Verizon 2014 data breach investigations report dbir - my view ext

•Download as PPTX, PDF•

1 like•846 views

I agree when Verizon's Baker says "the bad news from this year's report is that the cybercriminals and other attackers are getting better at what they do, while the security community is not improving its game quickly enough to keep pace." The bad news, as Wade Baker, principal author of the Data Breach Investigations Report (DBIR) series, says is that: "After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime – and the bad guys are winning." My view is that that we are now more concerned about attackers that are targeting our data flow, including data in memory since the DBIR reported that "RAM scrapers" went from a low #17 in 2012 and shoot up the charts to a very concerning #4 spot in 2013. My view is that that we are now less concerned about attackers that are targeting our stored data since the DBIR reported that "Capture stored data" went from a #4 in 2012 and to a less concerning #9 spot in 2013 and "Privilege abuse" went from a #14 in 2012 and to a less concerning #17 spot in 2013. I think that file encryption will not stop the bad guys. The bad guys are no longer attacking stored data. The bad guys are now attacking the data flow, including data in memory. My view is that we now need to secure the data flow, including data in memory. The bad guys are no longer attacking stored data. I'm increasingly concerned about Big Data and Cloud platforms, great targets for attackers. An important development was the addition of coarse-grained volume or file encryption will only solve one problem, protecting data at rest, but considering one of the primary goals is using the data, one might suggest that it provided little in the grand scheme of Data security. Sensitive data in use for analytics, traveling between nodes, sent to other systems, or even just being viewed is subject to full exposure. What they're seeking is advanced functionality equal to the task of balancing security and regulatory compliance with data insights and data utility. This balance is critical for Big Data and Cloud platforms. Emerging Big Data and Cloud platforms are presenting new use cases that are requiring data insight for analytics, high performance and scalability for Big Data platforms cannot be achieved by old security approaches. New security approaches are required since Big Data is based on a new and different architecture. Big Data is introducing a new approach to collecting data by allowing unstructured data to be blindly collected. In many cases we do not even know about all sensitive and regulated data fields that are contained in these large data feeds. Analysis of the content is often deferred to a later point in the process, to a stage when we are starting to use the data for analytics. Then it is too late to go back and try to apply data security and compliance to regulations. My view is that we now need to secure the data flow. The bad guys are no longer attacking stored data in files.

Technology

Wade Baker, principal author of the Data Breach
Investigations Report (DBIR) series, says is that:
“After analyzing 10 years of data, we realize most
organizations cannot keep up with cybercrime – and
the bad guys are winning.”
"Attackers are getting quicker at compromising
systems over the past 10 years,"
"Less than 25 percent of good guys discovered these
incidents in days or less. This is not a good situation ...
The bad guys are winning at a faster rate than the good
guys are winning."

Ram scraper [mal] 223
"RAM scrapers" went from a low #17 in 2012 and shoot
up the charts to a very concerning #4 spot in 2013.
Verizon’s 2014 Data Breach Investigations Report

Export data [mal] 327
“Export data" went from a low #7 in 2012 and shoot up
the charts to a very concerning #2 spot in 2013.
Verizon’s 2014 Data Breach Investigations Report

Capture stored data [mal] 133
“Stored data" went from a #4 in 2012 and to a less concerning
#9 spot in 2013
Verizon’s 2014 Data Breach Investigations Report

Privillege abuse [mis] 65
"Privilege abuse" went from a #14 in 2012 and to a less
concerning #17 spot in 2013
Verizon’s 2014 Data Breach Investigations Report

Capture stored data [mal] 133
My Conclusion: File Encryption is Not Helping
Verizon’s 2014 Data Breach Investigations Report
File encryption

Privillege abuse [mis] 65
My Conclusion: Database Monitoring will Not Help
Verizon’s 2014 Data Breach Investigations Report
Database Activity
Monitoring

Ram scraper [mal] 223
Export data [mal] 327
My Conclusion: Secure The Sensitive Data Flow
Verizon’s 2014 Data Breach Investigations Report
Data Tokenization
Data Tokenization

Cloud and Big Data
Emerging Big Data and Cloud platforms are presenting new use cases that are requiring data
insight for analytics, high performance and scalability for Big Data platforms cannot be achieved
by old security approaches.
An important development was the addition of coarse-grained volume or file encryption will
only solve one problem, protecting data at rest, but considering one of the primary goals is
using the data, one might suggest that it provided little in the grand scheme of Data security.
Sensitive data in use for analytics, traveling between nodes, sent to other systems, or even just
being viewed is subject to full exposure.
What they’re seeking is advanced functionality equal to the task of balancing security and
regulatory compliance with data insights and data utility.
This balance is critical for Big Data and Cloud platforms.

Big Data
Big Data is introducing a new approach to collecting data by allowing unstructured data to be
blindly collected. In many cases we do not even know about all sensitive and regulated data
fields that are contained in these large data feeds.
Analysis of the content is often deferred to a later point in the process, to a stage when we are
starting to use the data for analytics.
New security approaches are required since Big Data is based on a new and different
architecture.
Then it is too late to go back and try to apply data security and compliance to regulations.

Conclusion
My view is that that we are now more concerned about attackers that are targeting
our data flow.
My view is that that we are now less concerned about attackers that are targeting our
stored data.
I think that file encryption will not stop the bad guys.
I found some good news in an interesting report from the Aberdeen Group that
revealed that "Over 12 months, data tokenization users had 50% fewer security-
related incidents (e.g., unauthorized access, data loss or data exposure than
tokenization non-users".
Nearly half of the respondents (47%) are currently using tokenization for something
other than cardholder data.
The name of the study is "Tokenization Gets Traction".

More from Ulf Mattsson

Evolving international privacy regulations and cross border data transfer - g...

Ulf Mattsson

Unicode is an information technology standard for the consistent encoding, representation, and handling of text expressed in most of the world's writing systems. The standard is maintained by the Unicode Consortium, and as of March 2020, it has a total of 143,859 characters, with Unicode 13.0 (these characters consist of 143,696 graphic characters and 163 format characters) covering 154 modern and historic scripts, as well as multiple symbol sets and emoji. The character repertoire of the Unicode Standard is synchronized with ISO/IEC 10646, each being code-for-code identical with the other. The Unicode Standard consists of a set of code charts for visual reference, an encoding method and set of standard character encodings, a set of reference data files, and a number of related items, such as character properties, rules for normalization, decomposition, collation, rendering, and bidirectional text display order (for the correct display of text containing both right-to-left scripts, such as Arabic and Hebrew, and left-to-right scripts). Unicode's success at unifying character sets has led to its widespread and predominant use in the internationalization and localization of computer software. The standard has been implemented in many recent technologies, including modern operating systems, XML, Java (and other programming languages), and the .NET Framework. Unicode can be implemented by different character encodings. The Unicode standard defines Unicode Transformation Formats (UTF) UTF-8, UTF-16, and UTF-32, and several other encodings. The most commonly used encodings are UTF-8, UTF-16, and UCS-2 (a precursor of UTF-16 without full support for Unicode)

Data encryption and tokenization for international unicode

Ulf Mattsson

Discussion of Post-Quantum Cryptography and other technologies: Data Security Techniques Secure Multi-Party Computation (SMPC) Homomorphic encryption (HE) Differential Privacy (DP) and K-Anonymity Pseudonymization and Anonymization Synthetic Data Zero trust architecture (ZTA) Zero-knowledge proofs (ZKP) Private Set Intersection (PSI) Trusted execution environments (TEE) Post-Quantum Cryptography Blockchain Regulations and Standards in Data Privacy

The future of data security and blockchain

Ulf Mattsson

New technologies for data protection

Ulf Mattsson

GDPR and evolving international privacy regulations

Ulf Mattsson

A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion. We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared. We will discuss secure multi-party computation where organizations want to securely share sensitive data without revealing their private inputs. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including homomorphic encryption, k-anonymity and differential privacy. We will present best practices and how to control privacy and security throughout the data life cycle. We will also review industry standards, implementations, policy management and case studies for hybrid cloud and on-premises.

Privacy preserving computing and secure multi-party computation ISACA Atlanta

Ulf Mattsson

Digital Transformation and the opportunities to use data in Analytics and Machine Learning are growing exponentially, but so too are the business and financial risks in Data Privacy. The increasing number of privacy incidents and data breaches are destroying brands and customer trust, and we will discuss how business prioritization can be benefit from a finance-based data risk assessment (FinDRA). More than 60 countries have introduced privacy laws and by 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations. We will discuss use cases in financial services that are finding a balance between new technology impact, regulatory compliance, and commercial business opportunity. Several privacy-preserving and privacy-enhanced techniques can provide practical security for data in use and data sharing, but none universally cover all use cases. We will discuss what tools can we use mitigate business risks caused by security threats, data residency and privacy issues. We will discuss how technologies like pseudonymization, anonymization, tokenization, encryption, masking and privacy preservation in analytics and business intelligence are used in Analytics and Machine Learning. Organizations are increasingly concerned about data security in processing personal information in external environments, such as the cloud; and information sharing. Data is spreading across hybrid IT infrastructure on-premises and multi-cloud services and we will discuss how to enforce consistent and holistic data security and privacy policies. Increasing numbers of data security, privacy and identity access management products are in use, but they do not integrate, do not share common policies, and we will discuss use cases in financial services of different techniques to protect and manage data security and privacy.

Safeguarding customer and financial data in analytics and machine learning

Ulf Mattsson

ISACA London Chapter webinar, Feb 16th 2021 Topic: “Protecting Data Privacy in Analytics and Machine Learning” Abstract: In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to put these technologies to work for databases and other data sources. When we think about developing AI responsibly, there’s many different activities that we need to think about. This session also discusses international standards and emerging privacy-enhanced computation techniques, secure multiparty computation, zero trust, cloud and trusted execution environments. We will discuss the “why, what, and how” of techniques for privacy preserving computing. We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud. We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.

Protecting data privacy in analytics and machine learning ISACA London UK

Ulf Mattsson

In the shadow of the global pandemic and the associated economic downturn, organizations are focused on cost optimization, which often leads to impulsive decisions to deprioritize compliance with all nonrevenue programs. Regulators have evolved to adapt with the notable increase in data subject complaints and are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine while Equifax agreed to pay a minimum of $575 million for its breach. The US Federal Trade Commission, the US Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories sued over the company’s failure to take “reasonable steps” to secure its sensitive personal data. Privacy and data protection are enforced by a growing number of regulations around the world and people are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today, according to Gartner. There is a convergence of data privacy principles, standards and regulations on a common set of fundamental principles. The opportunities to use data are growing exponentially, but so too are the business and financial risks as the number of data protection and privacy regulations grows internationally. Join this webinar to learn more about: - Trends in modern privacy regulations - The impact on organizations to protect and use sensitive data - Data privacy principles - The impact of General Data Protection Regulation (GDPR) and data transfer between US and EU - The evolving CCPA, the new PCI DSS version 4 and new international data privacy laws or regulations - Data privacy best practices, use cases and how to control sensitive personal data throughout the data life cycle

New opportunities and business risks with evolving privacy regulations

Ulf Mattsson

BCS North London Branch in association with Central London Branch webinar (by GoToWebinar) Date: 2nd December 2020 Time: 18.00 to 19.30 Event title: Blockchain tokenization “What is tokenization in Blockchain?” Agenda Blockchain What is Blockchain? Use cases, trends and risks Vendors and platforms Data protection techniques and scalability Tokenization Digital business Convert a digital value into a digital token Local and central models Cloud Tokenization in Hybrid cloud

What is tokenization in blockchain - BCS London

Ulf Mattsson

In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to put these technologies to work for databases and other data sources. When we think about developing AI responsibly, there’s many different activities that we need to think about. This session also discusses international standards and emerging privacy-enhanced computation techniques, secure multiparty computation, zero trust, cloud and trusted execution environments. We will discuss the “why, what, and how” of techniques for privacy preserving computing. We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud. We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.

Protecting data privacy in analytics and machine learning - ISACA

Ulf Mattsson

What is tokenization in blockchain?

Ulf Mattsson

Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b

Ulf Mattsson

Unlock the potential of data security 2020

Ulf Mattsson

Tokenization on Blockchain is a steady trend. It seems that everything is being tokenized on Blockchain from paintings, diamonds and company stocks to real estate. Thus, we took an asset, tokenized it and created its digital representation that lives on Blockchain. Blockchain guarantees that the ownership information is immutable. Unfortunately, some problems need to be solved before we can successfully tokenize real-world assets on Blockchain. Main problem stems from the fact that so far, no country has a solid regulation for cryptocurrency. For example, what happens if a company that handles tokenization sells the property? They have no legal rights on the property and thus are not protected by the law. Another problem is that this system brings us back some sort of centralization. The whole idea of Blockchain and especially smart contracts is to create a trustless environment. Tokenization is a method that converts a digital value into a digital token. Tokenization can be used as a method that converts rights to an asset into a digital token. The tokenization system can be implemented local to the data that is tokenized or in a centralized model. We will discuss tokenization implementations that can provide scalability across hybrid cloud models. This session will position different data protection techniques, use cases for blockchain, and protecting blockchain.

What is tokenization in blockchain?

Ulf Mattsson

In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to use open source tools to put these technologies to work for databases and other data sources. When we think about developing AI responsibly, there’s many different activities that we need to think about. In this session, we will discuss technologies that help protect people, preserve privacy, and enable you to do machine learning confidentially. This session discusses industry standards and emerging privacy-enhanced computation techniques, secure multiparty computation, and trusted execution environments. We will discuss Zero Trust philosophy fundamentally changes the way we approach security since trust is a vulnerability that can be exploited particularly when working remotely and increasingly using cloud models. We will also discuss the “why, what, and how” of techniques for privacy preserving computing. We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud. We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.

Protecting Data Privacy in Analytics and Machine Learning

Ulf Mattsson

ISACA Houston - How to de-classify data and rethink transfer of data between ...

Ulf Mattsson

Isaca atlanta - practical data security and privacy

Ulf Mattsson

ISACA Houston - Practical data privacy and de-identification techniques

Ulf Mattsson

Jul 16 isaca london data protection, security and privacy risks - on premis...

Ulf Mattsson

More from Ulf Mattsson (20)

Evolving international privacy regulations and cross border data transfer - g...

Data encryption and tokenization for international unicode

The future of data security and blockchain

New technologies for data protection

GDPR and evolving international privacy regulations

Privacy preserving computing and secure multi-party computation ISACA Atlanta

Safeguarding customer and financial data in analytics and machine learning

Protecting data privacy in analytics and machine learning ISACA London UK

New opportunities and business risks with evolving privacy regulations

What is tokenization in blockchain - BCS London

Protecting data privacy in analytics and machine learning - ISACA

What is tokenization in blockchain?

Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b

Unlock the potential of data security 2020

What is tokenization in blockchain?

Protecting Data Privacy in Analytics and Machine Learning

ISACA Houston - How to de-classify data and rethink transfer of data between ...

Isaca atlanta - practical data security and privacy

ISACA Houston - Practical data privacy and de-identification techniques

Jul 16 isaca london data protection, security and privacy risks - on premis...

Recently uploaded

This presentation focuses on the challenges and strategies of connecting problem definitions within product development. Key Points Covered: - Kayak's mission since its inception in 2004 to simplify travel by enabling easy comparisons of flights through technological solutions. - Discussion of the complexities within the travel industry, including the high expectations for personalized user experiences and the various stakeholder influences. - Emphasis on the necessity of maintaining agility and innovation within a mature company through continuous reassessment of processes. - An explanation of the importance of disciplined problem definition to prevent project failures and team inefficiencies. - Introduction of strategies for effective communication across teams to ensure alignment and comprehension at all levels of project development. - Exploration of various problem-solving methodologies, including how to handle conflicts within team settings regarding problem definitions and project directions.

Connecting the Dots in Product Design at KAYAK

UXDXConf

Designing inclusive products is not only a social responsibility but also a business imperative. This talk delves into the journey of creating accessible hardware products that cater to diverse user needs. Key Topics Covered: 1. Introduction to Inclusive Design - Importance of accessibility in product design - Overview of Comcast's commitment to making products accessible to a wide audience 2. Case Study: Xfinity Large Button Voice Remote - Initial challenges and the evolution of the product - User research and feedback that shaped the design - Key features of the final product and their benefits 3. Designing for Diverse Needs - Understanding human-centered design and its historical context - The impact of designing for people with disabilities on overall product quality - Examples from other industries, such as architecture and industrial design 4. Integrating Accessibility from the Beginning - The cost and efficiency benefits of designing for accessibility from the start - The process of embedding accessibility as a core trait rather than an optional feature 5. Real-World Impact and Continuous Improvement - Insights from in-home studies with users having assistive needs - How continuous feedback and iterative design lead to better products - The role of inclusive research and development practices

Designing for Hardware Accessibility at Comcast

UXDXConf

We're living the AI revolution and Salesforce is adapting and bring new value to their customers. Einstein products are evolving rapidly and navigating their limitations, language support, and use cases can be challenging. Let's make review of what Einstein product are available currently, what are the capabilities and what can be used for in CEE region and how Rossie.ai can help to learn Salesforce speak Czech. We will explore the Einstein roadmap and I will make a short live demo (based on your vote) of some Einstein feature.

AI revolution and Salesforce, Jiří Karpíšek

CzechDreamin

PLAI - Acceleration Program for Generative A.I. Startups

Stefano

ScyllaDB has the potential to deliver impressive performance and scalability. The better you understand how it works, the more you can squeeze out of it. But before you squeeze, make sure you know what to monitor! Watch our experienced Postgres developer work through monitoring and performance strategies that help him understand what mistakes he’s made moving to NoSQL. And learn with him as our database performance expert offers friendly guidance on how to use monitoring and performance tuning to get his sample Rust application on the right track. This webinar focuses on using monitoring and performance tuning to discover and correct mistakes that commonly occur when developers move from SQL to NoSQL. For example: - Common issues getting up and running with the monitoring stack - Using the CQL optimizations dashboard - Common issues causing high latency in a node - Common issues causing replica imbalance - What a healthy system looks like in terms of memory - Key metrics to keep an eye on This isn’t “Death-by-Powerpoint.” We’ll walk through problems encountered while migrating a real application from Postgres to ScyllaDB – and try to fix them live as well.

Optimizing NoSQL Performance Through Observability

ScyllaDB

As an SEO expert specializing in the IPTV and VPN niches with over five years of experience, I navigate the unique challenges of these industries adeptly. My strategic approach encompasses competitive analysis, targeted keyword research, content optimization, and high-quality backlink creation. My goal is to optimize my clients' online visibility, generating targeted organic traffic and maximizing their return on investment. With a results-driven approach and a passion for innovation, I'm poised to assist my clients in thriving in an ever-evolving digital landscape. <a href="https://iptvreel.com">

THE BEST IPTV in GERMANY for 2024: IPTVreel

reely ones

Join me in this session where I'll share our journey of building a fully serverless application that flawlessly managed check-ins for an event with a staggering 80 thousand registrations. We'll dive into three key strategies that made this possible. Firstly, by harnessing DynamoDB global tables, we ensured global service availability and data replication across regions, boosting performance and disaster recovery. Next, we'll explore how we seamlessly integrated real-time updates into the app using Appsync subscriptions, making the experience dynamic and engaging for users. Finally, I'll discuss how provisioned concurrency not only improved performance but also kept costs in check, highlighting the cost-effectiveness of serverless architectures. Through these strategies and the inherent scalability of serverless technology, our application effortlessly handled massive user loads without manual intervention. This session is a real world example to the power and efficiency of modern cloud-based solutions in enabling seamless scalability and robust performance with Serverless

How we scaled to 80K users by doing nothing!.pdf

Srushith Repakula

FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...

FIDO Alliance

The Metaverse: Are We There Yet?

Mark Billinghurst

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

FIDO Alliance

Discover the top Symfony development companies that excel in creating robust and scalable web applications. Our latest blog highlights the best firms specializing in Symfony, known for their expertise in delivering high-performance solutions. Whether you’re looking to start a new project or enhance an existing one, these companies offer the skills and experience needed to bring your vision to life. Read more to find your perfect Symfony development partner.

Top 10 Symfony Development Companies 2024

TopCSSGallery

Screen flow is a powerful automation tool that is commonly designed for internal and external users. However, what about the guest users? We will dive into various methods of launching screen flows and understand how to make them publicly accessible, extending their usability to a broader audience. The presentation will also cover the implementation of security layers and highlight best practices for a smooth and protected user experience. Discover the potential of screen flows beyond conventional use and learn how to leverage them effectively.

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

CzechDreamin

IoT Analytics Company Presentation May 2024

IoTAnalytics

Oauth 2.0 Introduction and Flows with MuleSoft

shyamraj55

IESVE for Early Stage Design and Planning

IES VE

When you think of a highly secure meeting environment, do you instantly think 'Microsoft Teams'!? Or do you think about some unknown application, troublesome UI and daunting login process...? If you think the latter - let's change that! In this session Femke will show you how using Teams Premium features can create secure, but also good looking meetings! PRETTY. Make sure your company's brand is represented before, during and after the meeting with Customization policies in place. SECURE. Lets utilize Meeting templates and Sensitivity Labels to protect your meeting and data to prevent sensitive information from being leaked. After this session, you will have a clear understanding of the capabilities of Teams Premium features and how to set up the perfect meeting that suits your organizational requirements!

ECS 2024 Teams Premium - Pretty Secure

Femke de Vroome

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “Enterprise Knowledge Graphs: The Importance of Semantics” on May 9, 2024, at the annual Data Summit in Boston. In her presentation, Hedden describes the components of an enterprise knowledge graph and provides further insight into the semantic layer – or knowledge model – component, which includes an ontology and controlled vocabularies, such as taxonomies, for controlled metadata. While data experts tend to focus on the graph database components (RDF triple store or a label property graph), Hedden emphasizes they should not overlook the importance of the semantic layer.

Enterprise Knowledge Graphs - Data Summit 2024

Enterprise Knowledge

What's New in Teams Calling, Meetings and Devices April 2024

Stephanie Beckett

New customer? New industry? New cloud? New team? A lot to handle! How to ensure the success of the project? Start it well! I've created the 3 areas of focus at the beginning of the project that helped me in multiple roles (BA, PO, and Consultant). Learn from real-world experiences and discover how these insights can empower you to deliver unparalleled value to your customers right from the project's start.

Powerful Start- the Key to Project Success, Barbara Laskowska

CzechDreamin

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf

FIDO Alliance

Recently uploaded (20)

Connecting the Dots in Product Design at KAYAK

Designing for Hardware Accessibility at Comcast

AI revolution and Salesforce, Jiří Karpíšek

PLAI - Acceleration Program for Generative A.I. Startups

Optimizing NoSQL Performance Through Observability

THE BEST IPTV in GERMANY for 2024: IPTVreel

How we scaled to 80K users by doing nothing!.pdf

FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...

The Metaverse: Are We There Yet?

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

Top 10 Symfony Development Companies 2024

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

IoT Analytics Company Presentation May 2024

Oauth 2.0 Introduction and Flows with MuleSoft

IESVE for Early Stage Design and Planning

ECS 2024 Teams Premium - Pretty Secure

Enterprise Knowledge Graphs - Data Summit 2024

What's New in Teams Calling, Meetings and Devices April 2024

Powerful Start- the Key to Project Success, Barbara Laskowska

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf

Verizon 2014 data breach investigations report dbir - my view ext

1. The Bad Guys are Winning

2. Wade Baker, principal author of the Data Breach Investigations Report (DBIR) series, says is that: “After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime – and the bad guys are winning.” "Attackers are getting quicker at compromising systems over the past 10 years," "Less than 25 percent of good guys discovered these incidents in days or less. This is not a good situation ... The bad guys are winning at a faster rate than the good guys are winning."

3. The Bad Guys are Attacking Your Data

4. Ram scraper [mal] 223 "RAM scrapers" went from a low #17 in 2012 and shoot up the charts to a very concerning #4 spot in 2013. Verizon’s 2014 Data Breach Investigations Report

5. Export data [mal] 327 “Export data" went from a low #7 in 2012 and shoot up the charts to a very concerning #2 spot in 2013. Verizon’s 2014 Data Breach Investigations Report

6. Capture stored data [mal] 133 “Stored data" went from a #4 in 2012 and to a less concerning #9 spot in 2013 Verizon’s 2014 Data Breach Investigations Report

7. Privillege abuse [mis] 65 "Privilege abuse" went from a #14 in 2012 and to a less concerning #17 spot in 2013 Verizon’s 2014 Data Breach Investigations Report

8. Capture stored data [mal] 133 My Conclusion: File Encryption is Not Helping Verizon’s 2014 Data Breach Investigations Report File encryption

9. Privillege abuse [mis] 65 My Conclusion: Database Monitoring will Not Help Verizon’s 2014 Data Breach Investigations Report Database Activity Monitoring

10. Ram scraper [mal] 223 Export data [mal] 327 My Conclusion: Secure The Sensitive Data Flow Verizon’s 2014 Data Breach Investigations Report Data Tokenization Data Tokenization

11. Attacking Emerging Platforms

12. Cloud and Big Data Emerging Big Data and Cloud platforms are presenting new use cases that are requiring data insight for analytics, high performance and scalability for Big Data platforms cannot be achieved by old security approaches. An important development was the addition of coarse-grained volume or file encryption will only solve one problem, protecting data at rest, but considering one of the primary goals is using the data, one might suggest that it provided little in the grand scheme of Data security. Sensitive data in use for analytics, traveling between nodes, sent to other systems, or even just being viewed is subject to full exposure. What they’re seeking is advanced functionality equal to the task of balancing security and regulatory compliance with data insights and data utility. This balance is critical for Big Data and Cloud platforms.

13. Big Data Big Data is introducing a new approach to collecting data by allowing unstructured data to be blindly collected. In many cases we do not even know about all sensitive and regulated data fields that are contained in these large data feeds. Analysis of the content is often deferred to a later point in the process, to a stage when we are starting to use the data for analytics. New security approaches are required since Big Data is based on a new and different architecture. Then it is too late to go back and try to apply data security and compliance to regulations.

14. Conclusion My view is that that we are now more concerned about attackers that are targeting our data flow. My view is that that we are now less concerned about attackers that are targeting our stored data. I think that file encryption will not stop the bad guys. I found some good news in an interesting report from the Aberdeen Group that revealed that "Over 12 months, data tokenization users had 50% fewer security- related incidents (e.g., unauthorized access, data loss or data exposure than tokenization non-users". Nearly half of the respondents (47%) are currently using tokenization for something other than cardholder data. The name of the study is "Tokenization Gets Traction".

Verizon 2014 data breach investigations report dbir - my view ext

Recommended

Recommended

More Related Content

More from Ulf Mattsson

More from Ulf Mattsson (20)

Recently uploaded

Recently uploaded (20)

Verizon 2014 data breach investigations report dbir - my view ext