Often defenders worry about the intangible security problems. Defenders need to concentrate their efforts defending the enterprise by focusing on the fundamentals. Too often issues such as patching or system configuration failures lead to system compromise. These along with issues such as SQL injection are preventable problems. Defenders can best protect their digital assets by first understanding the sheer magnitude that a data breach can have on an enterprise. Yahoo is a prime example of how the balance has changed for defenders from that of an annoyance regarding a data breach to an issue with potentially severe financial penalties. They have publicly confirmed 2 major data breaches and the most recent disclosure concerns 1 billion records. In this talk I review my findings after analyzing hundreds of data breach disclosures as it pertains to what went wrong.
Presented at Security Fest 2017.Speaker: Dave Lewis
Dave Lewis has almost two decades of industry experience. He has extensive experience in IT operations and management. Currently, Lewis is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and cohost of the Liquidmatrix podcast. Lewis also serves on the (ISC)2 Toronto Chapter Board of Directors. Lewis writes a column for CSO Online and Forbes.