160 likes | 175 Vues
Learn about cybersecurity and data security risks, protecting your valuable assets, and mitigating breaches. Secure your data with layers of protection and follow best practices. Understand top risks and ways to bolster defenses against hackers, errors, and cyber threats.
E N D
Considerations for Cybersecurity and Data Security in Today’s World ACIL Education Series Presented by | Darrell Laffoon March 25 – 30, 2019Washington, DC
Fundamental Questions • What are cybersecurity and data-security risks? • How can you protect your cyber and data assets
Information Security – Protecting your Most Valuable Asset • “Data is the new oil.” • — Clive Humby
Cybercrime is BIG BUSINESS $1200 $300 $20 $11 $4 Black Market Value Personal Information Date of Birth Medical Insurance Bank Account Visa or MasterCard Complete Identity
The New Oil Fields… 2018 Data Breaches Nearly 87 million Facebook user accounts were compromised after hackers took control of approximately 50 million accounts plus an additional 40 million accounts that may have been accessed. 500 millionStarwood guest reservation database was compromised, including name, address, phone number, date of birth, gender, email address, passport number, and Starwood’s rewards information. 60 million Email address, username, user ID, account number, street address, phone number, authorized users, mailing campaign data, real time tracking data. Under Armour confirmed a breach that impacted 150 million MyFitness Pal users. Usernames, email addresses and hashed passwords were among the information exposed. 92 million MyHeritage users were exposed in a data breach event after a data file containing MyHeritage user login credentials was found on a private server. Government Payment Service leaked personal information of more than 14 million customers including names, addresses, phone numbers, and partial credit card data. A hack by an unauthorized party lead to a data breach at Ticketfly that affected 26 million user names, addresses, email addresses and phone numbers.
SME’s are targets too • Don’t recognize they are a target • Lower InfoSec Budgets • Lack cybersecurity skillsets • Easier to infiltrate 58%
“ There are only two types of companies: those that have been hacked, and those that will be. - Robert Mueller - FBI Director
Accept and understand that you are at Risk • Top Risks • Human Error • Hacker • Extortion • Hactivism • Espionage
Information Security Hygiene Top level information protection and privacy controls are an absolute necessity
Layered Security – Prevent, Detect & Manage Reduce the attack surface
Information Security Plan Information Security Governance The goal is to meet and exceed the strictest policies and controls • Enterprise Wide Security Policies • Security Committee • Industry Standards/ Best Practices • Compliance & Certification • 3rd Party Auditing, Testing • Strict Role Based Access Control • Strict Change Management • Disaster Recovery/BCP • Training & Education Standards & Best Practices 3rd Party Certifications Job #1 - 24/7 x 365 • Defense in Depth & Breadth • Principle of Least Privilege • Multi-Factor Authentication • Secure Profile • Triple Layer Encryption • Independent Testing & Verification Threat Assessment & Response Independent Auditors & Testing Partner Security Assessments
“ Football is two things. It’s blocking and tackling. I don’t care about formations or new offenses or tricks on defense. You block and tackle better than the team you’re playing, you win. – Vince Lombardi
Information Security 101 Protect yourself, your employees, your customers and your business Leverage cloud and vendor to reduce attack surface Prevent Detect Manage Seek guidance from cybersecurity experts