data breach presentation

Minimizing the Risk of aData Breach in the Workplace

December 8, 2015Bradford Bach

Bradford Bach | [email protected] | 213.784.3070

High profile security breaches make news


Cyber thieves target smaller companies!

• They are not prepared• They don’t understand their legal obligations• They have financial liability• They are the nexus for larger company breaches


Cyber attacks are on the rise• Nations, groups & individuals are targeting– Institutions– Financial services agencies– Utilities– Consumers

• 43 percent of US firms have experienced a data breach in the past year (survey of 735 businesses)

Source: Pew Research Center and Ponemon InstituteBradford Bach | [email protected] |

213.784.3070

What are the hackers looking for?• Credit card details• Bank account numbers and PIN’s• Social security numbers• Passport numbers• Drivers licenses• Usernames and passwords• Birthdays and anniversaries


Management’s concern about data breach

Percentage concern level on 10-point scale Source: Ponemon Institute


Key steps companies have taken• Recognized the need for a stronger cyber

defense posture• Allocated resources to preventing, detecting

and resolving data breaches• Developed operations and compliance

procedures• Established Computer Security Incident

Response Teams (SIRT)


Investments in response to data breaches

Source: Ponemon Institute


What constitutes an incident?• Report of a physical or criminal act (e.g.: theft of

a computer, laptop, tablet or PDA)• Suspicion that a device has been compromised to

allow access to sensitive data• Security issue with a person using equipment• Other circumstances that warrant investigation

include disruptive viruses, denial of service attacks, malware, phishing scams, spam etc.



Are you prepared?• Are you working with your IT team to ensure that

you have appropriate security controls in place?• Do you have a SIRT team in place including

general counsel, executives, key personnel & IT?• Have you implemented best practices policies

and procedures to secure your network?• How are you funded to cover the legal

compliance and costs associated with a breach?• Do you know what laws impact your industry?

Cybercrime example


SIRT response teams and plan minimums

1. Planning: Have shared goals and describe them in detail2. The Team: Identify, inform and train those you

expect to take action



3. Incident identification methods and triggersDefine events and mechanisms that might trigger a

security incident investigation. Provide examples to help others understand what to look for and how to respond.

• Theft or loss of an unencrypted device• Hacking of a system containing protected data• Employee snooping• Malware capable of data exfiltration



4. Breach determination methodologyHow will you determine if protected data was likely to have been compromised based on the attack, data classification, jurisdiction and particular regulations?

Use the four factor risk assessment methodology required for healthcare data. If there is a probability of compromise, then you have suffered a breach. The four factors are:

• The nature and extent of the protected information involved, including the types of identifiers and the likelihood of re-identification;

• The unauthorized person who used the protected information or to whom the disclosure was made;

• Whether the protected information was actually acquired or viewed;• The extent to which the risk to the protected information has been mitigated.



5. Breach response team activationThis will include members of the CIRT but those that are

normally not included in incidents that do not convert to a breach. They can be both internal and external including:

• Technical• Executive• Legal and compliance• Public relations• Security vendors, etc.



6. Notification actionsNotification requirements vary by statute, state and data class. It is important to know the requirements for each class of data you possess.

7. Reporting and documentationIt is critical that you produce accurate and complete documentation of the events, actions, and results that occur as the result of a security incident. Be sure to spend the time required to accurately portray what happened, who did what, to what and with what? Keep copies of all communications, notifications and any and all activity.



8. Policy and procedural or technological improvement

After a significant security incident and breach is a great opportunity to improve upon the policies and procedures to prevent another breach in the future and how to respond if it happens again. Take this opportunity to consider what happened and how you reacted. Then consider and document ways to improve on both.


Training and updating staffOnce you have created your Computer Security Incident Response Plan and when you use the plan to respond; you should then train your staff effectively and consistently.


Training and updating staff• Having plans for which staff are either unaware of

or are not familiar with when it is time to act is much like having no plans at all.

• A lack of training can lead to inaction, delays and mistakes which are avoidable and can be incredibly costly. Empower your employees to be confident and ready to act when the inevitable occurs.


Breakdown of Events Impacting Security

Source: Pew Research Center and Ponemon InstituteBradford Bach | [email protected] | 213.784.3070

Social networking scams

Source: Ponemon Institute


Understand your specific legal obligations

• Health Information Portability & Accountability Act (HIPAA)• Health Information Technology for Economic and Clinical Health Act

(HITECH)• Customs-Trade Partnership Against Terrorism (C-TPAT)• Fair and Accurate Credit Transaction Act (FACTA) includes Red Flags Rule• North American Electric Reliability Corp. (NERC) • Critical Infrastructure Protection (CIP)• International Trafficking in Arm Regulation (ITAR)• Criminal Justice Information Services (CJIS)• Federal Information Processing Standards (FIPS)• Federal Information Security Management Act (FISMA)• The Children’s Online Privacy Protection Act (COPPA)


Be prepared!• Addressing regulatory issues should go beyond

meeting minimum requirements. It should also introduce efficiencies and processes that improve your overall business.


Areas of focus to be defensible in 2016

1. Do a vulnerability or security assessment 2. Conduct patching for software security updates 3. Implement e-mail spam/malware filtering with link

reputation checking 4. Set up a network security policy 5. Antivirus/malware 6. Cultivate a culture of safety with end-user

training • Source:: Leading Security Experts Alvaka Networks


Areas of focus to be defensible in 2016

7. Implement backup and disaster recovery/business continuity

8. Network monitoring is an important function 9. Utilize the full security potential of VLAN and VPN 10.Go for an up-to-date firewall/UTM technology, IPS/IDS 11.Dual factor authentication provides greater security 12.Make sure you do your budgeting and ROI on security

measures

Source:: Leading Security Experts Alvaka Networks


Bradford Bach | bbach@titan-

ca.com | 213.784.3070