Beyond Accidental Data Beyond Accidental Data LeakageLeakage

A simple, easy to use, online, B2B procurement portal for purchasing products and services to

identify, minimise and manage the security threat to business data.

www.riskfactory.com

Read All About It…Read All About It…

TJX Data Breach: At 45.6M TJX Data Breach: At 45.6M Card Numbers, It's the Card Numbers, It's the

Biggest EverBiggest Ever (March 2007)(March 2007)

““We may never be able to identify much of the We may never be able to identify much of the information believed stolen." information believed stolen."

The company has so far spent about The company has so far spent about $250+ million to resolve it$250+ million to resolve it

($1B+ estimate in cases / lost revenue)($1B+ estimate in cases / lost revenue)

TJX Data Breach: At 45.6M TJX Data Breach: At 45.6M Card Numbers, It's the Card Numbers, It's the

Biggest EverBiggest Ever (March 2007)(March 2007)

““We may never be able to identify much of the We may never be able to identify much of the information believed stolen." information believed stolen."

The company has so far spent about The company has so far spent about $250+ million to resolve it$250+ million to resolve it

($1B+ estimate in cases / lost revenue)($1B+ estimate in cases / lost revenue)

Leakage DefinedLeakage Defined

Data-Leakage is a loosely defined term used to describe an incident where the confidentiality of information

has been compromised.

• Data-Breach and Information Loss are also widely used terms

• Data Slurping: The use of iPODs or portable USB hard drives

Who’s Leaking? Who’s Leaking?

www.privacyrights.org

www.datalossdb.org

Who’s Leaking ? Who’s Leaking ?

Who’s Leaking? Who’s Leaking?

The government sector accounted for 35% of reported data loss with 20% Education and 10% Healthcare and remainder reported in private sector…

The LeakersThe Leakers

External Internal

What's LeakingWhat's Leaking

Biggest Leakers? Biggest Leakers?

FBI/Computer Security Institute 2011:

85% of all offenders prosecuted for cyber crimes were

employees of the company attacked

Top 10 MotivesTop 10 Motives

1. Money

2. Dosh

3. Moola

4. Bread

5. Baksheesh

6. Scratch

7. Cabbage

8. Sheckles

9. Chicken Feed

10. Wampum

Accidents Can HappenAccidents Can Happen

• Accidental / unintentional• Carelessness • Leaving sensitive information accessible to others• Loosing a laptop• Sending email to mistaken name or “all”• Malicious code (viruses, worms, Trojan horses)• Suspicious email, jokes, etc.

Beyond Accidental Beyond Accidental

• Malicious / intentional vandalism / delinquency

• Bulletin board postings (Fu*kedCompany, Dotcomscoop, Deja)

• Disgruntled employees• Forwarding company data

to home email, time bombs, deletion of data

You Can Find You Can Find • Without hacking• Without intrusion (denial of service)• Without breaking any law• With consent of firewall• Regardless of company consent• With consent of end-user / author• Virtually untraceable• Replicable millions of times• Available to anyone with a PC online• Accessible anywhere in the world

Potential M&A Org RestructurePotential M&A Org Restructure

Private Company’s Share PlanPrivate Company’s Share Plan

Internal ReorganizationInternal Reorganization

Banking StatementsBanking Statements

Client Contact List Client Contact List

Research DataResearch Data

Airplane SpecificationsAirplane Specifications

Airplane SpecificationsAirplane Specifications

Flight Simulation DataFlight Simulation Data

Flight Sim. Data – Engine FailureFlight Sim. Data – Engine Failure

The Where?The Where?

Beyond Accidental IIBeyond Accidental II

The trusted user turned entrepreneur

Under cover / overlookedEasy to trust / hard to detectHas a key to the houseKnow’s when you’re not homeKnows your strengths / weaknessesWhy do they do it?

That’s Where The Money Is…That’s Where The Money Is…

Easy Money Getting EasierEasy Money Getting Easier2000

Name, Address DOB = £2.00

Credit card # = £2.00

Expiry date = £ 3.00

Security Code = £3.00

Total = £10.00

2005Name, Address DOB = £1.00

Credit card # = £1.00

Expiry date = £ 1.00

Security Code = £2.00

Total = £5.00

2010Name, Address DOB = £.25

Credit card # = £.25

Expiry date = £ .25

Security Code = £.25

Total = £1.00

Where to Start ?Where to Start ?

Conduct data leakage survey

– ITM software– Logical review– Physical review

Detecting the Covert ChannelsDetecting the Covert Channels

1. Check classification scheme & security policies

2. Write policy-synchronised objective & scope

3. Identify keywords/folders & files

4. Identify target department

5. Get Board-level approval before you start

6. Deploy data leakage detection software (30-60 free trials!)

7. Audit office equipment (copy machine, faxes, scanners)

8. Audit VoIP storage access logs

9. Audit CCTV footage

10.Test physical/procedural security measures

Where Is Your Data?Where Is Your Data?

• Network• Client devices: removable media,

unauthorised connections, devices, applications, local storage, file copy, save as….

• Remote connections• Storage: photocopiers, scanners, faxes

• 3rd Parties• Service Providers• Contractors

How & Where Leaking?How & Where Leaking?

Endpoint

Social Engineering

Data-In-Motion

Data-At-Rest

Physical

Data Loss

Laptop / Desktop

Server

CD / DVD

USB iPod

Memory Stick

PCMCIA

Memory Card Readers

Communication

Bluetooth

Infrared

Firewire

Serial / Parallel Ports

Virtual Machine

Other Threat Vectors

Screen Scrapers

Trojans

Key Loggers

Phishing / Spear Phishing

Piggybacking

Dumpster (Skip) Diving

Contractors

Road Apple

Eavesdropping

E-Mail

HTTP/S

SSH

FTP

IM

VoIP

P2P

Blogs

Databases

File Systems

File ServersNAS

SANs / iSCSI Storage

Voice Mail

Video Surveillance

Printers

Backup Tapes / CD / DVD

Laptop / Desktop / Server

Fax

Photocopier

Mobile Phone / PDA

Digital Camera (incl. Mobile Phone Cameras)

Incorrect Disposal

Printed Reports

Free Advice… Free Advice…

• Stay focussed. Follow the White Rabbit.

• Stay cool. Stay professional.

• Be a-political. No hidden agendas.

• Be prepared. You will see the Sexy Beast.

• Remember: What you will see is not new.

• You’ll see how the business really operates

But Remember But Remember

“When the Gods want to punish us, they answer our prayers.”

Top Ten DistractionsTop Ten Distractions

• Employees viewing porn / shopping …• Management viewing porn / shopping…• Clandestine affairs• Personal affairs• Rumours • Employees falsifying company records (expense

accounts)• Employees running a side business• Convenience connections

Risk Factory SurveyRisk Factory Survey

• Analysed over 200,000 hours of user activity

• Carried out over 24 months

• Linked to specific files, folders, and keywords

• Identified the who, what where & when

Who?Who?

How?How?

Summary FindingsSummary Findings

• 68% theft linked to mobile rather than fixed desktop systems.

• IT and Customer Services Departments highest number data thefts.

• 96% male

• 79% incidents occurred on Fridays between 3 and 5PM.

• Applications most favoured to remove data were identified as web mail, instant messaging (IM) and social networking web sites.

• The top 4 theft vectors were identified as mobile devices, web mail, removable media and web applications.

• All instances identified could have been prevented. Existing corporate security policies were not implemented, monitored or enforced.

Prevention Steps Prevention Steps

Step 1: Classification scheme

Step 2: Education & awareness

Step 3: Locate & marking

Step 4: Implement defensive measures

Step 5: Monitor, enforce, report

Defense Must Be LayeredDefense Must Be Layered

Perimeter security

Strong authentication

IDS/IPS

Anti-virus

URL filtering

Viruses

NetworkLayer Attacks

InappropriateContent

HackersSpyware

UNAUTHORISED APPLICATION USECut, Copy, Paste, Print, Rename, Save As

UNAUTHORISED APPLICATIONSMalware, IM, Webmail, Skype, MySpace, file sharing

UNAUTHORISED FILE COPYING & OUTPUT DEVICESLocal file copies (removable storage, mobile devices), printers, copiers, faxes

UNAUTHORISED CONNECTIONSWireless (802.11, Bluetooth, IR,

GPRS/UMTS/HSPDA), Modems

Obligatory Summary SlideObligatory Summary Slide

• Data leakage is not a phenomenon

• Your data worth money - treat it accordingly

• Statistically speaking, bad guy works for you

• Know where your data resides: exit end points, at rest and in motion…

• Its all about the user

26 Dover Street 26 Dover Street LondonLondon

United KingdomUnited KingdomW1S 4LYW1S 4LY

+44 (0)20 3586 1025+44 (0)20 3586 1025+44 (0)20 7763 7101(fax)+44 (0)20 7763 7101(fax)