Kaseya Kaspersky Breaches

Copyright ©2014 Kaseya 1

The #1 Cause of Data Breachesand 3 Ways to Avoid Them

WEBINARSeptember 2014


Speakers

Alex BrandtVice President, Americas, KaseyaAlex Brandt is Vice President, Americas at Kaseya where he manages the national sales force and go-to-market strategies for Kaseya’s North American customer base. Alex’s career reflects 20 years of experience working with MSPs and IT organizations to more efficiently manage IT to drive the success of their businesses.

Cynthia JamesGlobal Director Business Development, CISSP, Kaspersky LabCynthia James is Global Director of Business Development at Kaspersky Lab where she has spent the last 7 years. She is a frequent presenter and blogger on cybercrime topics for hardware and software developers like Kaseya who integrate Kaspersky’s anti-malware technology into their products. She obtained her CISSP in 2011.

Agenda

• Threatscape level set - • 3 worst things going on in cybercrime today • Ransomware

• Breach definition, legislation and reporting• The #1 cause of data breaches in 2014• Top 3 tactics to defeat a breach• Other security essentials • Solutions & Case Studies• Winner of $100 Amazon Gift Card• Q & A

Copyright ©2014 Kaseya

Where are, where we’ve come from

• 200K unique pieces of malware in 2006; 315K per DAY by Q4 2013• Cybercrime will NEVER stop

(Over315K/day )

Where many end usersthink we are

Security threats in 2014

Cybercriminals earn over $100 billion annually!1. No need to be technical:

malware can be rented – it’s easier than ever 2. Cybercrime markets extremely

organized and sophisticated – anything can be sold

3. Constant innovation and debugging - by us!

Ransomware

• Cryptolocker – a encryption Trojan (Sept 2013) • Estimated $27M earned in first 2 months (41% vs 3%

paid)• Huge issue in Russia• 52% of infections are in the US• Spread primarily thru spam & phishing • Goes after backup files if they are on the network• Can spread from home network thru VPN to corporate

network • 2.0 “version” in December + CryptoDefense, etc.

Let’s talk about data breaches!

• Definition: “an unauthorized person viewed, copied, transmitted, used or took possession of sensitive, protected or confidential data”

1. Did they only have access or did actually view it or take possession of it?

2. Is there reason to believe they misused it? 3. How many records?

• Why report if no one* will find out? • *victims, employees, customers, law enforcement, the

press, banks, compliance agencies

The data breach reporting problem

• Typical breach-reporting language: “when there is a reasonable likelihood of harm”; “tell victims in a timely manner”

• Who to report to? Feds, state, agency?* • Three states have NO laws

1. Breach notification is costly– Process, fines, loss of customers, lawsuits

2. No one ever wants to report a breach3. We don’t hear about the majority of breaches! 4. When we do hear…it’s about PII

Legislation & Compliance – it’s only about PII (although IP matters too)

• Compliance (HIPAA, etc.) • Federal: US is working to unify breach laws – adding prison terms for

knowingly concealing a breach• EU will complete that this year (2014)

across 28 European countries – to apply to any company with data from EU citizens • How soon post-breach to report • What to report • How to notify customers • Compliance rules (security minimums, fines, etc.)

• Up to 2% of gross revenues, breaks for SMBs

• Canada – stronger than US law, not as strong as Europe• Who’s PII are you holding?

Looking at breaches: the research

• Who is most likely to report? • Healthcare – due to HIPAA• Education – due to HIPAA (on campus healthcare) or

“code of ethics” or transparency or liability

• What are they reporting?• PII

• How likely is it that we get full reporting? • Except for Healthcare: far less than 100%

University of Maryland breach

• 287,000 records stolen• 78% were purged after the fact!

• $5M allocated • Biggest take-away: • The Three Ps –

• Purge (free) • Push off-line (cheap) • Protect (expensive: cost of layers + liability)

Biggest Breaches in Education 2014

• College of the Desert, CA – inadvertent email, PII on all employees

• Douglas County School District, Colorado – via stolen laptop

• Univ of Illinois, Chicago – haven’t said yet how many

• Orangeburg Calhoun Tech College, Orangeburg, SC – 20K via stolen laptop

• Penn State College of Medicine - 1176 student records

• University of California Irvine – 1.5 months of key logging student health center

• Uxbridge School District and Milford Schools – 3K students, laptop stolen from a 3rd party billing provider (Multistate Billing Services)

• Butler University, Indianapolis – 160K records hacked (informed by law enforcement)

• Orange Public School District – teen hacked grades, is being charged

• The University California, Washington Center – didn’t say how many

• Riverside Community College – 35K students – emailed file to the wrong address

• Stanford Federal Credit Union: 18K emailed to the wrong employee (destroyed?)

• Arkansas State University College – “unauthorized access”

• Iowa State – 30K hack

• University Pittsburgh Medical Center – 27K (originally reported 800)

• UMASS Memorial (May) malicious insider hack

Biggest Breaches in Healthcare 2014

• Community Health Systems – 4.5 million records…+IP? • Access Health Connecticut – employee backpack stolen w/500 patient documents • Rady’s Children’s Hospital, San Diego, CA – 14K patient data emailed out by mistake • Redwood Regional Medical Group, Santa Rosa, CA 33K patients‘ information on a stolen

thumb drive “back up” left in a “zipped container in an unlocked locker”• Boulder Community Health, Boulder, CO – “friendly” hack (warning) • Blue Shield of California, San Francisco – “inadvertent disclosure” • St Vincent Breast Center, Indianapolis – “inadvertent disclosure via letters”• Apple Valley Christian Care Center, Apple Valley, CA – breach via “technical glitch” • 3K patients at Bay Area Pain Medical Associates in Sausalito, CA - stolen laptop • Penn Medicine – receipts stolen from unlocked office at Pennsylvania Hospital • Baylor Regional Medical Center, Dallas TX – phishing scam to physicians, at least partially

successful, may have compromised database• Vermont Health Exchange – easily hacked because default password not changed nor was the

list of authorized people restricted. “No customers compromised”

Characterizing breaches in 2014

• Healthcare – records are constantly on the move (Fin Serv too)• 85% employee error • 15% deliberate

• Education Breaches 2014 • 55% based on employee error or stolen, unencrypted laptops • 45% deliberate hacks

• Almost 100% of these are outside hackers: • Federal agencies

→ The #1 cause is employee error!!!*

* Doesn’t include the times employees open the door to cybercriminal attacks

Top 3 protection strategies

1. Encrypt PII and other valuable data• At rest or in motion• Outsource if possible

2. Practice the three Ps for all valued data • Purge• Push off-line OR • Protect

3. Restrict access to only educated employees

Employee education

• Make the case based on failure rates of employees in your business sector

• Education should be mandated for access to PII • Will liability or fines be the outcome of future forensics

investigations? (RSA’s $72M man)

• What’s the cost of a breach compared to a harassment lawsuit?

• A good goal: BEGIN fostering a sense of mutual accountability for security

Other security essentials!

• Forced, automated, application patching• Remove unused apps (requires inventory) • Enforced Policies – access, compliance, passwords • Oversight: ensure logging, auditing, reporting

• To meet compliance• Support forensics work to ascertain cause

• Keep backups off network!


About Kaspersky Lab

• Founded in 1997; largest private anti-malware company – 100% focused on anti-malware

• Over $700M annual revenues • Presence in 27 countries: CEO is Russian; incorporated

in the UK; new to US market in 2005 • #1 vendor in Germany, France, Spain, Eastern Europe• Protecting over 300 million end points • Top supplier to OEMs/ISVs of anti-malware worldwide

About Kaseya

• Founded in 2000• Over 10,000 customers and a presence in over 20 countries• Award-winning IT systems management software offered

both in the cloud and on-premise• Serving both Managed Service Providers and middle-market

IT departments• Serving customers across industries including retail,

manufacturing, healthcare, education, government, media, technology, finance, and more


About AuthAnvil acquisition

• Kaseya acquired Scorpion Software in August• Multi-factor authentication• Single sign on (SSO) and web-based SSO• Password management

• Secure, easy access to applications, from any device• Industry’s first comprehensive and integrated Security

and IT Management as a Service solution


How Kaseya can help your security

• Single pane of glass to manage and secure your systems• Integrated AuthAnvil• Integrated Kaspersky AV

• Patch management to keep OS and software up-to-date and free of vulnerabilities

• Policy management and automation to reduce human error and ensure compliance

• Logging and reporting to ensure infrastructure compliance


Case Studies – Shield Watch

• Cryptolocker detected• Ransom = 3 bitcoins per machine

• Timeline• Deactivated server and workstation network cards• Kicked off KAV scan on each machine• Quarantined infected machine• Put others back on network• Restored corrupted files from VSS• Network restored in 1 hour, 35 minutes• Infected workstation restored from image 10 minutes later

• 1 hour 45 minutes from detection to full fixCopyright ©2014 Kaseya

Case Studies – True North

• Stolen laptop with PII on the hard drive• Timeline

• Sent alert when laptop was booted up• Removed company data & PII• Took control, under the radar so basic functions still worked• Captured screenshots of the thief’s activity, including

Facebook post: “YES got a new lap top today!!!and I’m loving it”

• Obtained name and photo from Facebook and sent to police• Recovered laptop and restored from backup

• 48 hours from theft alert to operational machine



Questions and Answers

#Kaseya

Kaseya Kaspersky Breaches

Documents

Transcript of Kaseya Kaspersky Breaches