2
How Safe Are You?
3
How Safe Are You?
Data Breaches by Sector in 2012-2013
3% 3%
4%
5%
Healthcare
6% 36% Education
Government
Accounting
6% Computer Software
Financial
Information Technology
9% Telecom
Computer Hardware
Community/Non Profit
13%
16%
4
Source: Symantec Internet Security Threat Report April 2013
How Safe Are You?
5
How Safe Are You?
Facebook, Gmail and Twitter Breach
November 2013, hackers stole usernames and
passwords for nearly two million accounts at
Facebook, Google, Twitter, Yahoo and ADP.
The massive data breach was a result of key logging
software maliciously installed on an untold number of
computers around the world. The virus captured log-in
credentials for key websites and sending those
usernames and passwords to a server controlled by the
hackers. Approximate numbers of accounts:
•318,000 Facebook •70,000 Gmail, Google+ and
YouTube •60,000 Yahoo •22,000 Twitter •8,000 ADP
•8,000 LinkedIn
6
How Safe Are You?
Target Data Breach
December 2013, credit and debit card information of as many
as 70 million customers was compromised over three weeks
of the holiday shopping season —one of the largest breaches
ever of American consumer data.
Target said that the information compromised included
customer names, card numbers, expiration dates and the
short verification codes known as CVVs.
It is believed that hackers broke into the retailer's network
using login credentials stolen from a heating, ventilation and
air conditioning company that does work for Target at a
number of locations.
7
How Safe Are You?
Blue Cross Blue Shield Breach
December 2013, a pair of laptops containing
unencrypted patient data was stolen from Horizon
Blue Cross Blue Shield of New Jersey’s Newark
headquarters. The Apple MacBook Pros held
information from almost 840,000 Horizon BCBSNJ
members.
It is believed that the laptops, which were cable-
locked to workstations, contained information
including names, addresses, dates of birth, clinical
information, and Social Security numbers.
8
How Safe Are You?
NSA Surveillance Program Breach
Edward Snowden, the high-profile Booz Allan government
contractor, received widespread headlines for releasing
data on the National Security Agency's surveillance
program as part of its counter terrorism activities.
This security breach is an example of the internal threats
posed to organizations.
Snowden was with Booz Allan for only three months,
assigned to a team in Hawaii. Snowden had access to top-
secret data and over time used a thumb drive to take
thousands of confidential documents, damaging to the
NSA.
9
A Year in Review
10
The Cost of Cyber Crime Services
Service for Sale Cost of Service
12
*Source: Symantec Internet Security Threat Report – December 2013
A Year in Review
Top 5 Social Media Attacks, 2013
Fake Offering – Invites users to join a fake event
81% Fake Offering or group with incentives such as free gift cards.
Joining often requires users to share credentials
or send a text to a premium rate number.
7% Likejacking
Likejacking – Using fake “Like” buttons to install
malware.
6% Fake Plug-in Fake Plug-in Scams – Tricked into downloading
fake browser extensions on their machines.
14
Cyber Security - 2014
Priorities and Concerns for 2014
• Social Media Will Continue to Grow
• As they go mobile and add payment mechanisms, they will attract even more attention
from online criminals with malware, phishing, spam and scams.
• Criminals will target teenagers, young adults and other people who may be less guarded
about their personal data and insufficiently security-minded to protect their devices and
avoid scams.
16
Anatomy of a Hacked Mobile Device:
How a hacker can profit from your smartphone
17
Top 10 Cyber Attack Methods
18
Top 10 Cyber Attack Methods
19
Top 10 Cyber Attack Methods
20
Top 10 Cyber Attack Methods
21
Top 10 Cyber Attack Methods
22
Top 10 Cyber Attack Methods
23
Security Counter Measures
24
Why do we care about this?…
• Financial Loss
• Customer or personal Data Loss
• Business Disruption
• Closing Accounts
• Reregistering Accounts
• Reputational Business Risks
25
Apply Business Security Policies
26
System Patching
27
Know your Business Partners
28
Cloud Email Anti-SPAM & Anti-Virus
29
Wireless Device Control
30
Protection on Your Devices and Systems
Anti-Virus
Anti-Malware
Host Intrusion Prevention
HIPS
Content Filtering
SPAM Filtering
Network Access Control
Application Control 31
Columbia Bank - Managing Risks
32
Managing the Risk
Best Practice # 1 – Separation of Duties
33
Managing the Risk
Best Practice # 2 – Stronger Password
34
Managing the Risk
35
Managing the Risk
Best Practice # 4 – Dual Transaction Control
36
Managing the Risk
Best Practice # 5 – Dual Transaction Control Plus
37
Managing the Risk
Best Practice # 6 - Education
38
Managing the Risk
Best Practice # 7 – Protection
39
Managing the Risk
40
Managing the Risk
Key solutions for better protection…
• Enhanced Multifactor Authentication (MFA)
• Method for security code delivery
• Tokens
• Protection for ACH and Wire transactions
• Wire procedures
• ACH profile controls
41
Managing the Risk
Key solutions for better protection…
• Browser Security for Columbia Bank Access
• Secures and Encrypts the session
• Alerts of possible issues
• Back End Monitoring Tools
• Advanced activity monitoring
• Based on patterns of behavior
• Alerts of possible issues
• Communication
42
In Summary…
43
In Summary…
44
You can’t do everything….
But don’t do nothing!
45
What Questions do we have?
46
Thank you for your business!
Thank you for attending !
47