Upload
kevin-wharram
View
664
Download
3
Embed Size (px)
DESCRIPTION
Presentation on Data Theft and Data Leakage.
Citation preview
Do you know where your data is?Kevin Wharram - Guidance Software the Maker of ‘EnCase’
Your Logo Here 2
Agenda
Welcome and Introduction
Cause and Cost of data breaches
Get an understanding of Data Movement
Identify Challenges in protecting data (via theft and leakage)
Differentiate between Data theft / Data leakage
What to do after you have a had a data breach
Identify some methods on getting started in protecting corporate data
Your Logo Here
Welcome
Kevin Wharram CISSP, CISM, CEH, 27001 Lead Auditor My interests are in – Data Privacy & Data Protection
Technical Manager – Guidance Software Inc.
Previous to Guidance Software – I was the European Security Manager for Sony Computer Entertainment Europe (PlayStation) in London
3
Your Logo Here 4
Vusi Pikoli
Where is my Data?
Your Logo Here
Old hard drives still full of sensitive data
Hard drives full of confidential data are still turning up on the second-hand market, researchers have reported.
T.J. Maxx Breach Costs Hit $17 Million
BOSTON - Information from at least 45.7 million credit and debit cards was stolen by hackers who accessed TJX’s customer information in a security breach that the discount retailer disclosed more than two months ago.
Thieves setup data supermarkets
Web criminals are stepping back from infecting computers themselves and creating "one-stop shops" which offer gigabytes of data for a fixed price. Credit card details are cheap, however, the log files of big companies can go for up to $300
Industry Headlines
5
Your Logo Here
Source : The Ponemon Institute - (PGP Survey)
Cause of Data Breaches
6
Your Logo Here
Key Statistics
Data breaches cost US companies an average of $197 for every record lost
The size of the losses examined ranged from from $225,000 to almost $35 millionSource : The Ponemon
Institute
7
Cost of Data Breaches
Your Logo Here
Intellectual Property Design Documents
Source Code
Trade secrets
Corporate Data Financial data
Mergers & Acquisition info
HR data i.e. employee data
Marketing and Sales data
Customer Data Personal Data
Credit card numbers
Customer financial data
Government Data Economic data i.e. Interest
Rate – “what is it worth a day before its released?”
Intelligence information
Law Enforcement Information
What type of Data are at Risk?
8
Your Logo Here
Being recieved?Where is your Data Stored? - Data at Rest
Is your sensitive data stored in unauthorised locations in your network ? Do you have sufficient controls in place to protect your sensitive information? What individuals have access to your sensitive information?
Where is your Data being sent? – Data in Motion
Who is sending your sensitive data; is it “Personal Data, IP, etc?” Do individuals have the right authorisation to view the data after they have
received it? Where about is your sensitive data being sent within your network – is it
accessible to anyone”?Where is your Data being copied?
What devices is the data being copied onto – USB, iPods, CD / DVD etc?
What data is being copied – is it “Personal Data, IP, etc?” How many portable USB devices have been connected to
systems to copy data?
Understanding Data Movement
9
Your Logo Here
Confusing Regulatory environment – Protection of Personal Information Act, EU Data Protection Directive 95/46/EC , KING II, PCI compliance
Legal and Regulatory Violations Caused by not protecting personal data
Ensuring sensitive data is not located in unauthorised areas of the network
Not being able to remediate instances of confidential information residing where it shouldn't be
Not knowing if the companies Intellectual Property (IP) and Personal Data (PII) is currently being protected by controls currently in place
Challenges facing Companies
10
Your Logo Here
Data Theft & Data Leakage
11
Your Logo Here
Data Theft - where someone takes information from an organization without permission, including:
Accessing a company network or computer to take data – e.g. “TJ Max” & “Vusi Pikoli computer being hacked”
Employees taking data from the company when they leave for a new job – i.e. customer information, marketing plans, etc
An employee taking hard copies of information that should remain within the company i.e. product information, IP, etc
Data Theft
12
Your Logo Here
Data Leakage - the unintentional release of data from a secure to an insecure environment, including:
Loss of computer tapes, hard drives, computers, etc
Posting information on blogs, and message boards
Sending emails to the wrong recipient A computer being accessible from the
Internet without proper information security precautions
Old computers, laptops, servers, etc – “is the information securely wiped?”
Shoulder Surfing RFID, Infrared (Adam Laurie), P2P, etc
Data Leakage
13
Your Logo Here
Lack of senior management understanding and recognition of a problem
Criminal / Malicious Intent
Lack of internal processes and controls
Weak internal controls (role and access right changes)
Lack of clear policies and enforcement, (e.g. Clear Desk Policies)
Misconception that security products will solve all problems i.e. - "I have all the bells and whistles"
Vulnerability Management / Patching practices
Organisation Culture (they owe me attitude)
Incidental opportunities
What leads to Data Theft?
14
Your Logo Here
Lack of Senior Management support
Lack of internal Processes and controls
Weak internal controls i.e.(role and access right changes) – example "SocGen incident"
Lack of security awareness among employees
Misconception that security products will solve all problems
Vulnerability Management
Patching practices
What leads to Data Leakage?
15
Your Logo Here
Portable storage devices – USB, Cameras, PDA’s etc
iPods and MP3 players – “PodSlurping”
email – personal webmail i.e. Yahoo, Google, etc
Taking out or sending DVD / CD’s
VOIP - All conversations are stored electronically, and therefore can be extracted
Spear Phishing – targeting specific companies for information; then using that information to steal data
Exploiting corporate systems, networks and laptops through system and software vulnerabilities
Printing / copying and taking off premises
Using telephone conference pin numbers
How is Data Taken
16
Your Logo Here
My Data is gone! – “what do I do?”
17
Your Logo Here
Don’t panic
Follow your incident response plan and procedures
Investigate completely using a forensically sound court validated investigation platform
Disclose information only on a need to know basis
If there has been a leak or theft of personal data, then you will have to notify the commission and the individuals concerned of the data breach – “Principle 6” of the Protection of Personal Information Act
Clean up & Remediate
Incident Response
18
Your Logo Here
Countermeasures to Protect Data
19
Your Logo Here
Identify & Classify Information
1
Identify & Classify Information
Identify confidential, personal and sensitive information
Update information classifications based on best practices
Apply classification(s) to distinguish types of confidential information
20
Your Logo Here
Assess Risks
2
Identify business processes, systems, and information that are perceived to be of high risk to the business
Identify which information should be protected
Determine perceived risks and severity of information loss
Assess Risks
21
Your Logo Here
Develop and apply Policies, and Procedures
Develop and apply Policies, Procedures
3
Compare your existing Data Classification, Information Protection policies, etc to best practice
Develop or implement Data Classification, Information Protection policies, and distribute the policies to users
22
Your Logo Here
Audit Data
4
Deploy Technologies that Audit Data and Enforce Policies
Use software to audit sensitive data to ensure it’s not located in unauthorised areas of your network and systems
Remediate instances of sensitive data residing where it shouldn’t be
EnCase Data Audit & Policy Enforcement
23
Your Logo Here
Communicate & Monitor
Communicate & Monitor to assess use & Compliance
5
Educate users about the policies and other security issues
Ensure that users have read, understood and have accepted the policies
Continually monitor through the use of tools that that the policies are not breached
24
Your Logo Here
Identify and categorise what data you have
Decide where it is most secure
Determine the risks of how it could leak
Plan what to do if it does leak
Implement 'best practice' security measures
Summary
25
Questions?