Value of personal information - a cybersecurity perspective

80a248240c95d6dd09846e374785d747?s=47 InfoNexus
February 05, 2016
86

Value of personal information - a cybersecurity perspective

Presented by Anton Stiglic, Corporate Director Information Security (CISO) at Loto-Quebec, at InfoNexus 2016 in Montreal, Canada. Visit http://info-nexus.org/ for more detail.

80a248240c95d6dd09846e374785d747?s=128

InfoNexus

February 05, 2016
Tweet

Transcript

  1. Anton Stiglic, M.Sc, MBA The Value of Personal Information A

    Cybersecurity Perspective February 2016
  2. 2 Outline • Cyber Threats • Data Breaches in Numbers

    • Value of Stolen Data • Target and TJX Incidents • Hacktivism • Denial of Service Attacks • Recommendations
  3. 3

  4. 4 Main Cyberthreats

  5. 5 • Intrusion into a private network leading to a

    data breach – Theft of data transmitted in the network – Theft of documents in fileservers and databases • Insider attacks – Disclosure of specific information • Denial of service and Web defacing – Hacktivism, for political and social reasons
  6. 6 What are the motivations behind cyberattacks ? • Financial

    gain • Political and social activism • Industrial or state espionage
  7. 7 Data Breaches in Numbers

  8. 8 In 92 % of breaches, the attack was initiated

    externally, 55 % of cases, organized crime was involved. 12 % of breaches were initiated internally.
  9. 9 Hacking 52 % Malware 40 % Physical 35 %

    Social engineering 29 % Abuse or errors 13 %
  10. 10 In 76 % of network intrusions, a stolen or

    weak password was used.
  11. 11 23 % of recipients open Phishing messages 11 %

    click on attachments
  12. 12 Average per capita cost of a breach 201 $US

    Average customer churn rate after a breach 3,3 %
  13. 13 The Value of Stolen Data

  14. 14

  15. 15 Valeur des données

  16. 16 Value of Data Data Price Social insurance 30 $

    Health insurance 20 $ Visa or MasterCard 4 $ American Express 7 $ Discover credit 8 $ Credit card with magnetic strip « chip data » 12 $ Bank account (balance 70 000 $ to 150 000 $) 300 $ or less Complete identity 1 200 $ to 1 300 $
  17. 17 The Target and TJX incidents

  18. 18 Target Breach

  19. 19 TJX Breach • Intrusion into their network during an

    18 month period, starting mid 2005 • Data of over 45 million credit cards was stolen • Public announcement on January 2007
  20. 20 TJX Breach • Costs related to the breach: –

    Client assistance (5 $ per call, 20 % would request credit monitoring) • 1240 M$ – Legal advice • 12 M$ per year – Public relations • 3,4 M$ – Internal investigations • 8,1 M$ – Regulatory fines • 1,5 M$ – Class action lawsuits in 41 states • 45 M$ ~ 1,6 milliards $ or 35 $ per credit card holder
  21. 21 TJX Breach 17 January 2007 TJX announces the breach

    Stock price: 14,82 $ 17 January 2008 Stock price: 14,52 $ Sales increase: 4 % S&P 500
  22. 22

  23. 23 Hacktivism The act of hacking, or breaking into a

    computer system, for a politically or socially motivated purpose.
  24. 24 August 2014 Cybercrime Hacktivism Cyber Espionage Cyberwar Source: hackmageddon.com

  25. 25 Denial of Service Attacks

  26. 26

  27. 27

  28. 28

  29. 29 Recommendations

  30. 30 Do not use weak passwords

  31. 31 Have an up-to-date antivirus on all personal computers Keep

    the operating system up to date
  32. 32 Collect only the information you really need

  33. 33 Be cautious about storing and transporting information (both in

    electronic and paper format)
  34. 34 Questions ?