successful IR plan should involve people who take ownership and maintain the documentation. This will ensure a smooth transition from the planned initiative to business-as-usual. A basic incident response plan is akin to building a muscle memory. It requires the following: - Internal team to follow and document the breach - Identity external data security resources - Create a checklist - Track key breach-related rights, obligations & deadlines - Review & update response plan regularly 7) Determine whether legal action is necessary. Only a licensed attorney will determine if an organisation is eligible for a data breach lawsuit. The attorney will also see if any state laws have been violated. https://www.classaction.com/data-breach/lawsuit/ https://digitalguardian.com/blog/incident-response-plan http://fortune.com/2016/06/15/data-breach-cost-study-ibm/
Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 9 3 Ways to Prevent a Data Breach The public data breach lists are a symptom of a deeper problem: U.S. cybersecurity laws place a disproportionate emphasis on notifying the public after a breach has occurred. While notice always will play a role in remediating harm, policymakers should shift their focus to preventative measures, such as more robust and clearer data security standards and incentives for investments in cybersecurity.. 1) Ensure that changes are documented The main key to visibility across the entire IT infrastructure is to keep a complete audit trail of system activities and changes made. Remember that the human factor is always a pain point in security and consider thorough documentation of user activity as a solution to reduce the risk of employees’ negligence. 2) Have an IT Security Framework. This is a set of documented policies and procedures that govern the implementation and ongoing management of an organization’s security. Think of it as a blueprint or operator’s guide for security. Majority of the damage is usually caused by simple mistakes, such as unintended or unauthorized actions of legitimate users and IT engineers who are either untrained in security, and/or who misunderstood the instructions from the management. 3) Audit and evaluate your environment continuously Auditing procedures are of little value if they are done only occasionally. Continuous auditing of user activities and changes made to data and system configurations helps to avoid critical mistakes that might potentially damage security and service uptime. Analytics built upon this knowledge helps to detect security incidents and find the root cause of each violation. In addition, continuous monitoring provides irrefutable proof that your security policies are in place and always have been), which is very handy when needing to pass compliance audits. https://www.netwrix.com/the_three_best_ways_to_prevent_a_data_breach.html https://techcrunch.com/2017/05/09/prevent-data-breaches-dont-just-report-them/ http://www.hypeorripe.com/2017/04/07/what-is-a-common-security-framework-csf/ http://www.tns.com/it_security_framework.asp
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte’s more than 244,000 professionals are committed to becoming the standard of excellence. This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of this communication, rendering professional advice or services. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication. © 2017. For information, contact Deloitte Touche Tohmatsu Limited

Recomendados

December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 
June 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be YouJune 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be Youseadeloitte
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementseadeloitte
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 

Recomendados

December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 
June 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be YouJune 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be Youseadeloitte
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementseadeloitte
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021lior mazor
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013- Mark - Fullbright
 
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...MZERMA Amine
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014- Mark - Fullbright
 
Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?CBIZ, Inc.
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03Skillspire LLC
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10Skillspire LLC
 
UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013Martin Jordan
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowTechSoup
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsKim Jensen
 
Hacking3e ppt ch15
Hacking3e ppt ch15Hacking3e ppt ch15
Hacking3e ppt ch15Skillspire LLC
 
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012Charmaine Servado
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDFBan Selvakumar
 

Más contenido relacionado

La actualidad más candente

Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021lior mazor
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...MZERMA Amine
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014- Mark - Fullbright
 
Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?CBIZ, Inc.
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013Martin Jordan
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowTechSoup
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsKim Jensen
 
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012Charmaine Servado
 

La actualidad más candente (20)

Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious Game
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of Directors
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutions
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014
 
Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?Cybersecurity: How Safe Is Your Organization?
Cybersecurity: How Safe Is Your Organization?
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 Aitp
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10
 
UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013UK Cyber Vulnerability Index 2013
UK Cyber Vulnerability Index 2013
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
 
Hacking3e ppt ch15
Hacking3e ppt ch15Hacking3e ppt ch15
Hacking3e ppt ch15
 
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
 

Similar a November 2017: Part 6

Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Intro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docxIntro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docxnormanibarber20063
 
Information AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxInformation AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxjaggernaoma
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfProtected Harbor
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfgalagirishp
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBaker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBakerTillyConsulting
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems- Mark - Fullbright
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaLizbethQuinonez813
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 

Similar a November 2017: Part 6 (20)

Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Intro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docxIntro to Information AssuranceModule 3Chaston Carter0417.docx
Intro to Information AssuranceModule 3Chaston Carter0417.docx
 
Information AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxInformation AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docx
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
IBM Security Services
IBM Security ServicesIBM Security Services
IBM Security Services
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurity
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBaker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in Cybersecurity
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expa
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 

Más de seadeloitte

Celebrating our people – Marites Landicho
Celebrating our people – Marites LandichoCelebrating our people – Marites Landicho
Celebrating our people – Marites Landichoseadeloitte
 
Celebrating our people - Bobby Christian
Celebrating our people - Bobby ChristianCelebrating our people - Bobby Christian
Celebrating our people - Bobby Christianseadeloitte
 
Celebrating our people - Jill Lim
Celebrating our people - Jill LimCelebrating our people - Jill Lim
Celebrating our people - Jill Limseadeloitte
 
Celebrating our people - Joe M. Arnett
Celebrating our people - Joe M. ArnettCelebrating our people - Joe M. Arnett
Celebrating our people - Joe M. Arnettseadeloitte
 
Celebrating our people – Melissa Delgado
Celebrating our people – Melissa DelgadoCelebrating our people – Melissa Delgado
Celebrating our people – Melissa Delgadoseadeloitte
 
Celebrating our people - Muhammad Ashik Ishak
Celebrating our people - Muhammad Ashik IshakCelebrating our people - Muhammad Ashik Ishak
Celebrating our people - Muhammad Ashik Ishakseadeloitte
 
Dtc event slide share
Dtc event slide shareDtc event slide share
Dtc event slide shareseadeloitte
 
Kids edu event slide share
Kids edu event slide shareKids edu event slide share
Kids edu event slide shareseadeloitte
 
Celebrating our people - Joanne Loh
Celebrating our people - Joanne Loh Celebrating our people - Joanne Loh
Celebrating our people - Joanne Loh seadeloitte
 
Celebrating our people - Thomas Chan
Celebrating our people - Thomas ChanCelebrating our people - Thomas Chan
Celebrating our people - Thomas Chanseadeloitte
 
Celebrating our people - Daniel Ng
Celebrating our people - Daniel NgCelebrating our people - Daniel Ng
Celebrating our people - Daniel Ngseadeloitte
 
Celebrating our people - Vergel Hoe Bantoc
Celebrating our people - Vergel Hoe BantocCelebrating our people - Vergel Hoe Bantoc
Celebrating our people - Vergel Hoe Bantocseadeloitte
 
Celebrating our people - Ellisa Tanara
Celebrating our people - Ellisa TanaraCelebrating our people - Ellisa Tanara
Celebrating our people - Ellisa Tanaraseadeloitte
 
Celebrating our people - Anthony Loh
Celebrating our people - Anthony LohCelebrating our people - Anthony Loh
Celebrating our people - Anthony Lohseadeloitte
 
Celebrating our people - Annalisa Nawawi
Celebrating our people - Annalisa NawawiCelebrating our people - Annalisa Nawawi
Celebrating our people - Annalisa Nawawiseadeloitte
 
Celebrating our people - Roy D. Kiantiong
Celebrating our people - Roy D. KiantiongCelebrating our people - Roy D. Kiantiong
Celebrating our people - Roy D. Kiantiongseadeloitte
 
Celebrating our people - Wimolporn Boonyusthian
Celebrating our people - Wimolporn BoonyusthianCelebrating our people - Wimolporn Boonyusthian
Celebrating our people - Wimolporn Boonyusthianseadeloitte
 
Celebrating our people - Madam Thanh Ha Thu
Celebrating our people - Madam Thanh Ha ThuCelebrating our people - Madam Thanh Ha Thu
Celebrating our people - Madam Thanh Ha Thuseadeloitte
 
Celebrating our people - Pachanan Rattanagowin
Celebrating our people - Pachanan Rattanagowin Celebrating our people - Pachanan Rattanagowin
Celebrating our people - Pachanan Rattanagowin seadeloitte
 
Celebrating our people - Nguyen Kim Lien
Celebrating our people - Nguyen Kim Lien Celebrating our people - Nguyen Kim Lien
Celebrating our people - Nguyen Kim Lien seadeloitte
 

Más de seadeloitte (20)

Celebrating our people – Marites Landicho
Celebrating our people – Marites LandichoCelebrating our people – Marites Landicho
Celebrating our people – Marites Landicho
 
Celebrating our people - Bobby Christian
Celebrating our people - Bobby ChristianCelebrating our people - Bobby Christian
Celebrating our people - Bobby Christian
 
Celebrating our people - Jill Lim
Celebrating our people - Jill LimCelebrating our people - Jill Lim
Celebrating our people - Jill Lim
 
Celebrating our people - Joe M. Arnett
Celebrating our people - Joe M. ArnettCelebrating our people - Joe M. Arnett
Celebrating our people - Joe M. Arnett
 
Celebrating our people – Melissa Delgado
Celebrating our people – Melissa DelgadoCelebrating our people – Melissa Delgado
Celebrating our people – Melissa Delgado
 
Celebrating our people - Muhammad Ashik Ishak
Celebrating our people - Muhammad Ashik IshakCelebrating our people - Muhammad Ashik Ishak
Celebrating our people - Muhammad Ashik Ishak
 
Dtc event slide share
Dtc event slide shareDtc event slide share
Dtc event slide share
 
Kids edu event slide share
Kids edu event slide shareKids edu event slide share
Kids edu event slide share
 
Celebrating our people - Joanne Loh
Celebrating our people - Joanne Loh Celebrating our people - Joanne Loh
Celebrating our people - Joanne Loh
 
Celebrating our people - Thomas Chan
Celebrating our people - Thomas ChanCelebrating our people - Thomas Chan
Celebrating our people - Thomas Chan
 
Celebrating our people - Daniel Ng
Celebrating our people - Daniel NgCelebrating our people - Daniel Ng
Celebrating our people - Daniel Ng
 
Celebrating our people - Vergel Hoe Bantoc
Celebrating our people - Vergel Hoe BantocCelebrating our people - Vergel Hoe Bantoc
Celebrating our people - Vergel Hoe Bantoc
 
Celebrating our people - Ellisa Tanara
Celebrating our people - Ellisa TanaraCelebrating our people - Ellisa Tanara
Celebrating our people - Ellisa Tanara
 
Celebrating our people - Anthony Loh
Celebrating our people - Anthony LohCelebrating our people - Anthony Loh
Celebrating our people - Anthony Loh
 
Celebrating our people - Annalisa Nawawi
Celebrating our people - Annalisa NawawiCelebrating our people - Annalisa Nawawi
Celebrating our people - Annalisa Nawawi
 
Celebrating our people - Roy D. Kiantiong
Celebrating our people - Roy D. KiantiongCelebrating our people - Roy D. Kiantiong
Celebrating our people - Roy D. Kiantiong
 
Celebrating our people - Wimolporn Boonyusthian
Celebrating our people - Wimolporn BoonyusthianCelebrating our people - Wimolporn Boonyusthian
Celebrating our people - Wimolporn Boonyusthian
 
Celebrating our people - Madam Thanh Ha Thu
Celebrating our people - Madam Thanh Ha ThuCelebrating our people - Madam Thanh Ha Thu
Celebrating our people - Madam Thanh Ha Thu
 
Celebrating our people - Pachanan Rattanagowin
Celebrating our people - Pachanan Rattanagowin Celebrating our people - Pachanan Rattanagowin
Celebrating our people - Pachanan Rattanagowin
 
Celebrating our people - Nguyen Kim Lien
Celebrating our people - Nguyen Kim Lien Celebrating our people - Nguyen Kim Lien
Celebrating our people - Nguyen Kim Lien
 

Último

trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdfMintel Group
 
MEP Plans in Construction of Building and Industrial Projects 2024
MEP Plans in Construction of Building and Industrial Projects 2024MEP Plans in Construction of Building and Industrial Projects 2024
MEP Plans in Construction of Building and Industrial Projects 2024Chandresh Chudasama
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Jiastral oracle
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersPeter Horsten
 
Andrii Rodionov: What can go wrong in a distributed system – experience from ...
Andrii Rodionov: What can go wrong in a distributed system – experience from ...Andrii Rodionov: What can go wrong in a distributed system – experience from ...
Andrii Rodionov: What can go wrong in a distributed system – experience from ...Lviv Startup Club
 
Fundamentals Welcome and Inclusive DEIB
Fundamentals Welcome and Inclusive DEIBFundamentals Welcome and Inclusive DEIB
Fundamentals Welcome and Inclusive DEIBGregory DeShields
 
Jewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreJewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreNZSG
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...Operational Excellence Consulting
 
How to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your BusinessHow to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your BusinessHelp Desk Migration
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...ssuserf63bd7
 
Data Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and TemplatesData Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and TemplatesAurelien Domont, MBA
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfJamesConcepcion7
 
Paul Turovsky - Real Estate Professional
Paul Turovsky - Real Estate ProfessionalPaul Turovsky - Real Estate Professional
Paul Turovsky - Real Estate ProfessionalPaul Turovsky
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerAggregage
 
5-Step Framework to Convert Any Business into a Wealth Generation Machine.pdf
5-Step Framework to Convert Any Business into a Wealth Generation Machine.pdf5-Step Framework to Convert Any Business into a Wealth Generation Machine.pdf
5-Step Framework to Convert Any Business into a Wealth Generation Machine.pdfSherl Simon
 
Simplify Your Funding: Quick and Easy Business Loans
Simplify Your Funding: Quick and Easy Business LoansSimplify Your Funding: Quick and Easy Business Loans
Simplify Your Funding: Quick and Easy Business LoansNugget Global
 
Introducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsIntroducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsKnowledgeSeed
 

Último (20)

trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
 
WAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdfWAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdf
 
MEP Plans in Construction of Building and Industrial Projects 2024
MEP Plans in Construction of Building and Industrial Projects 2024MEP Plans in Construction of Building and Industrial Projects 2024
MEP Plans in Construction of Building and Industrial Projects 2024
 
Authentically Social - presented by Corey Perlman
Authentically Social - presented by Corey PerlmanAuthentically Social - presented by Corey Perlman
Authentically Social - presented by Corey Perlman
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exporters
 
Andrii Rodionov: What can go wrong in a distributed system – experience from ...
Andrii Rodionov: What can go wrong in a distributed system – experience from ...Andrii Rodionov: What can go wrong in a distributed system – experience from ...
Andrii Rodionov: What can go wrong in a distributed system – experience from ...
 
Fundamentals Welcome and Inclusive DEIB
Fundamentals Welcome and Inclusive DEIBFundamentals Welcome and Inclusive DEIB
Fundamentals Welcome and Inclusive DEIB
 
Jewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreJewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource Centre
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
 
How to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your BusinessHow to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your Business
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
 
Data Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and TemplatesData Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and Templates
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdf
 
Paul Turovsky - Real Estate Professional
Paul Turovsky - Real Estate ProfessionalPaul Turovsky - Real Estate Professional
Paul Turovsky - Real Estate Professional
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon Harmer
 
5-Step Framework to Convert Any Business into a Wealth Generation Machine.pdf
5-Step Framework to Convert Any Business into a Wealth Generation Machine.pdf5-Step Framework to Convert Any Business into a Wealth Generation Machine.pdf
5-Step Framework to Convert Any Business into a Wealth Generation Machine.pdf
 
Simplify Your Funding: Quick and Easy Business Loans
Simplify Your Funding: Quick and Easy Business LoansSimplify Your Funding: Quick and Easy Business Loans
Simplify Your Funding: Quick and Easy Business Loans
 
Introducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsIntroducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applications
 

November 2017: Part 6

  • 1. Cyber risks troubling organisations Supplementary Reading November 2017
  • 2. Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 2 What is a Data Breach? A data breach is an incident that involves the unauthorized or illegal viewing, access or retrieval of data by an individual, application or service. It is a type of security breach specifically designed to steal and/or publish data to an unsecured or illegal location. How does a Data Breach occur? A data breach occurs when an unauthorized hacker or attacker accesses a secure database or repository. Data breaches are typically geared toward logical or digital data and often conducted over the Internet or a network connection. A data breach may result in data loss, including financial, personal and health information. A hacker may also use stolen data to impersonate himself to gain access to a high security area. For example, a hacker's data breach of a network administrator's login credentials can result in access of an entire network. Definition of Data Breaches "There was no evidence of hacking or that the perpetrator had deployed any brute force attacks," the PDPC said in its grounds of decision. https://www.techopedia.com/definition/13601/data-breach http://www.channelnewsasia.com/news/business/ion-orchard-fined-s-15-000-over-customer-data-breach-9010072
  • 3. Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 3 Insider Leaks & Unintended Disclosure Insider leaks can be a result of negligence or malicious intent. In order to prevent such a situation, it is vital to educate employees and establishing policies with periodical compliance audits. This is to lower the risk of confidential information falling into the wrong hands. Payment Card Fraud Many cases of stolen credit card information have been reported over the year including the most recent Uber case. Some simple ways to avoid it happening to you include; shredding anything with your credit card number and personal identifiable information on it, avoid giving out your card information, review your billing statements every month and checking ATMs for card skimmers. Combating Common Types of Data Breaches http://uk.businessinsider.com/kpmg-fires-6-people-over-unethical-leaks-of-audit-checks-2017-4/?IR=T https://iapp.org/news/a/2006-10-the-insider-threat-how-to-ensure-information-security-mitigate/ http://www.miamiherald.com/news/local/community/miami-dade/hialeah/article186649473.html https://www.thebalance.com/ways-avoid-credit-card-fraud-960797 https://www.scmagazineuk.com/sowbug-apt-uses-felismus-backdoor-to-for-cyber-espionage-operations/article/706098/ https://www.forbes.com/sites/thomasbrewster/2017/11/27/chinese-hackers-accused-of-siemens-moodys-trimble-hacks/#7133293819ef
  • 4. Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 4 Case Study: Anthem pays $115M to settle data breach "The Anthem breach and investigation afterward demonstrate how important it is for organizations to clean up and tighten the access control measures and the value of two factor authentication,“ says Mac Mcmillan, CEO of Security Consulting Firm - CynergisTek Information about the case: • Anthem, US largest healthcare insurance company has agreed to settle a class action lawsuit over a 2015 data breach for $115M • The 2015 breach resulted in exposure and theft of nearly 80 millions records, including client names, date of birth, physical & email addresses • Hackers used a stolen password and broke into Anthem’s database using a customized malware containing information of former and current customers • Customized malware is used to infiltrate Anthem’s databases https://www.cnet.com/news/anthem-would-pay-record-115m-to-settle-data-breach-suit/ http://securityaffairs.co/wordpress/60464/data-breach/anthem-115m-settlement.html https://www.bankinfosecurity.com/new-in-depth-analysis-anthem-breach-a-9627 News & information on Anthem which has gone viral online:
  • 5. Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 5 Conclusion: Referring to the timeline, Anthem was breached more than once. There could be a probability that these cyber attacks are linked to one another. Resolving a cyber attack requires a long time, even years of research and investigation. This is highly dependent on how malicious and severe the attack is. The amount of time taken for Anthem to settle their legal costs, investigations and to salvage the loss of reputation due to the data breach took 7 years and they are still trying to settle the cost of the breach now. Case study: Anthem attack timeline https://www.usatoday.com/story/tech/2015/02/05/anthem-health-care-computer-security-breach-fine-17-million/22931345/ https://www.bloomberg.com/news/articles/2017-06-23/anthem-reaches-115-mln-settlement-in-massive-data-breach-case https://www.forbes.com/sites/brucejapsen/2014/12/03/wellpoint-name-change-to-anthem-official-reflects-brand/#7fd3424dcd54 "The personally identifiable information that HIPAA-covered health plans maintain on enrollees and members — including names and Social Security Numbers — is protected under HIPAA, even if no specific diagnostic or treatment information is disclosed," said Rachel Seeger, a senior HHS adviser. Wellpoint’s data breach of disclosure of personal information affected 612,000 people Cyber attackers gained access to the company’s computers & customer’s private information which affected 80 million customers Anthem settles 2015 Data Breach for $115 million Wellpoint changed name to Anthem. Malware samples used indicate attacks from China hacker group “Deep Panda” 2010 2014 2015 2017
  • 6. Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 6 Lessons learnt: The Impact on Anthem Impact on Anthem: • Loss of customer relationships • Loss of intellectual property • Lost value of customer relationships • Loss of reputation • Loss of trust towards employees as the culprit misused company data • Cost of Attorney Fees & Litigation • Risk of cyber attackers disguising themselves as customers to make medical claims Impact on customers: • Risk of theft identity from cyber attackers, making claims from Anthem using their name • Loss of trust towards Anthem • Loss of personal confidential information
  • 7. Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 7 What to do after a Data Breach? “Business continuity management continues to play an important role in determining the impact of data breaches that put organizations at risk worldwide,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. 1) Determine what was stolen. You'll need to pin down exactly what kind of information was lost in the data breach. Understand the severity of the breach and determine the kind of attack which has been executed. 2) Change all affected passwords. If an online account has been compromised, change the password on that account right away. If you used the same password for any other accounts, change those as well, and make up a new, strong password for each and every account. 3) Contact relevant financial institutions. If a payment-card number has been stolen, contact the bank or organization that issued the card immediately. 4) Check for IT systems failure. Routinely assess vulnerabilities in your IT environment. Steps should be taken to find hidden sources, work down the layers of infrastructure to identify the servers and understand the network devices which your hardware and applications depend on and apply business and technology context to scanner results. https://www.tomsguide.com/us/data-breach-to-dos,news-18007.html https://blog.barkly.com/data-breach-crisis-communication-plan-strategy. https://www.classaction.com/data-breach/lawsuit/ http://focus.forsythe.com/articles/211/8-Steps-to-an-Effective-Vulnerability-Assessment http://www.healthcareitnews.com/news/ponemon-business-continuity-management-vital-data-breach-recovery
  • 8. Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 8 What to do after a Data Breach? Cont’d “Don’t be caught off guard when the next data breach affecting your firm comes to light. Be prepared.”says Caleb Barlow, Vice President at IBM Security 5) Manage the crisis communication. Have a unique strategy planned out for each crisis, the upper management should determine when should they communicate and admit the breach. Effective planning and execution of a data breach may help to salvage the situation. An organisation needs to admit the breach and then prepare for it. 6) Have an incident response plan. A successful IR plan should involve people who take ownership and maintain the documentation. This will ensure a smooth transition from the planned initiative to business-as-usual. A basic incident response plan is akin to building a muscle memory. It requires the following: - Internal team to follow and document the breach - Identity external data security resources - Create a checklist - Track key breach-related rights, obligations & deadlines - Review & update response plan regularly 7) Determine whether legal action is necessary. Only a licensed attorney will determine if an organisation is eligible for a data breach lawsuit. The attorney will also see if any state laws have been violated. https://www.classaction.com/data-breach/lawsuit/ https://digitalguardian.com/blog/incident-response-plan http://fortune.com/2016/06/15/data-breach-cost-study-ibm/
  • 9. Cyber 101: Supplementary Reading© 2017 Deloitte Touche Tohmatsu Limited Slide 9 3 Ways to Prevent a Data Breach The public data breach lists are a symptom of a deeper problem: U.S. cybersecurity laws place a disproportionate emphasis on notifying the public after a breach has occurred. While notice always will play a role in remediating harm, policymakers should shift their focus to preventative measures, such as more robust and clearer data security standards and incentives for investments in cybersecurity.. 1) Ensure that changes are documented The main key to visibility across the entire IT infrastructure is to keep a complete audit trail of system activities and changes made. Remember that the human factor is always a pain point in security and consider thorough documentation of user activity as a solution to reduce the risk of employees’ negligence. 2) Have an IT Security Framework. This is a set of documented policies and procedures that govern the implementation and ongoing management of an organization’s security. Think of it as a blueprint or operator’s guide for security. Majority of the damage is usually caused by simple mistakes, such as unintended or unauthorized actions of legitimate users and IT engineers who are either untrained in security, and/or who misunderstood the instructions from the management. 3) Audit and evaluate your environment continuously Auditing procedures are of little value if they are done only occasionally. Continuous auditing of user activities and changes made to data and system configurations helps to avoid critical mistakes that might potentially damage security and service uptime. Analytics built upon this knowledge helps to detect security incidents and find the root cause of each violation. In addition, continuous monitoring provides irrefutable proof that your security policies are in place and always have been), which is very handy when needing to pass compliance audits. https://www.netwrix.com/the_three_best_ways_to_prevent_a_data_breach.html https://techcrunch.com/2017/05/09/prevent-data-breaches-dont-just-report-them/ http://www.hypeorripe.com/2017/04/07/what-is-a-common-security-framework-csf/ http://www.tns.com/it_security_framework.asp
  • 10. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte’s more than 244,000 professionals are committed to becoming the standard of excellence. This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of this communication, rendering professional advice or services. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication. © 2017. For information, contact Deloitte Touche Tohmatsu Limited