Value of personal information - a cybersecurity perspective

Transcript

1. Anton Stiglic, M.Sc, MBA The Value of Personal Information A

   Cybersecurity Perspective February 2016

2. 2 Outline • Cyber Threats • Data Breaches in Numbers

   • Value of Stolen Data • Target and TJX Incidents • Hacktivism • Denial of Service Attacks • Recommendations

3. 3

4. 4 Main Cyberthreats

5. 5 • Intrusion into a private network leading to a

   data breach – Theft of data transmitted in the network – Theft of documents in fileservers and databases • Insider attacks – Disclosure of specific information • Denial of service and Web defacing – Hacktivism, for political and social reasons

6. 6 What are the motivations behind cyberattacks ? • Financial

   gain • Political and social activism • Industrial or state espionage

7. 7 Data Breaches in Numbers

8. 8 In 92 % of breaches, the attack was initiated

   externally, 55 % of cases, organized crime was involved. 12 % of breaches were initiated internally.

9. 9 Hacking 52 % Malware 40 % Physical 35 %

   Social engineering 29 % Abuse or errors 13 %

10. 10 In 76 % of network intrusions, a stolen or

    weak password was used.

11. 11 23 % of recipients open Phishing messages 11 %

    click on attachments

12. 12 Average per capita cost of a breach 201 $US

    Average customer churn rate after a breach 3,3 %

13. 13 The Value of Stolen Data

14. 14

15. 15 Valeur des données

16. 16 Value of Data Data Price Social insurance 30 $

    Health insurance 20 $ Visa or MasterCard 4 $ American Express 7 $ Discover credit 8 $ Credit card with magnetic strip « chip data » 12 $ Bank account (balance 70 000 $ to 150 000 $) 300 $ or less Complete identity 1 200 $ to 1 300 $

17. 17 The Target and TJX incidents

18. 18 Target Breach

19. 19 TJX Breach • Intrusion into their network during an

    18 month period, starting mid 2005 • Data of over 45 million credit cards was stolen • Public announcement on January 2007

20. 20 TJX Breach • Costs related to the breach: –

    Client assistance (5 $ per call, 20 % would request credit monitoring) • 1240 M$ – Legal advice • 12 M$ per year – Public relations • 3,4 M$ – Internal investigations • 8,1 M$ – Regulatory fines • 1,5 M$ – Class action lawsuits in 41 states • 45 M$ ~ 1,6 milliards $ or 35 $ per credit card holder

21. 21 TJX Breach 17 January 2007 TJX announces the breach

    Stock price: 14,82 $ 17 January 2008 Stock price: 14,52 $ Sales increase: 4 % S&P 500

22. 22

23. 23 Hacktivism The act of hacking, or breaking into a

    computer system, for a politically or socially motivated purpose.

24. 24 August 2014 Cybercrime Hacktivism Cyber Espionage Cyberwar Source: hackmageddon.com

25. 25 Denial of Service Attacks

26. 26

27. 27

28. 28

29. 29 Recommendations

30. 30 Do not use weak passwords

31. 31 Have an up-to-date antivirus on all personal computers Keep

    the operating system up to date

32. 32 Collect only the information you really need

33. 33 Be cautious about storing and transporting information (both in

    electronic and paper format)

34. 34 Questions ?