MARKETING AND CYBERSECURITY

Jessica Dickerson – Product Manager

What has Happened in 2014 so far?

Malicious Actors

Rescator

Darklife.WS

Communication

Channels

Graberz.com

Lampeduza, LA

Odessa, Ukraine

Java Developer

Victims

Retail - Target

Retail – Home Depot

Retail – P.F. Changs

Retail – Sally Beauty

Harbour Freight

40Mil Debit & Credit Cards Subtopic

53Mil Debit & Credit Cards Subtopic

2008 One of Three Founders

Profile “Hel”

ICQ 643287365 ICQ 261333 - First Name: Alex | Last Name: Alex

HelKem_Skype

Motivations Political

Attacked Russian site CIH.MS during Ukrainian/Russian Conflict

Hacked CIH.MS CIH.MS Returned Hack & released Data Profile, Pictures & Communication Channels

Online Transactions

Kaddafi.HK Octavian.SU CPRO.SU VOR.CC Tupac.CC Swipe.LU

Attack Vectors

Original prior to late 2013

SQL Injection X-Site Script

Current Attack Vectors Subtopic

Sold 5.3Mil Credit Cards 151,720 Cards actually Sold 421,801 Expired before Sale 28% of the 151,720 Expired while on Market for Sale

WHAT TO EXPECT IN 2015

More and More

•  Retail will continue to be a primary target •  E-Commerce POS exploits released •  The list 300 vulnerable medical devices will grow •  The first online paid contract murder to take place •  Healthcare and Retail to implement $$ into security programs •  Energy sector to continue to be under attack from state

sponsored and hacktivist groups •  Emergence of offense security teams

WHY IS MARKETING

DATA AT RISK?

A Lot of Information in a Lot of Places

•  Salesforce

•  Google

•  SurveyMonkey

•  Customer databases

•  Email

•  POS software

•  Servers

•  Employee’s computers

Threats in the Cloud are Increasing

•  Increase in attack frequency

•  Traditional on-premises threats are moving to the cloud

•  Majority of cloud incidents were related to web application attacks, brute force attacks, and vulnerability scans

•  Brute force attacks and vulnerability scans are now occurring at near-equivalent rates in both cloud and on-premises environments

•  Malware/Botnet is increasing year over year

Challenges for Marketing Information

•  Malicious employees •  Snooping, tweaking data for desired result, sabotage

•  Non-malicious disasters or accidents •  Everything from a hurricane to a dead hard drive to a lost password

•  Corporate espionage •  Costs industry 300 billion dollars annually

•  Mimicking your company •  Phishing, hacktivists

•  Stealing data to sell •  Credit card data, market profiles, customer information

WHAT TO DO ABOUT IT?

Seven Best Practices of Cloud Security

1.  Secure your data 2.  Create access management policies 3.  Adopt a patch management approach 4.  Review logs regularly 5.  Stay informed of the latest vulnerabilities that might affect you 6.  Understand your cloud service providers security model 7.  Understand the shared security responsibility

Organizations and Standards

•  Protect Credit Card Data •  PCI DSS 3.0

•  Protect Medical Data •  HiTECH, HIPAA

•  Secure coding practices

•  International groups working together

What Can You Do?

•  Protect your data

•  Work with reliable companies

•  Create and protect backups

•  Test recovery scenarios

•  Run anti-malware

•  Install patches

It Will Happen – Be Prepared!

•  Create a response plan before you’re attacked

•  Different approaches for different attacks

•  Different levels of communication for different audiences

•  What have you put in place?

Thank you.