what the hack
play

What The Hack! Aldo Leiva Jorge Rey Agenda Introduction - PowerPoint PPT Presentation

Aug 23, 2023 •722 likes •1.09k views

What The Hack! Aldo Leiva Jorge Rey Agenda Introduction Cybersecurity Trends Legal Framework For Cybersecurity Compliance How Are Organizations Getting Hacked Oops, you clicked on the link. Now what? Best Practices and

  1. What The Hack! Aldo Leiva Jorge Rey

  2. Agenda • Introduction • Cybersecurity Trends • Legal Framework For Cybersecurity Compliance • How Are Organizations Getting Hacked • Oops, you clicked on the link. Now what? • Best Practices and Discussion 2

  3. Disclosure • These materials should not be considered legal advice and are not intended to nor do they create an attorney-client relationship • The materials are general and may not apply to a particular individual legal or factual circumstances • Information presented is based on educational needs of attendees and independent of commercial interests.

  4. Cybersecurity Trends Advanced Threat Innovation 3rd Party Exploits Stuxnet Document Malware Conficker Detection & APT Worms Response Cyber Threshold OS Exploits Crime DoD Technology & Virus Intrusions Complexity Morris Cloud / Mobile Virtualization VoIP Desktops Mainframes Ameriprise Heartland Target Typewriters Phones Paper Today >1940 TJ Maxx Sony AOL DNC / NFL JPMC Countrywide RSA 4

  5. Legal Framework for Cybersecurity • Federal Law • Guidelines (IRS, NY State Dept Financial Services, AICPA Code of Conduct) • State Law • Contract Law

  6. Federal Law • More than 30 Federal laws relate to Data Protection or Privacy Protections • Electronic Communications Privacy Act of 1986 (ECPA) prohibits unauthorized electronic eavesdropping. • Cyber Security Research and Development Act (2002) established research responsibilities in cybersecurity for the National Science Foundation (NSF) and NIST.

  7. Federal Law • Gramm Leach Bliley Act - Requires financial institutions to protect the security and confidentiality of customers’ personal information; authorized regulations for that purpose. • Fair and Accurate Credit Transactions Act of 2003 (FACTA)- Required the FTC and other agencies to develop guidelines for identity theft prevention programs in financial institutions, including “red flags” indicating possible identity theft. • Health Insurance Portability and Accountability Act (HIPAA)

  8. IRS Guidelines/Resources • IRS Publication 4557- Safeguarding Taxpayer Data - Security Software - Policies and Procedures/Education - Scanning/Updates - Data Loss Prevention • IRS Publication 4524- Taxes, Security - Security measures for clients/taxpayers

  9. IRS Alerts • Irs.gov - Security Summit Homepage • IRS Twitter/Facebook

  10. New York State Department of Financial Services (DFS) • 2014 • Cybersecurity protocol for banks- but good benchmark for professional firms to start process of data protection

  11. AICPA Code of Professional Conduct • Rule 301- CPAs shall not disclose any confidential client information without the specific consent of the client • Includes loss of information to unauthorized parties by malware, inadvertent disclosure, hacking, or other means. • Applies to all CPA practice areas, including tax, audit, advisory and other services • Data sets retained by CPA

  12. Florida Information Protection Act • Effective July 1, 2014 • Applies to “a sole proprietorship, partnership, corporation, trust, estate, cooperative, association, or other commercial entity that acquires, maintains, stores, or uses personal information.” • Includes accountants, lawyers, tax preparation services

  13. FIPA – Personal Information • Individual’s first name or first initial in combination with any one or more of the following: (1) SSN (2) Driver License or ID card number (3) Financial Account number/credit card number (4) Medical History, Treatment, Diagnosis (5) Health insurance policy/ID number OR

  14. FIPA – Personal Information • User name or email address in combination with password or security question and answer that would permit access to an online account

  15. Exceptions • Does not include information about an individual that has been made publicly available by a federal, state, or local government entity • Does not include information that is encrypted, secured, or modified by any method/technology that removes elements that personally identify an individual or renders it unusable

  16. PII stored by Tax Professionals • Employee Information (SSN, DOB) • Financial Information (tax returns) • Payment information • Documentary support (bank info, checks, etc.)

  17. FIPA Requirement for Data Security • Each covered entity SHALL take reasonable measures to protect and secure data in electronic form containing personal information • “Reasonable measures” are not defined in the statute

  18. Breach Notice Requirements • Notice to affected individuals within 30 days from the time breach is discovered • Must notify each individual “in this state” whose personal information was or is believed to have been accessed as a result of a breach • Such notice may be delayed upon written request of law enforcement authorities, if notice would interfere with a criminal investigation

  19. Notice Requirements (500+) • If breach affects 500 or more persons, must also notify Florida Department of Legal Affairs no later than 30 days after determination of the breach or reason to believe a breach occurred, although an additional period of up to 15 days may be granted for good cause, if so authorized by the Florida Department of Legal Affairs

  20. Notice Requirements (1,000+) • If the breach requires notification to more than 1,000 individuals at a single time, the covered entity must also notify credit reporting agencies “without unreasonable delay”

  21. Notice Exemptions • No notice required IF after appropriate investigation and consultation with the relevant law enforcement authorities, the covered entity reasonably determines that the breach has not and will not likely result in identity theft or financial harm to affected individuals • Determination must be documented and filed with FL Department of Legal Affairs within 30 days

  22. Notification of breach by vendor • Third parties must notify you of a breach no more than 10 days after a data breach • Once notified, affected parties must be notified within 30 days of such notice

  23. FIPA Penalties • (1) $ 1,000 per day, during the first 30 days • (2) $ 50,000 for each following 30 day period (up to 180 days) • (3) Up to a maximum of $ 500,000.00 for any violation

  24. Out of State Implications • Tax professionals may be storing PII of individuals that have moved and now reside in other states • If such server containing such PII is breached, other state law data breach notification laws may apply (47 different laws- no national standard)

  25. Other Considerations • HIPAA/HITECH • PICC • EU Data Protection Laws, other foreign data protection laws

  26. Other Liability • Contractual- Law firm/hiring entity- indemnification • Spoliation claim (litigation) • Reputation • Identity Theft – Negligence

  27. How Are Organizations Getting Hacked Phishing and Spear phishing is the top cyber threat to you and your organization. Every day 80,000 people fall victim to a phishing scam • • Around 156 million phishing emails are send every day. • 4,000 ransomware attacks have occurred daily (since 2016) On average, 12% of people get phished (click, download, • etc…), but only 3% report it to management. 27

  28. Some of the Attacks For Profit Wire Fraud State Attacks on State Attacks on Business Government • JPMorgan • Ubiquiti • Anthem • Office of Chase Networks Sony Pictures Personnel • • eBay • Entertainment Management Target ThyssenKrupp US • • • • Ransomware Government Dea Attacks Yahoo • Democratic National Committee 28

  29. How It Happens 29

  30. Fraud Sample 30

  31. Fraud Sample

  32. Oops, you clicked on the link. Now what? • Prepare for Assessment • Retain forensic specialist and counsel to trigger attorney client privilege • Consider law enforcement notification • Follow breach assessment/response plan • Preserve Evidence/Lock down system • Assess breach notification requirements

  33. Oops, you clicked on the link. What else? • Notify affected parties • Notify relevant state/federal authorities • Public Information Officer and/or external media consultant • Notify credit card companies and credit reporting bureaus

  34. Best Practices & Discussion • Assess your infrastructure (preferably by independent third party) to ensure that “reasonable measures” are in place • Third party audit to ensure that PII is encrypted according to applicable law • Tech inventory • Assess existing policies and procedures • Assess exposure and cyberliability coverage

  35. Be Proactive • Written response plans, policies and procedures • Confidentiality agreements • Education/training • System assessments • Indemnification from subcontractors/vendors • Consult with Counsel and Data Security Experts

  36. Thank You Jorge Rey Aldo Leiva jrey@kaufmanrossin.com aml@lubellrosen.com (561) 620-1727 (305) 442-9211

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes

SLIPPERY SLIDES HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads Hard-Boiled Egg Hack Goes Viral on Twitter By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyand our Terms of Service.

1.1k views • 3 slides
Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want

Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want

Hack The CPython Batuhan Taskaya @isidentical What is hacking? Why do we hack? Yes, we want FREEDOM! We want to use PEP313! Before we hack, Learn the internals Lexing - Tokenization - Read #define NEWLINE 4 #define INDENT

670 views • 36 slides
Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where

Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where

Geoffrey Vaughan Lets Hack NFC How does NFC work? How could we hack it? Where are the weaknesses? What are the security implications? Security Compass and NFC Currently we are devoting a lot of energy towards NFC

704 views • 35 slides
ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly

ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly

ART SLIDES: VAN GOGH EDITION HACK.|100% WORKING!|NEW METHOD|HACK TOOL. Free Buy 30 coins Nearly 1, Paintings and Drawings by Vincent van Gogh Digitized and Put Online | Hacker News For people who don't live close to huge cities with big

269 views • 3 slides
SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland

SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland

SSA Introduction Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2013 saarland university computer science 1 Another kind of CFGs p D ( ) x e x e D ( ) q Effects on edges. Nodes called Nodes are

310 views • 19 slides
FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1

FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1

FC2015 RSDYK Dyke quality assessment by remote sensing Robert Hack Robert Hack 14-Apr-09 1 FC2015-RSDYK - Hack Pilot project: RSDYK2008 Trial to establish whether remote sensing in combination with geological knowledge can be used for

826 views • 10 slides
Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017

Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017

Code Generation: Intro Sebastian Hack hack@cs.uni-saarland.de Compiler Construction 2017 Saarland University, Computer Science 1 Code Generation Consists (roughly) of three parts: 1. Instruction Selection Select processor instructions for

282 views • 9 slides
SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make

SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make

SLIPPERY SLIDES HACK and CHEATS.|100% WORKING!|NEW METHOD|HACK TOOL. Free No Ads 7 Hacks To Make Your Boots Slip-Proof May 18, Attach your Water hose. Wet your slide, this just helps for the first few slides. Once the kids get going, their

308 views • 3 slides
Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 17. Dezember 2013 saarland university computer science 1 Value Numbering a := 2 a := 3 x := a + 1 x := a + 1 y := a + 1 Replace second computation of a + 1 with a copy from x 2

223 views • 20 slides
Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland

Global Value Numbering Sebastian Hack hack@cs.uni-saarland.de 5. Dezember 2017 Saarland University, Computer Science 1 Value Numbering a := 2 a := 3 x := a + 1 x := a + 1 y := a + 1 Replace second computation of a + 1 with a copy

394 views • 22 slides
The Premise: Hack in Paris, 2015 I may be right on some stuff. Probably wrong on other bits.

The Premise: Hack in Paris, 2015 I may be right on some stuff. Probably wrong on other bits.

The Premise: Hack in Paris, 2015 I may be right on some stuff. Probably wrong on other bits. Analogue is meant to help people think differently. This is the Hack in Paris 2015 version, and is subject to all sorts of changes as the

963 views • 80 slides
Sebastian Hack, Christian Hammer, Jan Reineke Saarland University Static Program Analysis

Sebastian Hack, Christian Hammer, Jan Reineke Saarland University Static Program Analysis

Sebastian Hack, Christian Hammer, Jan Reineke Saarland University Static Program Analysis Introduction Winter Semester 2014 Slides based on: H. Seidl, R. Wilhelm, S. Hack: Compiler Design, Volume 3, Analysis and Transformation, Springer

616 views • 27 slides
Report from DAQ Simulations Hack Days Georgia Karagiorgi & Michael Baird Nov. 9, 2016

Report from DAQ Simulations Hack Days Georgia Karagiorgi & Michael Baird Nov. 9, 2016

Report from DAQ Simulations Hack Days Georgia Karagiorgi & Michael Baird Nov. 9, 2016 Organized by the DUNE DAQ Simulations Task Force [https://cdcvs.fnal.gov/redmine/projects/dune/wiki/DAQ_Simulations] Hack Days indico page, with links to

520 views • 12 slides
New Ways Im Going to Hack Your Web App Rich Lundeen,

New Ways Im Going to Hack Your Web App Rich Lundeen,

New Ways Im Going to Hack Your Web App Rich Lundeen, Jesse Ou, Travis Rhodes MicrosoE Boss Engineering Security Team & Office 365 Pen Test

1.28k views • 103 slides
Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University

Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University

The Derivative Finite Difference Floating Point Arithmetic Complex Analysis Crash Course Hack the Derivative Hack the Derivative! Erik Taubeneck Software Engineer October 20th, 2015 American University Math/Stat Dept Colloquium The

1.39k views • 106 slides
Hack the Derivative! Erik Taubeneck GameChanger Media - Software Engineer and Data Maven Were

Hack the Derivative! Erik Taubeneck GameChanger Media - Software Engineer and Data Maven Were

Calculus Crash Course Finite Difference Floating Point Arithmetic Complex Analysis Crash Course Hack the Derivative Hack the Derivative! Erik Taubeneck GameChanger Media - Software Engineer and Data Maven Were hiring!

1.21k views • 89 slides
Protecting your Assets Sept 4th, 2014 Presented by: Chris Nyhuis Vigilant

Protecting your Assets Sept 4th, 2014 Presented by: Chris Nyhuis Vigilant

PSI Tech Expo Protecting your Assets Sept 4th, 2014 Presented by: Chris Nyhuis Vigilant LLC. 9/16/14 1 Chris Nyhuis cnyhuis@vigilantnow.com http://www.vigilantnow.com Owner of Vigilant

1.13k views • 35 slides
Is That a Worm or a Bot? Cyber Liability Insurance P R E S E N T E D T O C A S U A L T Y A C T

Is That a Worm or a Bot? Cyber Liability Insurance P R E S E N T E D T O C A S U A L T Y A C T

Is That a Worm or a Bot? Cyber Liability Insurance P R E S E N T E D T O C A S U A L T Y A C T U A R I A L S O C I E T Y B A L T I M O R E , M D O C T O B E R 4 , 2 0 1 2 B Y J O H N M E R C H A N T F R E E D O M S P E C I A L T Y I

326 views • 20 slides
Cyber Threats P R E S E N T E D T O C A S R E I N S U R A N C E S E M I N A R B O S T O N ,

Cyber Threats P R E S E N T E D T O C A S R E I N S U R A N C E S E M I N A R B O S T O N ,

Cyber Threats P R E S E N T E D T O C A S R E I N S U R A N C E S E M I N A R B O S T O N , M A S S A C H U S E T T S J U N E 4 , 2 0 12 Antitrust Notice 2 The Casualty Actuarial Society is committed to adhering strictly to the

577 views • 26 slides
The way forward Capital Raising Presentation This presentation is authorised for release on ASX by

The way forward Capital Raising Presentation This presentation is authorised for release on ASX by

For personal use only The way forward Capital Raising Presentation This presentation is authorised for release on ASX by the Board 10 July 2020 IMPORTANT NOTICES AND DISCLAIMER IMPORTANT NOTICES AND DISCLAIMER This presentation and materials

648 views • 47 slides
N Brown Group FY20 Results and Q1 FY21 Trading Update Transcript Steve Johnson: Good morning

N Brown Group FY20 Results and Q1 FY21 Trading Update Transcript Steve Johnson: Good morning

N Brown Group FY20 Results and Q1 FY21 Trading Update Transcript Steve Johnson: Good morning everybody and welcome to N Browns Preliminary results for FY20 and trading update for Q1 of this current financial year, FY21. Firstly, Id like

426 views • 16 slides
Data Security Breaches: The Growing Liability Threat Crafting and Implementing Policies to

Data Security Breaches: The Growing Liability Threat Crafting and Implementing Policies to

Data Security Breaches: The Growing Liability Threat Crafting and Implementing Policies to Prevent and Crafting and Implementing Policies to Prevent and presents presents Respond to Inadvertent Disclosures A Live 90-Minute

1.06k views • 70 slides
DRAFT TABLE OF CONTENTS I. EXECUTIVE SUMMARY

DRAFT TABLE OF CONTENTS I. EXECUTIVE SUMMARY

DRAFT TABLE OF CONTENTS I. EXECUTIVE SUMMARY ....................................................................... 4 SPP Value

1.27k views • 107 slides
FORWARD-LOOKING STATEMENTS This presentation made by Hawaiian Electric Industries, Inc. (HEI) and

FORWARD-LOOKING STATEMENTS This presentation made by Hawaiian Electric Industries, Inc. (HEI) and

FORWARD-LOOKING STATEMENTS This presentation made by Hawaiian Electric Industries, Inc. (HEI) and Hawaiian Electric Company, Inc. (Hawaiian Electric) and their subsidiaries contain forward-looking statements, which include statements that

719 views • 50 slides

More recommend