Considerations for Cybersecurity and Data Security in Today’s World

1. Considerations for Cybersecurity and Data Security in Today’s World ACIL Education Series Presented by | Darrell Laffoon March 25 – 30, 2019Washington, DC

2. Can you survive a breach?

3. Fundamental Questions • What are cybersecurity and data-security risks? • How can you protect your cyber and data assets

4. What are cybersecurity and data-security risks?

5. Information Security – Protecting your Most Valuable Asset • “Data is the new oil.” • — Clive Humby

6. Cybercrime is BIG BUSINESS $1200 $300 $20 $11 $4 Black Market Value Personal Information Date of Birth Medical Insurance Bank Account Visa or MasterCard Complete Identity

7. The New Oil Fields… 2018 Data Breaches Nearly 87 million Facebook user accounts were compromised after hackers took control of approximately 50 million accounts plus an additional 40 million accounts that may have been accessed. 500 millionStarwood guest reservation database was compromised, including name, address, phone number, date of birth, gender, email address, passport number, and Starwood’s rewards information. 60 million Email address, username, user ID, account number, street address, phone number, authorized users, mailing campaign data, real time tracking data. Under Armour confirmed a breach that impacted 150 million MyFitness Pal users. Usernames, email addresses and hashed passwords were among the information exposed. 92 million MyHeritage users were exposed in a data breach event after a data file containing MyHeritage user login credentials was found on a private server. Government Payment Service leaked personal information of more than 14 million customers including names, addresses, phone numbers, and partial credit card data. A hack by an unauthorized party lead to a data breach at Ticketfly that affected 26 million user names, addresses, email addresses and phone numbers.

8. SME’s are targets too • Don’t recognize they are a target • Lower InfoSec Budgets • Lack cybersecurity skillsets • Easier to infiltrate 58%

9. “ There are only two types of companies: those that have been hacked, and those that will be. - Robert Mueller - FBI Director

10. Accept and understand that you are at Risk • Top Risks • Human Error • Hacker • Extortion • Hactivism • Espionage

11. How can you protect your cyber and data assets?

12. Information Security Hygiene Top level information protection and privacy controls are an absolute necessity

13. Layered Security – Prevent, Detect & Manage Reduce the attack surface

14. Information Security Plan Information Security Governance The goal is to meet and exceed the strictest policies and controls • Enterprise Wide Security Policies • Security Committee • Industry Standards/ Best Practices • Compliance & Certification • 3rd Party Auditing, Testing • Strict Role Based Access Control • Strict Change Management • Disaster Recovery/BCP • Training & Education Standards & Best Practices 3rd Party Certifications Job #1 - 24/7 x 365 • Defense in Depth & Breadth • Principle of Least Privilege • Multi-Factor Authentication • Secure Profile • Triple Layer Encryption • Independent Testing & Verification Threat Assessment & Response Independent Auditors & Testing Partner Security Assessments

15. “ Football is two things. It’s blocking and tackling. I don’t care about formations or new offenses or tricks on defense. You block and tackle better than the team you’re playing, you win. – Vince Lombardi

16. Information Security 101 Protect yourself, your employees, your customers and your business Leverage cloud and vendor to reduce attack surface Prevent Detect Manage Seek guidance from cybersecurity experts