SESSION ID:SESSION ID:

#RSAC

Troy Hunt

Lessons from Billions of Breached Records

HUM-F01

troyhunt.com@troyhunt

David GibsonVP of StrategyVaronis Systems@dsgibson

#RSAC

#RSAC

How do we think of hackers?

#RSAC

#RSAC

#RSAC

#RSAC

#RSAC

#RSAC

#RSAC

#RSAC

#RSAC

Ryan Cleary (19)

#RSAC

Jake Davies(18)

#RSAC

Discovery

#RSAC

#RSAC

#RSAC

#RSAC

Breach verification

#RSAC

21

#RSAC

#RSAC

0

100

200

300

400

500

600

700

800

900

1,000

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Resp

onse

tim

e (m

s)

Login attempt

How long does a login attempt take?

#RSAC

#RSAC

#RSAC

#RSAC

Company responses

#RSAC

“We figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act”

#RSAC

#RSAC

“We have run the full security protocol implemented in these cases and conclusively determined that our servers were not involved”

“We identified that a human error caused those decrypted files to be exposed to a public facing server and this was the source of the data loss”

“data incident”

“Regpack systems were not breached”

#RSAC

#RSAC

The press

#RSAC

#RSAC

#RSAC

#RSAC

#RSAC

3 Actionable Lessons From Data Breaches

37

Prepare to be breachedCryptographic storage, can’t-lose-what-you-don’t-havePerimeter defences, logging, internal preventive & detective controls

Prepare to receive vulnerabilities reportsMake it easy to reportBug bounties rock!

Prepare a planIncident response, disaster recoveryDisclosure obligations and early comms

SESSION ID:SESSION ID:

#RSAC

Troy Hunt

Lessons from Billions of Breached Records

HUM-F01

troyhunt.com@troyhunt

David GibsonVP of StrategyVaronis Systems@dsgibson