SlideShare uma empresa Scribd logo

The CISO’s Guide to Being Human

C
Clearswift

How to prevent and cope with accidental data leakage

Tecnologia
1 de 22
Baixar para ler offline
The CISO’s Guide to Being Human How to prevent and cope with accidental data leakage
The CISO’s guide to being human The issue of data security is becoming ever more pressing for the public and private sectors: • Sensitive data that has been lost or leaked by Britain’s private and public sectors has risen by 1,014% between August 2007 and August 2012 • From 2011/2012, the UK logged 821 data breaches • 58% of IT professionals polled by Computer Weekly admit to not using Data Loss Protection products SOURCE: The Register2012 Verizon Data Breach Investigation Report While malicious hacking is the number one threat to your data security, there is one element that still accounts for making much of it possible – staff making mistakes that can lead to costly data leakage...
The CISO’s guide to being human The issue of data security is becoming ever more pressing for the public and private sectors: • Sensitive data that has been lost or leaked by Britain’s private and public sectors has risen by 1,014% between August 2007 and August 2012 • From 2011/2012, the UK logged 821 data breaches • 58% of IT professionals polled by Computer Weekly admit to not using Data Loss Protection products SOURCE: The Register2012 Verizon Data Breach Investigation Report While malicious hacking is the number one threat to your data security, there is one element that still accounts for making much of it possible – staff making mistakes that can lead to costly data leakage... 97% 97% of breaches were avoidable through simple or intermediate controls
According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months:
According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months: 16% 16% will be mistakes made by employees 13% 13% will be incidents relating to employees’ personal devices (BYOD)
According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months: 16% 16% will be mistakes made by employees 13% 13% will be incidents relating to employees’ personal devices (BYOD) VIEW INFOGRAPHIC
According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months: 16% 16% will be mistakes made by employees 13% 13% will be incidents relating to employees’ personal devices (BYOD) But are companies doing enough to tackle data compliance issues? According to the same report: • Nearly 1/4 of respondents said management’s level of involvement in governance is low • 49% of enterprises will be increasing investments in IT over the next 12 months. But will they be increasing their data security budgets too? VIEW INFOGRAPHIC
SOURCE: FlashRouters, Mashable While DLP solutions are available, there are several basic lessons that can be instilled into staff to act as your first line of defense against data leakage: • More than 60% of people use the same password across a multitude of accounts; this can make life easy for hackers • Use a secure password generator that will create difficult-to-crack passwords http://www.pctools.com/guides/password/ Facepalm Passwords According to SplashData, the worst passwords of 2012 were: 5. ‘qwerty’ 4. ‘abc123’ 3. ‘12345678’ 2. ‘123456’ 1. ‘password’
SOURCE: FlashRouters, Mashable While DLP solutions are available, there are several basic lessons that can be instilled into staff to act as your first line of defense against data leakage: • More than 60% of people use the same password across a multitude of accounts; this can make life easy for hackers • Use a secure password generator that will create difficult-to-crack passwords http://www.pctools.com/guides/password/ Facepalm Passwords According to SplashData, the worst passwords of 2012 were: 5. ‘qwerty’ 4. ‘abc123’ 3. ‘12345678’ 2. ‘123456’ 1. ‘password’ Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months. Clifford Stoll, data security guru
“Speared by phishing” SOURCE: Websense, Mashable SOURCE: Verizon Spear-phishing is the latest trend in sucker- punching naive employees; it’s the specific targeting of particular groups or individuals via socially-engineered content: • Combat phishing through employee education. Facebook holds an annual ‘Hacktober’ where employees are treated to simulated security threats for a month. Those who report fake phishing attempts and other security attacks are given prizes – while those who fail to do so are given further training.
“Speared by phishing” SOURCE: Websense, Mashable SOURCE: Verizon Spear-phishing is the latest trend in sucker- punching naive employees; it’s the specific targeting of particular groups or individuals via socially-engineered content: • Combat phishing through employee education. Facebook holds an annual ‘Hacktober’ where employees are treated to simulated security threats for a month. Those who report fake phishing attempts and other security attacks are given prizes – while those who fail to do so are given further training. 84% 84% of victims unknowingly possessed evidence of a breach in their logs 2012 Verizon Data Breach Investigation Report
Research has revealed that half of the surveyed companies had lost a device with important business data on it, causing security implications for over a fifth of organizations. If correct encryption procedures had been followed, such security implications would have been eliminated. [SOURCE: Business Computing World]
Research has revealed that half of the surveyed companies had lost a device with important business data on it, causing security implications for over a fifth of organizations. If correct encryption procedures had been followed, such security implications would have been eliminated. [SOURCE: Business Computing World] Encrypt laptops, mobile devices and removable media to ensure that if tech is lost out in the field (or in a pub), its data remains inaccessible.
[SOURCE: Ernst Young] Take extra care... … and consider controlling the use of removable media such as USB flash drives – and enforce the ban by using software that will not allow unauthorized drives to be accessed when plugged in.
[SOURCE: Ernst Young] Worst case scenario An international oil and gas company lost an unencrypted laptop containing the personal information of 13,000 US individuals including their names, Social Security numbers and addresses. The sting in the tail? The information lost was for claimants who had already filed against the company... Take extra care... … and consider controlling the use of removable media such as USB flash drives – and enforce the ban by using software that will not allow unauthorized drives to be accessed when plugged in.
[SOURCE: Ernst Young] Scorched Earth Policy Always have the ability to remotely wipe lost or stolen devices available to you as your last line of defense... Worst case scenario An international oil and gas company lost an unencrypted laptop containing the personal information of 13,000 US individuals including their names, Social Security numbers and addresses. The sting in the tail? The information lost was for claimants who had already filed against the company... Take extra care... … and consider controlling the use of removable media such as USB flash drives – and enforce the ban by using software that will not allow unauthorized drives to be accessed when plugged in.
“Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage:
“Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data
“Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data Provide regular mandatory training on security awareness for employees – especially for those who are regularly handling highly sensitive data
“Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data Avoid long, waffly checklists of dos and don’ts that don’t engage employees but simply turn them off Provide regular mandatory training on security awareness for employees – especially for those who are regularly handling highly sensitive data
“Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data Avoid long, waffly checklists of dos and don’ts that don’t engage employees but simply turn them off Provide regular mandatory training on security awareness for employees – especially for those who are regularly handling highly sensitive data If a new data threat emerges, keep staff informed so they know what to look for
Return to our Cyber Hub for more useful content VISIT NOW!

Recomendados

Managing insider threat
Managing insider threatManaging insider threat
Managing insider threat
milliemill
 
Case study presentation
Case study presentationCase study presentation
Case study presentation
englettk
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014
- Mark - Fullbright
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
sraina2
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud
 
2010 report data security survey
2010 report data security survey2010 report data security survey
2010 report data security survey
Carlo Del Bo
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
IRJET Journal
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposed
Numaan Huq
 

Recomendados

Managing insider threat
Managing insider threatManaging insider threat
Managing insider threat
milliemill
 
Case study presentation
Case study presentationCase study presentation
Case study presentation
englettk
 
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014
- Mark - Fullbright
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
sraina2
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud
 
2010 report data security survey
2010 report data security survey2010 report data security survey
2010 report data security survey
Carlo Del Bo
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
IRJET Journal
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposed
Numaan Huq
 
The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent Them
Enterprise Technology Management (ETM)
 
Cybersecurity: The New Priority for Business
Cybersecurity: The New Priority for BusinessCybersecurity: The New Priority for Business
Cybersecurity: The New Priority for Business
Leanne Fuith
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
FitCEO, Inc. (FCI)
 
A foundation for breach data analysis
A foundation for breach data analysisA foundation for breach data analysis
A foundation for breach data analysis
Alexander Decker
 
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaperClearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Marco Essomba
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4
Meg Weber
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Varonis
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...
PortalGuard
 
5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore
Gross, Mendelsohn & Associates
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQL
Rajni Baliyan
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving services
CloudMask inc.
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC
 
White Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US LocalizedWhite Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US Localized
Stuart Clarke
 
3rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 20183rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 2018
NormShield
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
Jeremiah Grossman
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for Nonprofits
NPowerCR
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
Kim Jensen
 
Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015
anpapathanasiou
 
Secure Wall - how should companies protect themselves from cyber crime?
Secure Wall - how should companies protect themselves from cyber crime?Secure Wall - how should companies protect themselves from cyber crime?
Secure Wall - how should companies protect themselves from cyber crime?
Browne Jacobson LLP
 
Security Services Diagram for PowerPoint by PoweredTemplate.com
Security Services Diagram for PowerPoint by PoweredTemplate.comSecurity Services Diagram for PowerPoint by PoweredTemplate.com
Security Services Diagram for PowerPoint by PoweredTemplate.com
PoweredTemplate.com
 
2010 za con_stephen_kreusch
2010 za con_stephen_kreusch2010 za con_stephen_kreusch
2010 za con_stephen_kreusch
Johan Klerk
 

Mais conteúdo relacionado

Mais procurados

Cybersecurity: The New Priority for Business
Cybersecurity: The New Priority for BusinessCybersecurity: The New Priority for Business
Cybersecurity: The New Priority for Business
Leanne Fuith
 
A foundation for breach data analysis
A foundation for breach data analysisA foundation for breach data analysis
A foundation for breach data analysis
Alexander Decker
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4
Meg Weber
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Varonis
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC
 
White Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US LocalizedWhite Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US Localized
Stuart Clarke
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
Jeremiah Grossman
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
 

Mais procurados (20)

The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent Them
 
Cybersecurity: The New Priority for Business
Cybersecurity: The New Priority for BusinessCybersecurity: The New Priority for Business
Cybersecurity: The New Priority for Business
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
 
A foundation for breach data analysis
A foundation for breach data analysisA foundation for breach data analysis
A foundation for breach data analysis
 
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaperClearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb?
 
Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...Portal Authentication: A Balancing Act Between Security Usability and Complia...
Portal Authentication: A Balancing Act Between Security Usability and Complia...
 
5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore5 Technology Trends Construction Contractors Can't Afford To Ignore
5 Technology Trends Construction Contractors Can't Afford To Ignore
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQL
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving services
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
 
White Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US LocalizedWhite Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US Localized
 
3rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 20183rd Part Cyber Risk Report - 2018
3rd Part Cyber Risk Report - 2018
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for Nonprofits
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
 
Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015
 
Secure Wall - how should companies protect themselves from cyber crime?
Secure Wall - how should companies protect themselves from cyber crime?Secure Wall - how should companies protect themselves from cyber crime?
Secure Wall - how should companies protect themselves from cyber crime?
 

Destaque

2010 za con_stephen_kreusch
2010 za con_stephen_kreusch2010 za con_stephen_kreusch
2010 za con_stephen_kreusch
Johan Klerk
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention
Digital Guardian
 

Destaque (6)

Security Services Diagram for PowerPoint by PoweredTemplate.com
Security Services Diagram for PowerPoint by PoweredTemplate.comSecurity Services Diagram for PowerPoint by PoweredTemplate.com
Security Services Diagram for PowerPoint by PoweredTemplate.com
 
2010 za con_stephen_kreusch
2010 za con_stephen_kreusch2010 za con_stephen_kreusch
2010 za con_stephen_kreusch
 
How classification augments data loss prevention
How classification augments data loss preventionHow classification augments data loss prevention
How classification augments data loss prevention
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention
 
Data leakage detection
Data leakage detectionData leakage detection
Data leakage detection
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
 

Semelhante a The CISO’s Guide to Being Human

Potential Advantages Of An Insider Attack
Potential Advantages Of An Insider AttackPotential Advantages Of An Insider Attack
Potential Advantages Of An Insider Attack
Susan Kennedy
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
Eileen Presentation
Eileen PresentationEileen Presentation
Eileen Presentation
jc06442n
 
Data breach
Data breachData breach
Data breach
Burhan Ahmed
 

Semelhante a The CISO’s Guide to Being Human (20)

11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
A Survey On Data Leakage Detection
A Survey On Data Leakage DetectionA Survey On Data Leakage Detection
A Survey On Data Leakage Detection
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
 
DataGravity Security Pop Quiz
DataGravity Security Pop QuizDataGravity Security Pop Quiz
DataGravity Security Pop Quiz
 
INT 1010 07-4.pdf
INT 1010 07-4.pdfINT 1010 07-4.pdf
INT 1010 07-4.pdf
 
Need for Data Protection Training - How E-learning Can Help?
Need for Data Protection Training - How E-learning Can Help?Need for Data Protection Training - How E-learning Can Help?
Need for Data Protection Training - How E-learning Can Help?
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
 
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
 
Information security
Information securityInformation security
Information security
 
Potential Advantages Of An Insider Attack
Potential Advantages Of An Insider AttackPotential Advantages Of An Insider Attack
Potential Advantages Of An Insider Attack
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
 
Eileen Presentation
Eileen PresentationEileen Presentation
Eileen Presentation
 
Data breach
Data breachData breach
Data breach
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Último (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

The CISO’s Guide to Being Human

  • 1. The CISO’s Guide to Being Human How to prevent and cope with accidental data leakage
  • 2. The CISO’s guide to being human The issue of data security is becoming ever more pressing for the public and private sectors: • Sensitive data that has been lost or leaked by Britain’s private and public sectors has risen by 1,014% between August 2007 and August 2012 • From 2011/2012, the UK logged 821 data breaches • 58% of IT professionals polled by Computer Weekly admit to not using Data Loss Protection products SOURCE: The Register2012 Verizon Data Breach Investigation Report While malicious hacking is the number one threat to your data security, there is one element that still accounts for making much of it possible – staff making mistakes that can lead to costly data leakage...
  • 3. The CISO’s guide to being human The issue of data security is becoming ever more pressing for the public and private sectors: • Sensitive data that has been lost or leaked by Britain’s private and public sectors has risen by 1,014% between August 2007 and August 2012 • From 2011/2012, the UK logged 821 data breaches • 58% of IT professionals polled by Computer Weekly admit to not using Data Loss Protection products SOURCE: The Register2012 Verizon Data Breach Investigation Report While malicious hacking is the number one threat to your data security, there is one element that still accounts for making much of it possible – staff making mistakes that can lead to costly data leakage... 97% 97% of breaches were avoidable through simple or intermediate controls
  • 4. According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months:
  • 5. According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months: 16% 16% will be mistakes made by employees 13% 13% will be incidents relating to employees’ personal devices (BYOD)
  • 6. According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months: 16% 16% will be mistakes made by employees 13% 13% will be incidents relating to employees’ personal devices (BYOD) VIEW INFOGRAPHIC
  • 7. According to ISACA’s 2012 Governance of Enterprise IT (GEIT) Survey of over 3,700 of its members, of the security challenges that a company is likely to face in the next 12 months: 16% 16% will be mistakes made by employees 13% 13% will be incidents relating to employees’ personal devices (BYOD) But are companies doing enough to tackle data compliance issues? According to the same report: • Nearly 1/4 of respondents said management’s level of involvement in governance is low • 49% of enterprises will be increasing investments in IT over the next 12 months. But will they be increasing their data security budgets too? VIEW INFOGRAPHIC
  • 8. SOURCE: FlashRouters, Mashable While DLP solutions are available, there are several basic lessons that can be instilled into staff to act as your first line of defense against data leakage: • More than 60% of people use the same password across a multitude of accounts; this can make life easy for hackers • Use a secure password generator that will create difficult-to-crack passwords http://www.pctools.com/guides/password/ Facepalm Passwords According to SplashData, the worst passwords of 2012 were: 5. ‘qwerty’ 4. ‘abc123’ 3. ‘12345678’ 2. ‘123456’ 1. ‘password’
  • 9. SOURCE: FlashRouters, Mashable While DLP solutions are available, there are several basic lessons that can be instilled into staff to act as your first line of defense against data leakage: • More than 60% of people use the same password across a multitude of accounts; this can make life easy for hackers • Use a secure password generator that will create difficult-to-crack passwords http://www.pctools.com/guides/password/ Facepalm Passwords According to SplashData, the worst passwords of 2012 were: 5. ‘qwerty’ 4. ‘abc123’ 3. ‘12345678’ 2. ‘123456’ 1. ‘password’ Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months. Clifford Stoll, data security guru
  • 10. “Speared by phishing” SOURCE: Websense, Mashable SOURCE: Verizon Spear-phishing is the latest trend in sucker- punching naive employees; it’s the specific targeting of particular groups or individuals via socially-engineered content: • Combat phishing through employee education. Facebook holds an annual ‘Hacktober’ where employees are treated to simulated security threats for a month. Those who report fake phishing attempts and other security attacks are given prizes – while those who fail to do so are given further training.
  • 11. “Speared by phishing” SOURCE: Websense, Mashable SOURCE: Verizon Spear-phishing is the latest trend in sucker- punching naive employees; it’s the specific targeting of particular groups or individuals via socially-engineered content: • Combat phishing through employee education. Facebook holds an annual ‘Hacktober’ where employees are treated to simulated security threats for a month. Those who report fake phishing attempts and other security attacks are given prizes – while those who fail to do so are given further training. 84% 84% of victims unknowingly possessed evidence of a breach in their logs 2012 Verizon Data Breach Investigation Report
  • 12. Research has revealed that half of the surveyed companies had lost a device with important business data on it, causing security implications for over a fifth of organizations. If correct encryption procedures had been followed, such security implications would have been eliminated. [SOURCE: Business Computing World]
  • 13. Research has revealed that half of the surveyed companies had lost a device with important business data on it, causing security implications for over a fifth of organizations. If correct encryption procedures had been followed, such security implications would have been eliminated. [SOURCE: Business Computing World] Encrypt laptops, mobile devices and removable media to ensure that if tech is lost out in the field (or in a pub), its data remains inaccessible.
  • 14. [SOURCE: Ernst Young] Take extra care... … and consider controlling the use of removable media such as USB flash drives – and enforce the ban by using software that will not allow unauthorized drives to be accessed when plugged in.
  • 15. [SOURCE: Ernst Young] Worst case scenario An international oil and gas company lost an unencrypted laptop containing the personal information of 13,000 US individuals including their names, Social Security numbers and addresses. The sting in the tail? The information lost was for claimants who had already filed against the company... Take extra care... … and consider controlling the use of removable media such as USB flash drives – and enforce the ban by using software that will not allow unauthorized drives to be accessed when plugged in.
  • 16. [SOURCE: Ernst Young] Scorched Earth Policy Always have the ability to remotely wipe lost or stolen devices available to you as your last line of defense... Worst case scenario An international oil and gas company lost an unencrypted laptop containing the personal information of 13,000 US individuals including their names, Social Security numbers and addresses. The sting in the tail? The information lost was for claimants who had already filed against the company... Take extra care... … and consider controlling the use of removable media such as USB flash drives – and enforce the ban by using software that will not allow unauthorized drives to be accessed when plugged in.
  • 17. “Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage:
  • 18. “Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data
  • 19. “Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data Provide regular mandatory training on security awareness for employees – especially for those who are regularly handling highly sensitive data
  • 20. “Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data Avoid long, waffly checklists of dos and don’ts that don’t engage employees but simply turn them off Provide regular mandatory training on security awareness for employees – especially for those who are regularly handling highly sensitive data
  • 21. “Being Human” Remember: serious data leakage could be caused by something as simple as sending an email to the wrong person by accident (auto-complete in the ‘To:’ field has made slips ups easier than ever). Help employees care about data compliance and leakage: Create clear, understandable policies that list prohibited behaviors and what is expected from employees when it comes to handling company data Avoid long, waffly checklists of dos and don’ts that don’t engage employees but simply turn them off Provide regular mandatory training on security awareness for employees – especially for those who are regularly handling highly sensitive data If a new data threat emerges, keep staff informed so they know what to look for
  • 22. Return to our Cyber Hub for more useful content VISIT NOW!