using data from breaches
play

Using Data from Breaches What is the User Level of Comfort? - PowerPoint PPT Presentation

Jul 07, 2023 •363 likes •556 views

Using Data from Breaches What is the User Level of Comfort? Yingquan Yu My story Source: https://infosecurity.cathaypacific.com/ How many online accounts compromised through data breach? 5,575,703,782 Source: https://haveibeenpwned.com

  1. Using Data from Breaches What is the User Level of Comfort? Yingquan Yu

  2. My story Source: https://infosecurity.cathaypacific.com/

  3. How many online accounts compromised through data breach? 5,575,703,782 Source: https://haveibeenpwned.com

  4. What happen to the data that was compromised during the breach? Most of the times become available in the black market for free/paid download

  5. Several Use for Data from Breach Research Look up service Proactive Security Investigate Journalism

  6. Research Questions • Do user understand breaches ? • What are acceptable uses for breached data ?

  7. User understand risk of breaches Identity Theft 93% Personal Data Loss Understand the meaning of data Monetary Loss breach What is their level of comfort with various uses of breached data?

  8. Scenario based assessment • N = 10,000 • US, IN, DE, UK, AU, CA • 8 scenario total, 2 scenario per participant

  9. Sample Scenario Background • Global Inc • Email, Chat, Blogs, Profile Page • Username and password stolen • Sold on black market for $$$ • Example: • A researcher from UIUC • Investigate online security (password strength) • Buy a copy from black market for research

  10. Scenarios Competitor use Researcher use Look Up Service: Revealing a Tax Evasion breached data to breached data for Have I been pwned Scam advertise their service security research Proactive Protection: Revealing Dating Site Private Profiles Process Password Dump Treat Intelligence: Notify Payment Service Treat Intelligence: Notify Social Network Service Security Investigate Journalism Marketing Researcher

  11. Scenario: Threat Intelligence Comfort Level: 40% Comfortable, 20% Neutral “ I don’t have any issue with hacked “ Global Inc has already failed firm contacting them. It is probably in securing my data, and I do the best thing to do. They can reset not trust them to make any my password before anyone has a effort to secure my data chance to try and hack my account ” elsewhere in the future ”

  12. Scenario: Security Research Scenario: Security Research Comfort Level: 15% Comfortable, 10% Neutral Comfort Level: 15% Comfortable, 10% Neutral “ I have faith that this action “I have faith that this action “ It’s incredibly unethical for the will ultimately contribute to will ultimately contribute to “It’s incredibly unethical for the researcher to buy passwords research that will make the research that will make the researcher to buy passwords from from hackers. It’s no different general population less general population less hackers. It’s no di ff erent than someone vulnerable in the long run.” than someone buying a car that vulnerable in the long run. ” buying a car that was stolen.” was stolen. ”

  13. Level of comfort highest for scenarios with direct security benefit Direct Security Benefit Proactive Threat Hacked Or Journalism Competitor/ Journalism Scanning Intelligence Not Research and (Dating) (Tax Scam) Marketing sharing Service Protection Most Comfortable Comfort Spectrum Least Comfortable

  14. Order Preserved Regardless of buy vs free download Proactive Hacked Or Journalism Competitor/ Journalism Scanning Not Research and (Dating) (Tax Scam) Marketing Service Protection Most Comfortable Comfort Spectrum Least Comfortable

  15. Comfort Spectrum consistent across countries

  16. Prior victims of data breach expressed significantly higher level of comfort Victims more comfortable on • Proactive Measures (No matter data is purchased or free) • Damage Control Measure (Both financial and social network data) • Hacked or not Service (Only if data is free)

  17. Implications for company Breached company Articulate how any Proactively reset password need to be security service can And lock down accounts transparent and provide a direct benefit From further damage notify victims to the victims “ “ “ This is a proactive step from I have faith this action will I think it’s imperative for the company, and one that ultimately contribute to the company to tell people they are not obligated to do. making the general population whose data has been This makes me feel like the less vulnerable in the long run accessed. Companies should company cares about not control but rather protecting my identify empower ” ” ”

  18. Back to my story Source: https://infosecurity.cathaypacific.com/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

https://xkcd.com/838/ Data Breaches This years study analyzed 524 breaches that occurred

https://xkcd.com/838/ Data Breaches This years study analyzed 524 breaches that occurred

https://xkcd.com/838/ Data Breaches This years study analyzed 524 breaches that occurred between August 2019 and April 2020, in organizations of all sizes, across 17 geographies and 17 industries. The 2020 Cost of a Data Breach

289 views • 17 slides
Using Data from Breaches What is Users Level of Comfort? Sowmya Karunakaran, Google Let's start

Using Data from Breaches What is Users Level of Comfort? Sowmya Karunakaran, Google Let's start

SOUPS 2018 Using Data from Breaches What is Users Level of Comfort? Sowmya Karunakaran, Google Let's start with a pop quiz... Roughly, how many online accounts have been compromised through data breaches? 5,371,008,023 SOURCE:

1.03k views • 18 slides
Data Awareness: Privacy and Safety First half of 2019 saw 3800+ publicized data breaches in US

Data Awareness: Privacy and Safety First half of 2019 saw 3800+ publicized data breaches in US

Data Awareness: Privacy and Safety First half of 2019 saw 3800+ publicized data breaches in US 142 privacy breaches in Alberta this year as of Aug 21 2019: https://www.oipc.ab.ca/decisions/breach-notification-decisions.aspx Digital Se Digital

78 views • 3 slides
Sid Shetye CEO & Founder sid@crypteron.com 858-342-1617 The Problem Data breaches 2

Sid Shetye CEO & Founder sid@crypteron.com 858-342-1617 The Problem Data breaches 2

1 Sid Shetye CEO & Founder sid@crypteron.com 858-342-1617 The Problem Data breaches 2 $$$ Compliance fines, Customer goodwill, Lawsuits, Lights out Basically, anyone building connected apps should be concerned Stages of a data

432 views • 15 slides
Responding to Skyrocketing Cyber Attacks Managing Risk, Responding to Breaches and OCR

Responding to Skyrocketing Cyber Attacks Managing Risk, Responding to Breaches and OCR

Presenting a live 90-minute webinar with interactive Q&A Data Breaches in Healthcare: Responding to Skyrocketing Cyber Attacks Managing Risk, Responding to Breaches and OCR Investigations, Minimizing HIPAA Liability THURSDAY, MARCH 24, 2016

795 views • 76 slides
GDPR Data Security and Breaches 10 December 2019 Newcastle | Leeds | Manchester 2 What we

GDPR Data Security and Breaches 10 December 2019 Newcastle | Leeds | Manchester 2 What we

GDPR Data Security and Breaches 10 December 2019 Newcastle | Leeds | Manchester 2 What we will look at today Technical and Organisational Security Handling data breaches Case law Newcastle | Leeds | Manchester 3 Data

929 views • 76 slides
ETHICAL DISCLOSURE OF DATA BREACHES COREY TODALEN WHAT IS A DATA BREACH? The

ETHICAL DISCLOSURE OF DATA BREACHES COREY TODALEN WHAT IS A DATA BREACH? The

ETHICAL DISCLOSURE OF DATA BREACHES COREY TODALEN WHAT IS A DATA BREACH? The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the

707 views • 13 slides
Neutralize Data Breaches Using data-centric security on NonStop Prashanth Kamath U Sr. Product

Neutralize Data Breaches Using data-centric security on NonStop Prashanth Kamath U Sr. Product

Neutralize Data Breaches Using data-centric security on NonStop Prashanth Kamath U Sr. Product Manager NonStop Enterprise Division Forward-looking statements This is a rolling (up to three year) Roadmap and is subject to change without

400 views • 26 slides
Data Security Breaches: Problems And Solutions Steven C. Bennett With a combination of risk

Data Security Breaches: Problems And Solutions Steven C. Bennett With a combination of risk

Data Security Breaches: Problems And Solutions Steven C. Bennett With a combination of risk assessment, technical solutions, and stafg training, it is possible to keep data secure. InformatIon Is the new currency of commerce. Sensitive data,

380 views • 6 slides
Protecting Yourself Against Scams and Data Breaches During Coronavirus Crisis ... and Beyond

Protecting Yourself Against Scams and Data Breaches During Coronavirus Crisis ... and Beyond

Protecting Yourself Against Scams and Data Breaches During Coronavirus Crisis ... and Beyond Daler Radjabov, Esq. NYCLA CLE Institute Todays topics CoronaVirus related scams How to secure your online identity How to protect your

514 views • 22 slides
Bank Claims for Target-Type Breaches: Leveraging Litigation Theories, Assessing and Pleading

Bank Claims for Target-Type Breaches: Leveraging Litigation Theories, Assessing and Pleading

Presenting a live 90-minute webinar with interactive Q&A Bank Claims for Target-Type Breaches: Leveraging Litigation Theories, Assessing and Pleading Damages Recovering Losses Due to Third-Party Data Breaches and Response Planning to Protect

946 views • 55 slides
Nowcasting Firm Performance and Data Breaches Using API Data Seth Gordon Benzell, Jonathan Hersh,

Nowcasting Firm Performance and Data Breaches Using API Data Seth Gordon Benzell, Jonathan Hersh,

Nowcasting Firm Performance and Data Breaches Using API Data Seth Gordon Benzell, Jonathan Hersh, Guillermo Lagarda & Marshall Van Alstyne MIT IDE, Chapman University, IADB, Boston University Funding by Accenture, Apigee & Mulesoft is

478 views • 33 slides
Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing

Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing

Presenting a live 90-minute webinar with interactive Q&A Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing D&O Risk With Internal Controls, Insurance, and Indemnification; Defending Derivative

1.28k views • 79 slides
Law Firm Data Breaches and Legal Malpractice Risks Assessing Vulnerabilities, Defending

Law Firm Data Breaches and Legal Malpractice Risks Assessing Vulnerabilities, Defending

Presenting a live 90-minute webinar with interactive Q&A Law Firm Data Breaches and Legal Malpractice Risks Assessing Vulnerabilities, Defending Professional Liability Claims, Evaluating Insurance Coverage TUESDAY, MAY 3, 2016 1pm Eastern

942 views • 62 slides
Data on Data Breaches: Past, Present and Future Adam Shostack and Chris Walsh Emergent Chaos

Data on Data Breaches: Past, Present and Future Adam Shostack and Chris Walsh Emergent Chaos

Data on Data Breaches: Past, Present and Future Adam Shostack and Chris Walsh Emergent Chaos This presentation represents the official position of the Emergent Chaos blog, not our employers Welcome to Sevilla From the Catalan Atlas by Abraham

649 views • 39 slides
Data on Data Breaches: Past, Present and Future Adam Shostack and Chris Walsh Emergent Chaos

Data on Data Breaches: Past, Present and Future Adam Shostack and Chris Walsh Emergent Chaos

Data on Data Breaches: Past, Present and Future Adam Shostack and Chris Walsh Emergent Chaos This presentation represents the official position of the Emergent Chaos blog, not our employers Welcome to Sevilla Navigational charts were kept

645 views • 37 slides
Decision Trees Lecture 23 To left or to right 1 Decision Trees 2 Decision Trees A different

Decision Trees Lecture 23 To left or to right 1 Decision Trees 2 Decision Trees A different

Decision Trees Lecture 23 To left or to right 1 Decision Trees 2 Decision Trees A different complexity measure 2 Decision Trees A different complexity measure Number of bits of input read 2 Decision Trees A different complexity measure

1.3k views • 107 slides
1

1

1

680 views • 20 slides
Protg Program First Wednesday Virtual Learning Series 2018 Hosts Christopher Eischen,

Protg Program First Wednesday Virtual Learning Series 2018 Hosts Christopher Eischen,

The All Small Mentor- Protg Program First Wednesday Virtual Learning Series 2018 Hosts Christopher Eischen, Procurement Center Representative SBA Office of Government Contracting, Area IV, Kansas City, MO Gwen Davis, Procurement Center

615 views • 36 slides
XCODE PROJECT INFRASTRUCTURE The lecture that will make you cry! AGENDA Projects / Workspaces

XCODE PROJECT INFRASTRUCTURE The lecture that will make you cry! AGENDA Projects / Workspaces

XCODE PROJECT INFRASTRUCTURE The lecture that will make you cry! AGENDA Projects / Workspaces Targets Schemes Build Settings Code Signing Entitlements.plist Info.plist PROJECTS / WORKSPACES WORKSPACES / PROJECTS Workspace Project1.

532 views • 30 slides
Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the Land: : Wh What t the Numbe mbers rs Tell l Us Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

722 views • 31 slides
Victim Legal Assistance Network A Georgia CJCC Vision 21 Project What is the Victim Legal

Victim Legal Assistance Network A Georgia CJCC Vision 21 Project What is the Victim Legal

Victim Legal Assistance Network A Georgia CJCC Vision 21 Project What is the Victim Legal Assistance Network? (VLAN) VLAN is a network of victim service providers Core Partners provide comprehensive, pro bono "no-cost" legal

692 views • 29 slides
Masterclass: Security in data, cloud and blockchain Professor Trish Williams Cisco Chair and

Masterclass: Security in data, cloud and blockchain Professor Trish Williams Cisco Chair and

Masterclass: Security in data, cloud and blockchain Professor Trish Williams Cisco Chair and Professor of Digital Health Systems Co-Director of Flinders Digital Health Research Centre College of Science and Engineering Flinders University,

839 views • 55 slides
HIP-based P2PSIP proxy HIP RG Meeting 70 th IETF Vancouver Joakim Koskela HIP-based P2PSIP

HIP-based P2PSIP proxy HIP RG Meeting 70 th IETF Vancouver Joakim Koskela HIP-based P2PSIP

HIP-based P2PSIP proxy HIP RG Meeting 70 th IETF Vancouver Joakim Koskela HIP-based P2PSIP P2PSIP in general: replace SIP server architecture with a DHT Used for routing messages and locating peers & services New challenges

219 views • 8 slides

More recommend