Surviving Your Next Data Breach

Transcript

1. @afilina Surviving Your Next Data Breach ConFoo, Montreal - March

   9, 2017

2. You Will Get Hacked

3. It Happens • Dropbox • Adobe • LinkedIn • Yahoo!

   68 million 152 million 164 million 1.2 billion

4. Anna Filina • Project rescue expert • Dev, trainer, speaker

   • 1 company • 2 conferences

5. Way to Get Breached • Hackers • Employees • $5

   consultants

6. $5 Consultants?!

7. None

8. Don't use server passwords

9. Sensitive Data • Passwords • Credit cards • Social security

   numbers • Current locations • IP addresses • ...

10. Getting Ready for the Breach • Store less • Make

    stolen data useless • Post-breach procedures

11. Store less sensitive data

12. $5,000 - $100,000 per month

13. But... recurring billing!

14. None

15. Vault Credit card Token Amount + token You Payment gateway

16. **** **** **** 0123

17. Sessions!

18. None

19. **** **** **** 0123 Edit

20. Implementation Effort? • ~5 hours • I'll retweet: @afilina

21. Alternative Storage • Comments

22. Please charge half on 
 4111 1111 1111 1111 


    (06/17) and the other half on
 4012 8888 8888 1881
 (10/19)

23. Passwords • No plaintext. • No hash.

24. Rainbow tables!

25. How do They Work? • Create string permutations • Compute

    hashes • Steal password hashes • Look up in table

26. What Then? • Salted hash • Repeated hashing

27. bcrypt

28. Response Plan • Log out. • Mark as compromised. •

    Force 2nd factor auth. • Force password change. • Mark as not compromised.

29. Next Steps • What else do you not need? •

    E-mails?

30. Centralized data is more vulnerable

31. Let's protect private data

32. @afilina afilina.com