Companies face data security risk exposures from internal and external sources every day. A data breach can bring a company of any size to its knees. Identifying and mitigating vulnerabilities is important in order to reduce the likelihood of a breach, but modern companies need to assume that those preventative controls will fail at some point. The goal should be for the company to limit the potential that the incident will actually result in damages, and if there are damages that they are minimized as much as possible.
Join us as Daimon Geopfert, National Leader, Security and Privacy, McGladrey, offers insights and actionable advice to help you create an effective mitigation and response plan for a data breach. Daimon will provide an overview of recent studies analyzing the cost of data breaches. You'll learn how to identify and mitigate the main cost components of a data breach. He'll also discuss the degree to which these exposures can (and can’t be) mitigated by direct company efforts.
Organizational Structure Running A Successful Business
Identify and Avoid the Top 5 Data Breach Costs
1. Ask, Share, Learn – Within the Largest Community of Corporate Finance Professionals
Identify and Avoid the Top 5
Data Breach Costs
2. Learning Objectives
After attending this event you will be able to:
• Develop effective controls to help identify an incident
early and correct the issue before damage is done
• Develop an effective data breach response plan to
minimize damages if they occur
• Discover common mistakes made by companies in
responding to a data breach
3. Welcome to Proformative
Proformative is the largest and fastest growing online
resource for senior level corporate finance, treasury,
and accounting professionals.
A resource where corporate finance and related
professionals excel in their careers through:
• Uniquely valuable, online Peer Network
• Direct subject-matter-expert advice
• Valuable Features and Resources
All of it completely noise-free
Check it out at www.proformative.com
4. Ask, Share, Learn – Within the Largest Community of Corporate Finance Professionals
Identify and Avoid the Top 5 Data
Breach Costs
Daimon Geopfert, National Leader, Security and
Privacy Consulting Technology Risk Advisory
Services, McGladrey LLP
5. Agenda
• Breach Overview
• Breach Statistics
• Top 5 Costs
• Recommendations
• Q and A
6. Breach Overview
• What is a data breach?
• Actual release or disclosure of information to an
unauthorized individual/entity that relates to a person and
that:
– May cause the person inconvenience or harm
(financial/reputational)
• Personally Identifiable Information (PII)
• Protected Healthcare Information (PHI)
– May cause your company inconvenience or harm
(financial/reputational)
• Customer data, applicant data
• Current/former employee data, applicant data
• Corporate information/intellectual property
7. Breach Overview
Handling the Long-
Term Consequences
Managing the
Short-Term
Crisis
Evaluation of
the Event
Discovery of an
Event
Notification from
internal or external
sources:
Internal Monitoring
Employees
Law Enforcement
Third-Parties
Forensic investigation
and legal review
Direct Response Costs
and Losses
Response and Legal Experts
Bank Accounts
Notification and credit
monitoring
Lawsuits
Regulatory fines, penalties,
and consumer redress
Public relations
Reputational damage
Income loss
• What does a breach look like?
8. Breach Overview
• What are the sources?
2014 Verizon Data Breach Report
9. Breach Overview
• We still hear quotes today that lost materials (laptops,
hard drives, tapes, paper, etc.) are the largest source
of data loss but this stopped being true around 2008
• Lost materials often have significant single incident
expenses and are caused by low-complexity factors
• External attacks have become the bulk, consistent
source of data loss
• Hacking, malware, and social engineering attacks will
account for 80%-90% of breaches
– aka. “The big three”
10. Breach Overview
• More about that “big 3”
• Hacking:
– “Traditional” hacking is used post-breach not as the original entry point
– Current methods focus on web apps and browser plugins
• Client side and drive-by attacks
• Malware:
– Finding and purchasing non-detectable malware in the underground market is trivial
– Modern anti-virus is an 80-20 proposition at best
• Social Engineering
– Why bother to do all the heavy lifting involved with “hacking” when you can just ask
someone to do something for you?
– While there is a technical component the attack is against human nature
11. Identify and Avoid the Top 5 Data
Breach Costs
Thank you for your interest in this presentation.
View the on-demand webinar or download the full
presentation at:
www.Proformative.com
Notas do Editor
Poll #1: On average, what is the time it takes for a company to notice that they have been breached?
a) 1 day
b) 3 days
c) 7 days
d) 30 days
e) Over 30 days