Security Breaches: How to Prepare and Respond

Similar documents
Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Mastering Data Privacy, Social Media, & Cyber Law

Cybersecurity in Higher Ed

Data Compromise Notice Procedure Summary and Guide

Privacy & Information Security Protocol: Breach Notification & Mitigation

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Breach Notifications: How to Handle Breaches Across Jurisdictions. Moderated by: Zach Warren, Editor-in-Chief, Legaltech News

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

What is Cybersecurity?

Cybersecurity The Evolving Landscape

Incident Policy Version 01, April 2, 2008 Provided by: CSRSI

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Data Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001)

Navigating Regulatory Impacts of a Financial Services Data Breach

You ve Been Hacked Now What? Incident Response Tabletop Exercise

Legal Aspects of Cybersecurity

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW

Information Security Incident Response Plan

Information Security Incident Response Plan

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Incident Response: Are You Ready?

(c) Apgar & Associates, LLC

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016

Why you MUST protect your customer data

Data Privacy Breach Policy and Procedure

Cyber Attacks and Data Breaches: A Legal and Business Survival Guide

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

Credit Card Data Compromise: Incident Response Plan

ID Theft and Data Breach Mitigation

Cybersecurity is a Company-Wide Issue

What to do if your business is the victim of a data or security breach?

NYDFS Cybersecurity Regulations

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

CRIMINAL NETWORK INTRUSION AND DATA THEFT: Today s Security Landscape and What to Do If You ve Been Compromised

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

The Impact of Cybersecurity, Data Privacy and Social Media

CCISO Blueprint v1. EC-Council

Keeping It Under Wraps: Personally Identifiable Information (PII)

STATE OF NEW JERSEY. ASSEMBLY, No th LEGISLATURE. Sponsored by: Assemblywoman ANNETTE QUIJANO District 20 (Union)

Cyber Security Issues

T11: Incident Response Clinic Kieran Norton, Deloitte & Touche

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Breaches and Remediation

Cyber Insurance: What is your bank doing to manage risk? presented by

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

Cybersecurity and Nonprofit

Payment Card Industry Data Security Standard (PCI DSS) Incident Response Plan

Putting It All Together:

CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL

Data Breach Preparation and Response. April 21, 2017

Business continuity management and cyber resiliency

Regulation P & GLBA Training

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

COMMENTARY. Information JONES DAY

Cyber Risks in the Boardroom Conference

PCI Compliance. What is it? Who uses it? Why is it important?

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Altius IT Policy Collection Compliance and Standards Matrix

Hacking and Cyber Espionage

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Understanding the Changing Cybersecurity Problem

Helping Businesses Grow & Succeed

Understanding the Impact of Data Privacy January 2012

New Data Protection Laws

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

Legal Considerations and Case Studies

LCU Privacy Breach Response Plan

Data Privacy & Protection

SECURITY & PRIVACY DOCUMENTATION

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Update on HIPAA Administration and Enforcement. Marissa Gordon-Nguyen, JD, MPH October 7, 2016

Privacy Breach Response and Reporting

PRIVACY POLICY VANTAGE HOMES

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014

Responding to a Data Breach

Data Privacy for Multinationals: How to Build and Implement a Compliance Plan

PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC

Are we breached? Deloitte's Cyber Threat Hunting

The Role of the Data Protection Officer

This Webcast Will Begin Shortly

Summary Comparison of Current Data Security and Breach Notification Bills

Into the Breach: Breach Notification Requirements in the Wake of the HIPAA Omnibus Rule

Data Privacy for Multinationals: How to Build and Implement a Compliance Plan

Breaches and Remediation

Information Security Incident

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

Cybersecurity and Hospitals: A Board Perspective

Defending Our Digital Density.

HPE DATA PRIVACY AND SECURITY

Computer Security Incident Response Plan. Date of Approval: 23-FEB-2014

Transcription:

Security Breaches: How to Prepare and Respond

BIOS SARAH A. SARGENT Sarah is a CIPP/US- and CIPP/E-certified attorney at Godfrey & Kahn S.C. in Milwaukee, Wisconsin. She specializes in cybersecurity and data privacy, specifically with respect to compliance planning and data breach response. CHRIS KIMMEL Chris Kimmel ACE, CHPA, CISSP, GCFA the Security Incident Manager at Associated Bank in Green Bay, Wisconsin. Chris has over eight years experience within the field specializing in Security Incident Response, Penetration Testing, and Risk Management. Chris has led the response for hundreds of Information Security Breaches

AGENDA What is a data security breach? What should you do to prepare for a breach? What steps do you need to take when a breach happens? What laws are implicated in breach response? What are the latest trends?

WHAT IS A SECURITY BREACH? Any incident that results in unauthorized access of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms.

COMMON TYPES OF BREACHES Social Engineering Business Email Compromise Spoofed Emails Accidental Email Disclosures Ransomware Cryptojacking Stolen & Lost Devices Denial of Service Insider Threat

Cybercrime Value of PII, credit cards, SSN Trade Secrets Nation-state actors Impact critical infrastructure Steal intelligence Theft of Trade Secrets Hacktivism Extortion MOTIVATIONS

READINESS VS. RESPONSE Readiness is preparing your organization for an incident before it occurs: Business Impact Assessments Data Classification Policies and Procedures Training Response is the process of handling an incident once a threat event is identified: Identification / Verification Notification / Escalation Containment / Eradication Recovery Lessons Learned

INCIDENT RESPONSE PROCESS

HOW TO PREPARE FOR A BREACH Make a Plan Assign Roles and Responsibilities Determine Notification and Escalation Timings Practice the Plan Training

HOW TO RESPOND: DETECTION & CONTAINMENT Keep calm! Ensure all key personnel / 3 rd party support are available and assisting Gather / Verify scope of Incident Contain the incident Is the goal immediate remediation or monitoring? Eradicate the Incident once goals are achieved Initiate and cooperate with forensic investigation if necessary

HOW TO RESPOND: DOCUMENTATION Preserve records Pull insurance policies, relevant contracts, bank information (if wire fraud) Control communications internally and externally Utilize attorney-client privilege

HOW TO RESPOND: REMEDIATION Recover systems & data to the extent possible Determine notification obligations under state, federal, and international law Analyze contractual obligations & make required notifications

HOW TO RESPOND: WRAP UP Team meeting to discuss lessons learned Review policies and adjust accordingly Create action list for security improvements

FEDERAL, STATE, AND INTERNATIONAL LAW Health Insurance Portability and Accountability Act; Gramm- Leach-Bliley Act All fifty (50) states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring notification to individuals of security breaches involving personally identifiable information. General Data Protection Regulation (European Union); Canada s Personal Information Protection and Electronic Documents Act

BREACH NOTIFICATIONS STATE MATTERS Organizational footprint matters. If you have a location in Washington State and Wisconsin, the reporting laws can be different. Texas requires anyone providing notice in Texas to notify all individuals regardless of state Most organizations will conform to the strictest laws and apply that precedence for all impacted records

DIFFERENCES IN LAW Definition of Personally Identifiable Information or Personal Data Definition of breach: access or acquired Notice to consumer reporting agencies Timeline of notices Language of notices Notice to state agencies

EXAMPLE - NOTIFICATION TO REGULATORS (WASHINGTON) Washington State Any person or business required to notify more than 500 Washington residents as a result of a single breach shall, by the time notice is provided to affected consumers, electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the attorney general. The person or business shall also provide to the attorney general the number of Washington consumers affected by the breach, or an estimate if the exact number is not known. Notice to the attorney general shall be made in the most expedient time possible and without unreasonable delay, no more than forty-five calendar days after the breach was discovered, unless at the request of law enforcement or due to any measures necessary to determine the scope of the breach and restore the reasonable integrity of the system.

EXAMPLE NOTIFICATION TO REGULATORS (WISCONSIN) Notice, without unreasonable delay, to consumer reporting agencies is required for any breach requiring notification to more than 1,000 individuals.

TRENDS 68% of breaches took months or longer to discover Ransomware is the top variety of malicious software, found in 39% of cases where malware was identified 4% of people will click on any given phishing campaign Statistics taken from 2018 Verizon Breach Report, available at https://www.verizonenterprise.com/resources/reports/rp_dbir_2018_report_execsum mary_en_xg.pdf (accessed on 11/16/2018)

TRENDS 94% of security incidents and 90% of confirmed data breaches fall into nine incident classification patterns 76% of breaches were financially motivated Statistics taken from 2018 Verizon Breach Report, available at https://www.verizonenterprise.com/resources/reports/rp_dbir_2018_report_execsum mary_en_xg.pdf (accessed on 11/16/2018)

QUESTIONS? THANK YOU

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback