Ask, Share, Learn – Within the Largest Community of Corporate Finance Professionals

Identify and Avoid the Top 5 Data Breach Costs

• Develop effective controls to help identify an incident early and correct the issue before damage is done

• Develop an effective data breach response plan to minimize damages if they occur

• Discover common mistakes made by companies in responding to a data breach

Learning Objectives

After attending this event you will be able to:

Welcome to Proformative

Proformative is the largest and fastest growing online resource for senior level corporate finance, treasury, and accounting professionals.

A resource where corporate finance and related professionals excel in their careers through: • Uniquely valuable, online Peer Network

• Direct subject-matter-expert advice

• Valuable Features and Resources

All of it completely noise-freeCheck it out at www.proformative.com

Ask, Share, Learn – Within the Largest Community of Corporate Finance Professionals

Identify and Avoid the Top 5 Data Breach CostsDaimon Geopfert, National Leader, Security and Privacy Consulting Technology Risk Advisory Services, McGladrey LLP

• Breach Overview

• Breach Statistics

• Top 5 Costs

• Recommendations

• Q and A

Agenda

• What is a data breach?

• Actual release or disclosure of information to an unauthorized individual/entity that relates to a person and that:

– May cause the person inconvenience or harm (financial/reputational)

• Personally Identifiable Information (PII)

• Protected Healthcare Information (PHI)

– May cause your company inconvenience or harm (financial/reputational)

• Customer data, applicant data

• Current/former employee data, applicant data

• Corporate information/intellectual property

Breach Overview

Breach Overview

Handling the Long-Term Consequences

Managing the Short-Term

Crisis

Evaluation of the Event

Discovery of an Event

Notification from internal or external sources:Internal Monitoring

EmployeesLaw Enforcement

Third-Parties

Forensic investigation and legal review

Direct Response Costs and Losses

Response and Legal Experts

Bank Accounts

Notification and credit monitoring

Lawsuits

Regulatory fines, penalties, and consumer redress

Public relations

Reputational damage

Income loss

• What does a breach look like?

Breach Overview

• What are the sources?

2014 Verizon Data Breach Report

• We still hear quotes today that lost materials (laptops, hard drives, tapes, paper, etc.) are the largest source of data loss but this stopped being true around 2008

• Lost materials often have significant single incident expenses and are caused by low-complexity factors

• External attacks have become the bulk, consistent source of data loss

• Hacking, malware, and social engineering attacks will account for 80%-90% of breaches– aka. “The big three”

Breach Overview

• More about that “big 3”

• Hacking:– “Traditional” hacking is used post-breach not as the original entry point

– Current methods focus on web apps and browser plugins

• Client side and drive-by attacks

• Malware:– Finding and purchasing non-detectable malware in the underground market

is trivial

– Modern anti-virus is an 80-20 proposition at best

• Social Engineering– Why bother to do all the heavy lifting involved with “hacking” when you can

just ask someone to do something for you?

– While there is a technical component the attack is against human nature

Breach Overview

Thank you for your interest in this presentation.

View the on-demand webinar or download the full presentation at:

www.Proformative.com

Identify and Avoid the Top 5 Data Breach Costs