SlideShare une entreprise Scribd logo

The Unseen Enemy - Protecting the Brand, the Assets and the Customers

BDO_Consulting
BDO_Consulting

Michael Barba and Jeff Hall discuss the most pressing cyber-threats facing retailers and what companies can do in the event of a cyber breach, data loss or claim. Mr. Barba is a managing director and Mr. Hall is a senior manager with BDO Consulting.

BusinessTechnologie
1  sur  18
Télécharger pour lire hors ligne
THE UNSEEN ENEMY PROTECTING THE BRAND, THE ASSETS AND THE CUSTOMERS
Technology – Connecting the world…  9 billon connected devices predicted to rise to 24 billion by 2020  If Facebook were a country, it would be the 3rd largest in the world  Facebook kicks off over 1000 users per day because they are too young  In 2011, more video was uploaded to YouTube in a two month time period than if ABC, CBS, and NBC had been airing new content 24/7/365 since: 1948 Page 2
In the News Page 3
Recent Studies  2013 Trustwave Global Security Report • Retail industry made up 45% of data breach investigations studied (15% increase from 2011) • E-commerce sites were #1 targeted asset, accounting for 48% of all investigations  Symantec • Cumulative bill for cyber crimes in 24 countries totaled $388 billion last year • 431 million adults experienced some form of cyber crime last year, equating to nearly 1.2 million people per day or 14 per second Page 4
Why Should Retailers Be Concerned?  Retail industry is now the top target for cybercriminals  Annual U.S. retail e-commerce spending has surged 143% since 2004 to $161.52 billion last year. In fact, a report from IRMG indicates that internet/mobile shopping increased 15% in 2013.  Early estimates indicate that 20% of the upcoming holiday sales will be online  E-commerce attacks are emerging as a growing trend, surpassing the amount of point-of-sale attacks  Financial cost of a cyber attack is higher for businesses that sell products on the front-end, such as retailers  The SEC is pushing to require that companies disclose data breaches in their financial statements Page 5
What Must Retailers Protect? Page 6 Credit card information Private employee data Intellectual Property Customer Information Reputation and good will Confidential business information
How Breaches Occur Criminal Act by Outsider Vendor Error Human Error Page 7 Technology Failure Employee Misconduct
Case Studies Resource: Retail Fail: Walmart, Target Fared Worst In Def Con Social Engineering Contest Page 8
What are the options for handling the risk? Retain Allocate Transfer Page 9 Keep the risk within the organization Involve counsel to shift risk to suppliers and business partners Transfer the risk to another entity
Types of Insurable Risks Third Party Page 10 First Party
Costs  Types • Hard • Soft • Time  Retail companies see much more significant costs around cyber attacks  According to Neustar’s May 2012 report: • 65% of businesses said a site outage would cost them up to $10,000 an hour • 21% said it would cost $50,000/hour • 13% would lose $100,000/hour Page 11
What Do You Know About Your Data?  Location • Cloud • Physical environment • Is your data co-located?  Service Level Agreements • Breach notification  Law enforcement considerations need to be considered and addressed: • Requests to maintain secrecy or limit knowledge • Maintaining control of the investigation  Communications with insurers presumably are not privileged Page 12
Actions Following a Breach Functional Steps Deploy Preserve Identify Notify DEPLOY AN INCIDENT RESPONSE TEAM PRESERVE SYSTEM LOGS  IT Director  CIO  Human Resources  Legal  Internal or external security experts  Date, time, duration, and location of Page 13 breach
Actions Following a Breach (Continued) Functional Steps Deploy Preserve Identify IDENTIFY THE FOLLOWING NOTIFY  How was the breach discovered?  By whom?  Any additional details: • Entry and exit points • Compromised systems • Data deleted vs. modified vs.  Public relations  Insurance carrier viewed  Identify and understand details of the affected data Page 14 Notify
Insurance Recovery Considerations in the Face of a Security Breach or Data Loss or Claim  Timely notice of claim (claims made and reported?)  Involvement of counsel (internal & external) to review how coverage may respond. Consent to incur prudent or necessary expenses may be required: • Costs of crisis stage or legal compliance such as breach notification, credit monitoring, call center, forensics are vast majority of the expense on per record figures ($194 /record) • Defense expenses (private claims, regulatory claims)  Communications with insurers presumably are not privileged  “Labeling” of first party costs/categorization Page 15
Who Provides Services Around Cyber Risk? Preventative/ Proactive Assessment Technology/ Data Analytics Legal Page 16 Data Hosting/ Monitoring Forensic Accounting Public Relations
CONTACT Michael Barba, CISSP, CPP, DFCP, CNE, EnCE Managing Director, BDO USA, LLP mbarba@bdo.com 212-885-8120 Jeff Hall Senior Manager, BDO USA, LLP jhall@bdo.com 212-885-7339 Page 17
BDO is the brand name for BDO USA, LLP, a U.S. professional services firm providing assurance, tax, financial advisory and consulting services to a wide range of publicly traded and privately held companies. For more than 100 years, BDO has provided quality service through the active involvement of experienced and committed professionals. The firm serves clients through more than 40 offices and more than 400 independent alliance firm locations nationwide. As an independent Member Firm of BDO International Limited, BDO serves multinational clients through a global network of 1,204 offices in 138 countries. BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. www.bdo.com To ensure compliance with Treasury Department regulations, we wish to inform you that any tax advice that may be contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding tax-related penalties under the Internal Revenue Code or applicable state or local tax or (ii) promoting, marketing or recommending to another party any tax-related matters addressed herein. Material discussed in this publication is meant to provide general information and should not be acted on without professional advice tailored to your individual needs. © 2013 BDO USA, LLP. All rights reserved. www.bdo.com Page 18

Recommandé

George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
Don Grauel
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
EamonnORagh
 
Global Identity Fraud Report 2020
Global Identity Fraud Report 2020Global Identity Fraud Report 2020
Global Identity Fraud Report 2020
Shufti Pro
 
Accounting
AccountingAccounting
Accounting
jerryrabin
 
State of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingState of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in Banking
IJSRED
 
3 ways to respond to a records request
3 ways to respond to a records request3 ways to respond to a records request
3 ways to respond to a records request
Smarsh
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk management
Grant Thornton LLP
 
Solving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial ServicesSolving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial Services
Echoworx
 

Recommandé

George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
Don Grauel
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E CommerceEamonn O Raghallaigh Major Security Issues In E Commerce
Eamonn O Raghallaigh Major Security Issues In E Commerce
EamonnORagh
 
Global Identity Fraud Report 2020
Global Identity Fraud Report 2020Global Identity Fraud Report 2020
Global Identity Fraud Report 2020
Shufti Pro
 
Accounting
AccountingAccounting
Accounting
jerryrabin
 
State of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingState of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in Banking
IJSRED
 
3 ways to respond to a records request
3 ways to respond to a records request3 ways to respond to a records request
3 ways to respond to a records request
Smarsh
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk management
Grant Thornton LLP
 
Solving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial ServicesSolving the Encryption Conundrum in Financial Services
Solving the Encryption Conundrum in Financial Services
Echoworx
 
Smarsh social media trends, insights, and best practices from 2015 compliance...
Smarsh social media trends, insights, and best practices from 2015 compliance...Smarsh social media trends, insights, and best practices from 2015 compliance...
Smarsh social media trends, insights, and best practices from 2015 compliance...
Smarsh
 
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
Aspiration Software LLC
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
spencerharry
 
FINRA's Record-Breaking Sanctions of 2015
FINRA's Record-Breaking Sanctions of 2015FINRA's Record-Breaking Sanctions of 2015
FINRA's Record-Breaking Sanctions of 2015
Smarsh
 
Smarsh social media in investment banking
Smarsh social media in investment bankingSmarsh social media in investment banking
Smarsh social media in investment banking
Smarsh
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
 
Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!
tomciolkosz
 
Article global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wrightArticle global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wright
Paul Wright MSc
 
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitThe Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
Shawn Tuma
 
Ppt by
Ppt by Ppt by
Ppt by
hilalmir
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology Risk
William Gamble
 
The Enemy at the Gates: Payments Fraud Is a Symptom
The Enemy at the Gates: Payments Fraud Is a SymptomThe Enemy at the Gates: Payments Fraud Is a Symptom
The Enemy at the Gates: Payments Fraud Is a Symptom
mercatoradvisory
 
Emerging Privacy Themes That Will Impact Your Company
Emerging Privacy Themes That Will Impact Your CompanyEmerging Privacy Themes That Will Impact Your Company
Emerging Privacy Themes That Will Impact Your Company
IAB Canada
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
Paul Ferrillo
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
The Economist Media Businesses
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
DFickett
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Money 2Conf
 
Effective Negative News Screening
Effective Negative News ScreeningEffective Negative News Screening
Effective Negative News Screening
TransparINT, LLC
 
Forensic Technology Services-BDO USA, LLP
Forensic Technology Services-BDO USA, LLPForensic Technology Services-BDO USA, LLP
Forensic Technology Services-BDO USA, LLP
Monica Klunk
 
BDO Global Energy Middle Market Monitor
BDO Global Energy Middle Market MonitorBDO Global Energy Middle Market Monitor
BDO Global Energy Middle Market Monitor
BDO Spain
 
Informe de BDO sobre Consejeros y Alta dirección
Informe de BDO sobre Consejeros y Alta direcciónInforme de BDO sobre Consejeros y Alta dirección
Informe de BDO sobre Consejeros y Alta dirección
BDO Spain
 
Showcase BDO global websites
Showcase BDO global websitesShowcase BDO global websites
Showcase BDO global websites
TrueLime
 

Contenu connexe

Tendances

Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
Aspiration Software LLC
 
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitThe Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
Shawn Tuma
 
The Enemy at the Gates: Payments Fraud Is a Symptom
The Enemy at the Gates: Payments Fraud Is a SymptomThe Enemy at the Gates: Payments Fraud Is a Symptom
The Enemy at the Gates: Payments Fraud Is a Symptom
mercatoradvisory
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
Paul Ferrillo
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
DFickett
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Money 2Conf
 

Tendances (18)

Smarsh social media trends, insights, and best practices from 2015 compliance...
Smarsh social media trends, insights, and best practices from 2015 compliance...Smarsh social media trends, insights, and best practices from 2015 compliance...
Smarsh social media trends, insights, and best practices from 2015 compliance...
 
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
FINRA's Record-Breaking Sanctions of 2015
FINRA's Record-Breaking Sanctions of 2015FINRA's Record-Breaking Sanctions of 2015
FINRA's Record-Breaking Sanctions of 2015
 
Smarsh social media in investment banking
Smarsh social media in investment bankingSmarsh social media in investment banking
Smarsh social media in investment banking
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
 
Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!Preventing Nonprofit Banking Fraud and the Tools You Can Use!
Preventing Nonprofit Banking Fraud and the Tools You Can Use!
 
Article global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wrightArticle global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wright
 
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitThe Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
 
Ppt by
Ppt by Ppt by
Ppt by
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology Risk
 
The Enemy at the Gates: Payments Fraud Is a Symptom
The Enemy at the Gates: Payments Fraud Is a SymptomThe Enemy at the Gates: Payments Fraud Is a Symptom
The Enemy at the Gates: Payments Fraud Is a Symptom
 
Emerging Privacy Themes That Will Impact Your Company
Emerging Privacy Themes That Will Impact Your CompanyEmerging Privacy Themes That Will Impact Your Company
Emerging Privacy Themes That Will Impact Your Company
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2Conf
 
Effective Negative News Screening
Effective Negative News ScreeningEffective Negative News Screening
Effective Negative News Screening
 

En vedette

Forensic Technology Services-BDO USA, LLP
Forensic Technology Services-BDO USA, LLPForensic Technology Services-BDO USA, LLP
Forensic Technology Services-BDO USA, LLP
Monica Klunk
 

En vedette (8)

Forensic Technology Services-BDO USA, LLP
Forensic Technology Services-BDO USA, LLPForensic Technology Services-BDO USA, LLP
Forensic Technology Services-BDO USA, LLP
 
BDO Global Energy Middle Market Monitor
BDO Global Energy Middle Market MonitorBDO Global Energy Middle Market Monitor
BDO Global Energy Middle Market Monitor
 
Informe de BDO sobre Consejeros y Alta dirección
Informe de BDO sobre Consejeros y Alta direcciónInforme de BDO sobre Consejeros y Alta dirección
Informe de BDO sobre Consejeros y Alta dirección
 
Showcase BDO global websites
Showcase BDO global websitesShowcase BDO global websites
Showcase BDO global websites
 
BDO showcase
BDO showcase BDO showcase
BDO showcase
 
BDO Forensic Services
BDO Forensic ServicesBDO Forensic Services
BDO Forensic Services
 
CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...
CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...
CRM Integration Options–Scribe, SmartConnect, Microsoft Connector. What's the...
 
How to Manage Scope Change in Your Next Project | BDO Connections 2016
How to Manage Scope Change in Your Next Project | BDO Connections 2016How to Manage Scope Change in Your Next Project | BDO Connections 2016
How to Manage Scope Change in Your Next Project | BDO Connections 2016
 

Similaire à The Unseen Enemy - Protecting the Brand, the Assets and the Customers

Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Financial Poise
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
Michael C. Keeling, Esq.
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
James Fisher
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Financial Poise
 
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Financial Poise
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
Financial Poise
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Financial Poise
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
Numaan Huq
 

Similaire à The Unseen Enemy - Protecting the Brand, the Assets and the Customers (20)

Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to Know
 
Construction Cyber Risks
Construction Cyber RisksConstruction Cyber Risks
Construction Cyber Risks
 
The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...
The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...
The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
 
Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
 
The Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdfThe Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdf
 
Privacy Issues in Networked Economy
Privacy Issues in Networked EconomyPrivacy Issues in Networked Economy
Privacy Issues in Networked Economy
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Top Fraud Events & Scandals in The Payment Industry
Top Fraud Events & Scandals in The Payment IndustryTop Fraud Events & Scandals in The Payment Industry
Top Fraud Events & Scandals in The Payment Industry
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReport
 

Dernier

Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
lizamodels9
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
amitlee9823
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Dipal Arora
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
lizamodels9
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 

Dernier (20)

Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 

The Unseen Enemy - Protecting the Brand, the Assets and the Customers

  • 1. THE UNSEEN ENEMY PROTECTING THE BRAND, THE ASSETS AND THE CUSTOMERS
  • 2. Technology – Connecting the world…  9 billon connected devices predicted to rise to 24 billion by 2020  If Facebook were a country, it would be the 3rd largest in the world  Facebook kicks off over 1000 users per day because they are too young  In 2011, more video was uploaded to YouTube in a two month time period than if ABC, CBS, and NBC had been airing new content 24/7/365 since: 1948 Page 2
  • 4. Recent Studies  2013 Trustwave Global Security Report • Retail industry made up 45% of data breach investigations studied (15% increase from 2011) • E-commerce sites were #1 targeted asset, accounting for 48% of all investigations  Symantec • Cumulative bill for cyber crimes in 24 countries totaled $388 billion last year • 431 million adults experienced some form of cyber crime last year, equating to nearly 1.2 million people per day or 14 per second Page 4
  • 5. Why Should Retailers Be Concerned?  Retail industry is now the top target for cybercriminals  Annual U.S. retail e-commerce spending has surged 143% since 2004 to $161.52 billion last year. In fact, a report from IRMG indicates that internet/mobile shopping increased 15% in 2013.  Early estimates indicate that 20% of the upcoming holiday sales will be online  E-commerce attacks are emerging as a growing trend, surpassing the amount of point-of-sale attacks  Financial cost of a cyber attack is higher for businesses that sell products on the front-end, such as retailers  The SEC is pushing to require that companies disclose data breaches in their financial statements Page 5
  • 6. What Must Retailers Protect? Page 6 Credit card information Private employee data Intellectual Property Customer Information Reputation and good will Confidential business information
  • 7. How Breaches Occur Criminal Act by Outsider Vendor Error Human Error Page 7 Technology Failure Employee Misconduct
  • 8. Case Studies Resource: Retail Fail: Walmart, Target Fared Worst In Def Con Social Engineering Contest Page 8
  • 9. What are the options for handling the risk? Retain Allocate Transfer Page 9 Keep the risk within the organization Involve counsel to shift risk to suppliers and business partners Transfer the risk to another entity
  • 10. Types of Insurable Risks Third Party Page 10 First Party
  • 11. Costs  Types • Hard • Soft • Time  Retail companies see much more significant costs around cyber attacks  According to Neustar’s May 2012 report: • 65% of businesses said a site outage would cost them up to $10,000 an hour • 21% said it would cost $50,000/hour • 13% would lose $100,000/hour Page 11
  • 12. What Do You Know About Your Data?  Location • Cloud • Physical environment • Is your data co-located?  Service Level Agreements • Breach notification  Law enforcement considerations need to be considered and addressed: • Requests to maintain secrecy or limit knowledge • Maintaining control of the investigation  Communications with insurers presumably are not privileged Page 12
  • 13. Actions Following a Breach Functional Steps Deploy Preserve Identify Notify DEPLOY AN INCIDENT RESPONSE TEAM PRESERVE SYSTEM LOGS  IT Director  CIO  Human Resources  Legal  Internal or external security experts  Date, time, duration, and location of Page 13 breach
  • 14. Actions Following a Breach (Continued) Functional Steps Deploy Preserve Identify IDENTIFY THE FOLLOWING NOTIFY  How was the breach discovered?  By whom?  Any additional details: • Entry and exit points • Compromised systems • Data deleted vs. modified vs.  Public relations  Insurance carrier viewed  Identify and understand details of the affected data Page 14 Notify
  • 15. Insurance Recovery Considerations in the Face of a Security Breach or Data Loss or Claim  Timely notice of claim (claims made and reported?)  Involvement of counsel (internal & external) to review how coverage may respond. Consent to incur prudent or necessary expenses may be required: • Costs of crisis stage or legal compliance such as breach notification, credit monitoring, call center, forensics are vast majority of the expense on per record figures ($194 /record) • Defense expenses (private claims, regulatory claims)  Communications with insurers presumably are not privileged  “Labeling” of first party costs/categorization Page 15
  • 16. Who Provides Services Around Cyber Risk? Preventative/ Proactive Assessment Technology/ Data Analytics Legal Page 16 Data Hosting/ Monitoring Forensic Accounting Public Relations
  • 17. CONTACT Michael Barba, CISSP, CPP, DFCP, CNE, EnCE Managing Director, BDO USA, LLP mbarba@bdo.com 212-885-8120 Jeff Hall Senior Manager, BDO USA, LLP jhall@bdo.com 212-885-7339 Page 17
  • 18. BDO is the brand name for BDO USA, LLP, a U.S. professional services firm providing assurance, tax, financial advisory and consulting services to a wide range of publicly traded and privately held companies. For more than 100 years, BDO has provided quality service through the active involvement of experienced and committed professionals. The firm serves clients through more than 40 offices and more than 400 independent alliance firm locations nationwide. As an independent Member Firm of BDO International Limited, BDO serves multinational clients through a global network of 1,204 offices in 138 countries. BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. www.bdo.com To ensure compliance with Treasury Department regulations, we wish to inform you that any tax advice that may be contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding tax-related penalties under the Internal Revenue Code or applicable state or local tax or (ii) promoting, marketing or recommending to another party any tax-related matters addressed herein. Material discussed in this publication is meant to provide general information and should not be acted on without professional advice tailored to your individual needs. © 2013 BDO USA, LLP. All rights reserved. www.bdo.com Page 18