Cost of PII – Corporate Response Mr. Brian Tillet Chief Security Strategist

1. Cost of PII– Corporate Response Mr. Brian Tillet Chief Security Strategist Public Sector Division Symantec Corporation

2. If FSA was a bank… where would it rank?

3. 8th Largest US Financial Institution Total Assets $ Billion $2,264 $2,247 $1,957 $1,260 $937 $831 $771 $424 $412 $366 • Bank of America • JP Morgan Chase • Citigroup • Wells Fargo • Goldman Sachs • Morgan Stanley • Metlife • U.S. Dept. of Education / Federal Student Aid • Deutsche Bank US (Taunus) • HSBC source. Federal Reserve June 2011, FSA 2010 Annual Report. • The size of FSA and FSA affiliates financial assets make FSA a target for data breaches.

4. Agenda • Adversary Profiles • Attack Process • Game winning catches • Question & Answers

5. Chief Adversaries Nationalists Crime Rings Malicious Insiders Hacktivists

6. Adversary Profile: Crime Rings

7. Adversary Profile: Malicious Insiders

8. 3 2 1 4 Targeted Attacks INCURSION Attacker breaks in via targeted malware, improper credentials or SQL injection CAPTURE Access data on unprotected systems Install root kits to capture network data EXFILTRATION Confidential data sent to hacker team in the clear, wrapped in encrypted packets or in zipped files with passwords DISCOVERY Map organization’s systems Automatically find confidential data

9. Threat Landscape Targeted Attacks continue to evolve Less sophisticated attacks also caused significant damage Avg. # of Identities Exposed/Data Breach by Cause

10. Threat Activity Trends Data Breaches by Sector Volume of Data Breaches by Sector Avg. # of Identities Exposed per Data Breach by Sector

11. Key Findings

12. Alleged Disgruntled Soldier Steals 200,000+ Classified Documents • SETUP • Army intelligence analyst in Iraq who was ostracized by peers and demoted • Disdainful of the military’s alleged inattention to computer security • Downloaded classified information on to CDs (CD-RW) • Linked up with hacker community to expose data via WikiLeaks • IMPLICATIONS • Damaging leak of classified video of friendly fire incident • Highly classified communications were compromised • Could compromise U.S. interests globally Malicious Insider U.S. Army vs.

13. Breach Risk Management • Data Loss Prevention Endpoint Prevent: It could have blocked cutting and pasting confidential military information into a new file and then sending it electronically outside the organization by burning the data to a CD/DVD • Data Loss Prevention Endpoint Discover: It could have found concentrations of confidential information downloaded to anyone PC and alerted IT or security. 13 13

14. Winning Catches Targeted Attack MaliciousInsider Well-Meaning Insider Tech Company Financial Services US Federal Agency • Situation • Network overtaken by hackers • “Carder” ring on corporate machines • Situation • Planning a reduction in force • Rumors circulate • Employees tried stealing data • Situation • Employee data leaving via the network • Needed to determine scale of breach • Results • Investigations team flown out • Aided by local law enforcement • Prosecuted perpetrators • Results • Blocked emails containing confidential data • Prevented loss of thousands of customer records • Results • Data on servers for application testing • Cleaned up exposed data • Fixed broken business process 14

15. How to Stop Data Breaches Protect information proactively Automate review of entitlements Identify threats in real time Integrate security operations Prevent data exfiltration Stop targeted attacks

16. Next Steps & Questions 1 Where is your sensitive data and where is it going? Are your critical systems well protected?