Data erasures role in limiting cyber attacks
-
Upload
blancco -
Category
Technology
-
view
223 -
download
0
Transcript of Data erasures role in limiting cyber attacks
DATA ERASURE’S ROLE IN LIMITING YOUR EXPOSURE TO CYBER ATTACKS
MEET OUR SPEAKER
2
Richard StiennonChief Strategy Officer
Blancco Technology Group
Seasoned cyber security/data privacy expert
Three-time cyber security authorWashington Post bestseller
Featured/quoted in WSJ, NY Times, Forbes, etc.
WHAT WE’LL EXPLORE
The Current State of Cyber Security
Data Erasure’s Place in the Cyber Kill Chain
Limit Exposure Through Information Lifecycle Management
Monstrous Cyber Attacks & Their Impact on Businesses
THE CURRENT STATE OF CYBER SECURITY
Malicious Attacks Occur Each Month
5
10%
4%
9%Hacking
Loss of IPDoS
Attacks 15%
10%
10% Physical LossInsider DamagePhishing
Source: ISACA, “State of Cybersecurity Implications for 2016”
Likelihood of Cyber Attacks in 2016
6
Source: ISACA, “State of Cybersecurity Implications for 2016”
Which of the following cyber security threats poses the greatest risk to your organization?• Malware• Compromised credentials• Exploited system vulnerabilities • Hacked interfaces and APIs• Improper/incomplete data removal • Lost/stolen laptops and mobile devices• Insecure disposal of storage equipment• Broken authentication• Broken encryption keys• Advanced persistent threats (APT)
Live Audience Poll
MONSTROUS CYBER ATTACKS & THEIR IMPACT ON BUSINESSES
Sony Pictures: Hack of the Century
9
47,000 Social Security
Numbers Leaked
100 Terrabytes of Data Stolen
4 Unreleased Films Leaked to Piracy Sites
Sensitive & Inappropriate Emails Leaked
Special Deleting Algorithm Rendered Computers & Servers ‘Brain-Dead’
Studio Executives’ Salaries Revealed
Saudi Aramco: 2012 Attack Massively Disrupts
Business
10
01 02 03 04
35,000 Computers
Partially Wiped or Totally Destroyed
Computer Technician
Opened Scam Email & Clicked
on Bad Link
Flickering Screens &
Disappearing Files
Computers Shut Down
The company temporarily stopped selling oil to domestic gas tank trucks. After 17 days, the corporation relented and started giving oil away for free to keep it flowing within
Saudi Arabia.
Buckshot Yankee: Worst Breach of U.S. Military
Computers
11
Malicious Code Uploaded onto Central Command Network
Classified Data Transferred to Servers Under
Foreign Control
Every Windows Machine in U.S. Military Reimagined, Costing $1 Billion
Flash Drive Inserted in Military Computer Used on Middle East
Post
12
Live Audience Poll
Which one of the following consequences are you most concerned will result from a cyber attack?
• Audit conducted by regulatory body• Lawsuits filed by customers• Fines imposed by regulatory authorities• Customer complaints• Diminished sales and revenue• Lost customers/terminated contracts• Damaged reputation/negative publicity • Falling stock price• Investor fallout• Other
DATA ERASURE’S PLACE IN THE CYBER KILL CHAIN
IT Asset DisposalWiping Executives’
Devices
Reduction of Total Targets
Data Hygiene
The Cyber Kill Chain
Reduce Attack Surface Area and Threat Reduction
Storage may be inexpensive, but protecting data is not
If data isn’t kept unnecessarily and is removed permanently, cyber risks and attacks can be prevented
LIMIT EXPOSURE THROUGH INFORMATION LIFECYCLE MANAGEMENT
Stage 1: Create
18
Create New Digital Content or Update/Modify Existing Content
Every day, we create
2.5 Quintillion bytes of data
90% of all data in the world today was
produced in the last 2 years
How can you protect data during this stage?
Manage and monitor access controlImplement threat detection & scanning software
Classify & tag data so it can be found quickly and efficiently
Stage 2: Store
19
Commit Digital Data to Storage Repository
How can you protect data during this stage?
Manage and monitor access controlEncrypt sensitive data
Back up data for recovery or restoring lost/corrupted files
Stage 3: Use
20
View, Process & Use Data for Some Sort of Activity
How can you protect data during this stage?Manage and monitor access control
Encrypt sensitive dataCreate data loss prevention processes/tools to detect potential data breaches
Impose technological restrictions that control what users can do with digital information and media
Companies who use big data to drive business
decisions experience
20x more profit growth
Stage 4: Share
21
Make Information Accessible to Other Parties, Internally or Externally
How can you protect data during this stage?Manage and monitor access control
Encrypt sensitive dataCreate data loss prevention processes/tools to detect potential data
breachesImpose technological restrictions that control what users can do with digital
information and media
Stage 5: Archive
22
Move Inactive Data to Long-Term Storage
How can you protect data during this stage?Manage and monitor access control
Encrypt sensitive data
Stage 6: Destroy
23
Erase Data According to Content Type, Usage, Retention Requirements and Application
How can you protect data during this stage?Manage and monitor access controlErase data securely and verifiably
24
Live Audience Poll
Where does data removal fit into your organization’s cyber security priorities?
• Top priority• Somewhat of a priority• Minimal priority• Not a priority at all
Auditors
Cost of Data Protection
Laws
Regulations
Risk of Data Loss
Profit
Hig h
er N
eed
Prevalence
The Hierarchy of Data Erasure’s Need & Value
CONTENT YOU MAY FIND USEFUL:“The Information End Game: What You Need to Know to Protect Corporate
Data Throughout its Lifecycle”: http://www2.blancco.com/en/white-paper/the-information-end-game-what-you-need-to-know-to-protect-corporate-data
“Data Storage Dilemmas & Solutions”:
http://www.slideshare.net/BlanccoTechnologyGroup/data-storage-dilemmas-solutions
Try Blancco 5 For Free & Erase Data Permanently: http://www2.blancco.com/blancco-5