Time
56 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:00
breaking news that could affect your pocketbook. J. P. Morgan Just revealing on August data breach could affect 76 million household contact information like dresses from customers, but claims they have.
00:17
We didn't take a broad enough you of our responsibility. Mason. That wasn't an investigator break,
00:23
and it was my mistake of fact. And I'm sorry.
00:25
More than 21 million Information. US. Stolen Taking Data Thio six. Secret Service Major way more break troubling news. More trouble for you says it is just completed its investigation. Remember the recent reports of some sort.
00:51
This course is called preventing data breaches with a one logic.
00:56
This course covers the basic security concept needed to prevent data breaches.
01:02
It goes through the fundamental security concepts of information security and covers what the industry is doing not doing and should be doing to protect data.
01:12
Then it gives an overview of the information security market landscape today,
01:18
followed by recommending new concepts that information security professionals should keep in mind when designing in organizations Information Security program.
01:30
In Part one, we will discuss what a data breach is
01:34
and then go over some of the history of data breaches as it applies to the industry
01:38
and show why the industry is failing
01:42
and finally talk about attacker motivation.
01:46
A data breach is when private information is visible. Toe unauthorized parties.
01:51
Data breaches are so common that Europe's new GDP, our data privacy law, now directly address is it.
01:59
A data breach must be at a scale that is larger than what a human can remember. Type up right on paper or otherwise, manually reproduce.
02:07
For example, a top executive telling a secret to somebody else is not a data breach. But losing millions of credit card numbers or files is a data breach. Data breaches, hurt brands and erode customer trust.
02:22
For example, Yahoos data breach costed them $350 million in their evaluation. When they were being acquired by Horizon.
02:31
Over the last few years, the magnitude and frequency of data breaches have increased, making it a regular news headline
02:38
In the US we have heard about major brands getting breached, but these bridges are small and compares into the Yahoo Data Breach and the Indian government's At our Citizen Database data breach,
02:53
which lost about 2.1 billion records.
02:57
The other data breach is one of the biggest data breaches recorded in history.
03:00
Data breaches threatened all organizations,
03:04
from finance companies to retailers to governments, tech companies.
03:08
They threaten any organization that has private data that it wants to keep confidential.
03:15
The industry today is failing, and Attackers are winning due to many factors.
03:21
First of all, security products assume trust in user's devices and networks, which is rarely the case.
03:29
Also, the software and networks in today's enterprises are extremely large and complex, and there is rarely one person who has entered and knowledge of an organization's topology.
03:40
Additionally, it is difficult for enterprises to track what data is dares and where distort and when it is used.
03:49
Also, as the world just saw in the case of Facebook in Cambridge, Analytica, with today's technology sharing data, implies giving up control over the data.
04:00
Finally, security goes against usability of a system where users want usability and I T administrators want security.
04:10
Malicious insiders are members of an organization who violate the trust that the organization hasn't them
04:16
as faras cybersecurity. This trust could involve protecting the confidentiality of sensitive data such as intellectual property or other secrets.
04:27
Malicious insiders are still unsolved problem in the cybersecurity industry today.
04:32
A prime example of a malicious insider, regardless of political beliefs, is Edward Snowden at the US National Security Agency.
04:41
He was trusted by ESA toe work with sensitive data and held a security clearance.
04:46
He became famous for becoming a whistleblower and causing a massive data breach of NSA's classified information by stealing up to one million documents from ESA on a USB drive. Let's hear what Edward Snowden has to say in his own words.
05:01
Uh, my name is Ed Snowden. I'm 29 years old. I work for Booz Allen Hamilton as an infrastructure analyst for En ESA in Hawaii.
05:15
One of the things people are gonna be most interested in in trying to understand what who you are and what you're thinking
05:24
is there came some point in time when you cross this line of thinking about being a whistle blower to making the choice to actually become a whistleblower,
05:34
what people through that decision making process,
05:39
when you're in positions off of privileged access, like a systems administrator for these sort of intelligence community agencies, you're exposed to a lot more information on a broader scale than the average employee, and because of that, you see things that may be disturbing.
05:58
But over the course of a normal person's career, you'd only see one or two of these instances.
06:02
When you see everything, you see them on a more frequent basis and you recognize that some of these things are actually abuses. And when you talk to people about them in a place like this, where
06:15
this is the normal state of business,
06:17
people tend not to take them very seriously and you move on from them. But over time, that awareness of wrongdoing sort of builds up and you feel compelled to talk about it. And the more you talk about it, the more you're ignored, the more you're told it's not a problem
06:31
until eventually realized that these things need to be determined by the public, not by somebody who was simply hired by the government.
06:42
We just saw an interview with Edward Snowden, who falls into the third category of a whistle blower
06:47
attacker. Motivation falls into three main categories.
06:53
Nation states, criminal gangs and activists.
06:57
Nation state adversaries are politically motivated
07:00
and are particularly dangerous because they have huge government backed budgets and look for both information to compromise national security and gain industrial advantages.
07:12
A prime example is when U. S defense contractor Lockheed Martin's F 35 fighter jet designs were stolen by China for use in the Chinese military through a cyber attack and a data breach that resulted.
07:28
Criminal gangs are usually financially motivated and are looking for information with financial value.
07:33
They can be demotivated by increasing the attacker cost.
07:38
Finally, activists are politically or ideologically motivated whistle blowers or groups that are trying to get attention or have some other agenda.

Up Next

Preventing Data Breaches with A1Logic

In this course, we will cover the basic concepts needed to prevent Data Breaches. More specifically, we will go through the fundamental concepts of information security, and covers what the industry is doing and not doing to protect sensitive information and data.

Instructed By

Instructor Profile Image
A1 Logic
Instructor