Date post: | 17-Jul-2015 |
Category: |
Technology |
Upload: | alert-logic |
View: | 323 times |
Download: | 4 times |
MARKETING AND CYBERSECURITY
Jessica Dickerson – Product Manager
What has Happened in 2014 so far?
Malicious Actors
Rescator
Darklife.WS
Communication
Channels
Graberz.com
Lampeduza, LA
Odessa, Ukraine
Java Developer
Victims
Retail - Target
Retail – Home Depot
Retail – P.F. Changs
Retail – Sally Beauty
Harbour Freight
40Mil Debit & Credit Cards Subtopic
53Mil Debit & Credit Cards Subtopic
2008 One of Three Founders
Profile “Hel”
ICQ 643287365 ICQ 261333 - First Name: Alex | Last Name: Alex
HelKem_Skype
Motivations Political
Attacked Russian site CIH.MS during Ukrainian/Russian Conflict
Hacked CIH.MS CIH.MS Returned Hack & released Data Profile, Pictures & Communication Channels
Online Transactions
Kaddafi.HK Octavian.SU CPRO.SU VOR.CC Tupac.CC Swipe.LU
Attack Vectors
Original prior to late 2013
SQL Injection X-Site Script
Current Attack Vectors Subtopic
Sold 5.3Mil Credit Cards 151,720 Cards actually Sold 421,801 Expired before Sale 28% of the 151,720 Expired while on Market for Sale
WHAT TO EXPECT IN 2015
More and More
• Retail will continue to be a primary target • E-Commerce POS exploits released • The list 300 vulnerable medical devices will grow • The first online paid contract murder to take place • Healthcare and Retail to implement $$ into security programs • Energy sector to continue to be under attack from state
sponsored and hacktivist groups • Emergence of offense security teams
WHY IS MARKETING
DATA AT RISK?
A Lot of Information in a Lot of Places
• Salesforce
• SurveyMonkey
• Customer databases
• POS software
• Servers
• Employee’s computers
Threats in the Cloud are Increasing
• Increase in attack frequency
• Traditional on-premises threats are moving to the cloud
• Majority of cloud incidents were related to web application attacks, brute force attacks, and vulnerability scans
• Brute force attacks and vulnerability scans are now occurring at near-equivalent rates in both cloud and on-premises environments
• Malware/Botnet is increasing year over year
Challenges for Marketing Information
• Malicious employees • Snooping, tweaking data for desired result, sabotage
• Non-malicious disasters or accidents • Everything from a hurricane to a dead hard drive to a lost password
• Corporate espionage • Costs industry 300 billion dollars annually
• Mimicking your company • Phishing, hacktivists
• Stealing data to sell • Credit card data, market profiles, customer information
WHAT TO DO ABOUT IT?
Seven Best Practices of Cloud Security
1. Secure your data 2. Create access management policies 3. Adopt a patch management approach 4. Review logs regularly 5. Stay informed of the latest vulnerabilities that might affect you 6. Understand your cloud service providers security model 7. Understand the shared security responsibility
Organizations and Standards
• Protect Credit Card Data • PCI DSS 3.0
• Protect Medical Data • HiTECH, HIPAA
• Secure coding practices
• International groups working together
What Can You Do?
• Protect your data
• Work with reliable companies
• Create and protect backups
• Test recovery scenarios
• Run anti-malware
• Install patches
It Will Happen – Be Prepared!
• Create a response plan before you’re attacked
• Different approaches for different attacks
• Different levels of communication for different audiences
• What have you put in place?
Thank you.