cyber insights -june 2018 v2 - constant...
TRANSCRIPT
FRAUD OR FACT VOLUME2•ISSUE2•JUNE2018
DEFINING CYBERSECURITY (by HOMELAND SECURITY)
Ourdailylife,economicvitality,andnationalsecuritydependonastable,safe,andresilientcyberspace.
Cyberspaceanditsunderlyinginfrastructurearevulnerabletoawiderangeofriskstemmingfrombothphysicalandcyberthreatsandhazards.Sophisticatedcyberactorsandnation-statesexploitvulnerabilitiestostealinformationandmoneyandaredevelopingcapabilitiestodisrupt,destroy,
orthreatenthedeliveryofessentialservices.
THE BASICS
THE “ DARK WEB”
SOCIAL ENGINEERING
The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. People with an online accounts, social media, or any online presence should watch for phishing attacks and other forms of social engineering. ︎
THE BASICS FRAUD OR FACT
THE BASICS FRAUD OR FACT
Types of Attacks?
THE BASICS FRAUD OR FACT
Who may be doing the hacking?
Crimes are not only for money but also for your data FRAUD OR FACT
Terminology - NPPI & PII Defined Non-publicPersonalInformation(“NPPI”):
Personally identifiable data such as information provided by a customer on a form or application,informationaboutacustomer’stransactions,oranyotherinformationaboutacustomerwhichisotherwiseunavailabletothegeneralpublic.NPPIincludesfirstnameorfirstinitialandlastnamecoupledwithanyofthefollowing:
SocialSecurityNumberDriver’slicensenumberState-issuedIDnumberCreditordebitcardnumberOtherfinancialaccountnumbersNYSDFSCyberSecurityAmendedRegulations:HavenarrowedtheirbroaddefinitionofNonpublicInformationto“BusinessRelated”information(§500.01(g))(earlierversioncovered“anyinformation,notnonpublicorbusiness-relatedinformation).
Personallyidentifiableinformation(PII):Anydatathatcouldpotentiallyidentifyaspecificindividual.Anyinformationthatcanbeusedtodistinguishonepersonfromanotherandcanbeusedforde-anonymizinganonymousdatacanbeconsideredPII
Get a better understanding Cyber Insurance
• Cyber Insurance still in “wild west” territory, but improving.
• Don’t purchase without reviewing current policy; consulting specialist. • Policies may become outdated quickly in light of new threats, so review regularly.
• Be aware of what’s covered. Notice requirement costs? More?
Cyber Insurance Get a better understanding
FRAUD OR FACT
Thisiswhyhumanerrorissoimportant–ifsomeoneinyouroffice‘clicks’abadlink,thenyouragencymaynothavecoverageforthaterrororcybereventthatleadstohackedemails,divertedwiretransfersorbreachofprivatedata.
Cyber Insurance Get a better understanding
• Ensure E&O covers defense for suits related to alleged negligent acts leading to breach or other cyber crime. • Crime coverage (also called “fidelity” insurance) and cyber policies can cover first-party losses for social engineering.
• At this time, coverage for direct third party losses caused by “social engineering” scams (e.g., a client’s loss via wire fraud) may not exist.
Cyber Insurance Get a better understanding
Cyberliabilityprovidescoverageforthetheftofyourcustomers’non-publicinformationNOTthetheftofyourcustomers’escrowfunds.
CyberLiabilityprovidescoverageintheeventyousufferasecuritybreach,yourcustomers’non-publicinformationiscompromisedandtheysueyoufordamagesandexpenses.ThesecostsarecoveredunderthefollowingCyberLiabilitypolicyinsuringagreements:v SecurityandPrivacyLiabilityv PrivacyRegulatoryDefense&Penaltiesv DataRecovery-Ransomwarev CustomerNotificationandCreditMonitoringCostsv DataExtortion/Ransomwarev MultimediaLiability
Help is coming in 2018 with Wi-Fi Protected Access 3
• WPA3protocolstrengthensuserprivacyinopennetworksthroughindividualizeddataencryption.
• WPA3protocolwillalsoprotectagainstbrute-forcedictionaryattacks,preventinghackersfrommakingmultipleloginattemptsbyusingcommonlyusedpasswords.
• WPA3protocolalsoofferssimplifiedsecurityfordevicesthatoftenhavenodisplayforconfiguringsecuritysettings,i.e.IoTdevices.
• Finally,therewillbea192-bitsecuritysuiteforprotectingWi-Fiusers’networkswithhighersecurityrequirements,suchasgovernment,defenseandindustrialorganizations.
FRAUD OR FACT FUTURE IMPROVEMENTS
FRAUD OR FACT VOLUME2•ISSUE2•JUNE2018
PROTECT YOURSELF PROTECT YOUR BUSINESS
PROTECT YOUR CUSTOMER PROTECT YOUR FUTURE
STAY INFORMED