View
402
Download
0
Category
Tags:
Preview:
Citation preview
Beyond Accidental Data Beyond Accidental Data LeakageLeakage
A simple, easy to use, online, B2B procurement portal for purchasing products and services to
identify, minimise and manage the security threat to business data.
www.riskfactory.com
Read All About It…Read All About It…
TJX Data Breach: At 45.6M TJX Data Breach: At 45.6M Card Numbers, It's the Card Numbers, It's the
Biggest EverBiggest Ever (March 2007)(March 2007)
““We may never be able to identify much of the We may never be able to identify much of the information believed stolen." information believed stolen."
The company has so far spent about The company has so far spent about $250+ million to resolve it$250+ million to resolve it
($1B+ estimate in cases / lost revenue)($1B+ estimate in cases / lost revenue)
TJX Data Breach: At 45.6M TJX Data Breach: At 45.6M Card Numbers, It's the Card Numbers, It's the
Biggest EverBiggest Ever (March 2007)(March 2007)
““We may never be able to identify much of the We may never be able to identify much of the information believed stolen." information believed stolen."
The company has so far spent about The company has so far spent about $250+ million to resolve it$250+ million to resolve it
($1B+ estimate in cases / lost revenue)($1B+ estimate in cases / lost revenue)
Leakage DefinedLeakage Defined
Data-Leakage is a loosely defined term used to describe an incident where the confidentiality of information
has been compromised.
• Data-Breach and Information Loss are also widely used terms
• Data Slurping: The use of iPODs or portable USB hard drives
Who’s Leaking? Who’s Leaking?
www.privacyrights.org
www.datalossdb.org
Who’s Leaking ? Who’s Leaking ?
Who’s Leaking? Who’s Leaking?
The government sector accounted for 35% of reported data loss with 20% Education and 10% Healthcare and remainder reported in private sector…
The LeakersThe Leakers
External Internal
What's LeakingWhat's Leaking
Biggest Leakers? Biggest Leakers?
FBI/Computer Security Institute 2011:
85% of all offenders prosecuted for cyber crimes were
employees of the company attacked
Top 10 MotivesTop 10 Motives
1. Money
2. Dosh
3. Moola
4. Bread
5. Baksheesh
6. Scratch
7. Cabbage
8. Sheckles
9. Chicken Feed
10. Wampum
Accidents Can HappenAccidents Can Happen
• Accidental / unintentional• Carelessness • Leaving sensitive information accessible to others• Loosing a laptop• Sending email to mistaken name or “all”• Malicious code (viruses, worms, Trojan horses)• Suspicious email, jokes, etc.
Beyond Accidental Beyond Accidental
• Malicious / intentional vandalism / delinquency
• Bulletin board postings (Fu*kedCompany, Dotcomscoop, Deja)
• Disgruntled employees• Forwarding company data
to home email, time bombs, deletion of data
You Can Find You Can Find • Without hacking• Without intrusion (denial of service)• Without breaking any law• With consent of firewall• Regardless of company consent• With consent of end-user / author• Virtually untraceable• Replicable millions of times• Available to anyone with a PC online• Accessible anywhere in the world
Potential M&A Org RestructurePotential M&A Org Restructure
Private Company’s Share PlanPrivate Company’s Share Plan
Internal ReorganizationInternal Reorganization
Banking StatementsBanking Statements
Client Contact List Client Contact List
Research DataResearch Data
Airplane SpecificationsAirplane Specifications
Airplane SpecificationsAirplane Specifications
Flight Simulation DataFlight Simulation Data
Flight Sim. Data – Engine FailureFlight Sim. Data – Engine Failure
The Where?The Where?
Beyond Accidental IIBeyond Accidental II
The trusted user turned entrepreneur
Under cover / overlookedEasy to trust / hard to detectHas a key to the houseKnow’s when you’re not homeKnows your strengths / weaknessesWhy do they do it?
That’s Where The Money Is…That’s Where The Money Is…
Easy Money Getting EasierEasy Money Getting Easier2000
Name, Address DOB = £2.00
Credit card # = £2.00
Expiry date = £ 3.00
Security Code = £3.00
Total = £10.00
2005Name, Address DOB = £1.00
Credit card # = £1.00
Expiry date = £ 1.00
Security Code = £2.00
Total = £5.00
2010Name, Address DOB = £.25
Credit card # = £.25
Expiry date = £ .25
Security Code = £.25
Total = £1.00
Where to Start ?Where to Start ?
Conduct data leakage survey
– ITM software– Logical review– Physical review
Detecting the Covert ChannelsDetecting the Covert Channels
1. Check classification scheme & security policies
2. Write policy-synchronised objective & scope
3. Identify keywords/folders & files
4. Identify target department
5. Get Board-level approval before you start
6. Deploy data leakage detection software (30-60 free trials!)
7. Audit office equipment (copy machine, faxes, scanners)
8. Audit VoIP storage access logs
9. Audit CCTV footage
10.Test physical/procedural security measures
Where Is Your Data?Where Is Your Data?
• Network• Client devices: removable media,
unauthorised connections, devices, applications, local storage, file copy, save as….
• Remote connections• Storage: photocopiers, scanners, faxes
• 3rd Parties• Service Providers• Contractors
How & Where Leaking?How & Where Leaking?
Endpoint
Social Engineering
Data-In-Motion
Data-At-Rest
Physical
Data Loss
Laptop / Desktop
Server
CD / DVD
USB iPod
Memory Stick
PCMCIA
Memory Card Readers
Communication
Bluetooth
Infrared
Firewire
Serial / Parallel Ports
Virtual Machine
Other Threat Vectors
Screen Scrapers
Trojans
Key Loggers
Phishing / Spear Phishing
Piggybacking
Dumpster (Skip) Diving
Contractors
Road Apple
Eavesdropping
HTTP/S
SSH
FTP
IM
VoIP
P2P
Blogs
Databases
File Systems
File ServersNAS
SANs / iSCSI Storage
Voice Mail
Video Surveillance
Printers
Backup Tapes / CD / DVD
Laptop / Desktop / Server
Fax
Photocopier
Mobile Phone / PDA
Digital Camera (incl. Mobile Phone Cameras)
Incorrect Disposal
Printed Reports
Free Advice… Free Advice…
• Stay focussed. Follow the White Rabbit.
• Stay cool. Stay professional.
• Be a-political. No hidden agendas.
• Be prepared. You will see the Sexy Beast.
• Remember: What you will see is not new.
• You’ll see how the business really operates
But Remember But Remember
“When the Gods want to punish us, they answer our prayers.”
Top Ten DistractionsTop Ten Distractions
• Employees viewing porn / shopping …• Management viewing porn / shopping…• Clandestine affairs• Personal affairs• Rumours • Employees falsifying company records (expense
accounts)• Employees running a side business• Convenience connections
Risk Factory SurveyRisk Factory Survey
• Analysed over 200,000 hours of user activity
• Carried out over 24 months
• Linked to specific files, folders, and keywords
• Identified the who, what where & when
Who?Who?
How?How?
Summary FindingsSummary Findings
• 68% theft linked to mobile rather than fixed desktop systems.
• IT and Customer Services Departments highest number data thefts.
• 96% male
• 79% incidents occurred on Fridays between 3 and 5PM.
• Applications most favoured to remove data were identified as web mail, instant messaging (IM) and social networking web sites.
• The top 4 theft vectors were identified as mobile devices, web mail, removable media and web applications.
• All instances identified could have been prevented. Existing corporate security policies were not implemented, monitored or enforced.
Prevention Steps Prevention Steps
Step 1: Classification scheme
Step 2: Education & awareness
Step 3: Locate & marking
Step 4: Implement defensive measures
Step 5: Monitor, enforce, report
Defense Must Be LayeredDefense Must Be Layered
Perimeter security
Strong authentication
IDS/IPS
Anti-virus
URL filtering
Viruses
NetworkLayer Attacks
InappropriateContent
HackersSpyware
UNAUTHORISED APPLICATION USECut, Copy, Paste, Print, Rename, Save As
UNAUTHORISED APPLICATIONSMalware, IM, Webmail, Skype, MySpace, file sharing
UNAUTHORISED FILE COPYING & OUTPUT DEVICESLocal file copies (removable storage, mobile devices), printers, copiers, faxes
UNAUTHORISED CONNECTIONSWireless (802.11, Bluetooth, IR,
GPRS/UMTS/HSPDA), Modems
Obligatory Summary SlideObligatory Summary Slide
• Data leakage is not a phenomenon
• Your data worth money - treat it accordingly
• Statistically speaking, bad guy works for you
• Know where your data resides: exit end points, at rest and in motion…
• Its all about the user
26 Dover Street 26 Dover Street LondonLondon
United KingdomUnited KingdomW1S 4LYW1S 4LY
+44 (0)20 3586 1025+44 (0)20 3586 1025+44 (0)20 7763 7101(fax)+44 (0)20 7763 7101(fax)
Recommended