RSA Conference 2016 ReviewAKA “THIS WAS THE ONLY WAY TO GET MY TRAVEL EXPENSES APPROVED”

So what did we learn at the RSA Conference this year?

Data Privacy!OR THE LACK OF…

vs

Data Privacy & Breaches

Types of Privacy Data Compromised

Social Security Numbers Credit/Debit Card Numbers Emails/Passwords/User Names Protected Health Information (PHI)

Data Breaches by Category

Insider Theft Hacking Data on the Move Third Party (Subcontractors) Employee Error (Negligence) Accidental Internet Exposure Physical Theft

Data Breaches Galore 2015!

3%10%

0%

20%

67%

2015 Record Breaches

Banking Business Education GovernmentHealthcare

By the Numbers – USA Only:

Banking – 5 Million Records Business – 16 Million Records Education – 750,000 Records Government – 34 Million Records Healthcare – 112 Million Records

Total – 169 Million Records**Report Records

37 Million 22 Million11 Million

80 Million15 Million 330,000

Washington Breaches 2015

Smartlabtoys.com Amazon Password Breach Noble House Hotel and

Resorts – The Commons (20,000)

T-Mobile / Experian (15 Million)

Padklocks4less.com Costco Photo Center SafeandVaultStore.com BigFishGames.com

PeaceHealth Southwest Medical Center

Washington Township Health Care District

PeaceHealth St. John Medical Center

Healthpoint Cancer Care Northwest Premera Blue Cross (11

Million) Providence Hospital St. Joseph

Medical Center

Noble House Hotel and Resorts

Breach Date: Unknown – Detected 9/25/2015Breach Type: ElectronicBreach Category: BusinessRecords Exposed: Yes – 19,472How was it Discovered: Customers were complaining about unauthorized charges on their credit cards.Synopsis: FBI was enlisted and a cyber-security firm examined their payment systems. Malware was detected on the payment card system.Data Breach included Names, Credit Card Numbers, Expiration Date and CVV Numbers.

T-Mobile and Experian

Breach Date: 9/1/2015 – Detected 9/15/2015Breach Type: ElectronicBreach Category: BusinessRecords Exposed: Yes – 15 MillionHow was it Discovered: UndisclosedSynopsis: Experian noticed unauthorized access to a select set of servers and that large amounts of credit data had been downloaded. Experian contacted T-Mobile that a breach had occurred.Data Breach included Names, Addresses, Social Security Numbers, Dates of Birth, Driver License Numbers, Passport Numbers, etc.

Premera Blue Cross

Breach Date: 5/5/2014 – Detected 1/29/2015Breach Type: ElectronicBreach Category: Medical/HealthcareRecords Exposed: Yes – 11 MillionHow was it Discovered: UndisclosedSynopsis: It was reviled that this was the work of a state sponsored espionage group based in China.Data Breach included Names, Addresses, Social Security Numbers, Dates of Birth, Telephone Numbers, Email Addresses, Medical Claims Information and individual Financial Information.

Security Best PracticesOR HOW TO AVOID BEING ON A BREACH LIST IN 2016

Encryption of data at rest, in storage and in transit Enforce effective password management policies Least Privilege User Access Regular Security Design and Code Reviews Penetration and Vulnerability Scans Multi-layer Firewall Protections Mobile Device Management Review Server Certificates Data Breach Response Plan

Questions?

NO ANIMALS WERE HARMED IN THE CREATION OF THIS PRESENTATION