Data Breaches - when application security goes wrong presented at OWASP AppSecAsiaPac 2012

by Mark Goudie,

Tags: Security

Summary : 2011 was another transformational year in computer security incidents with sensitive data being stolen by hactivists, insiders with legitimate access, self taught and untrained hackers, highly customised malware outbreaks and increases in corporate espionage. The victims of these data breaches in 2011 where a different demographic as now we are witnessing attacks against household brand names and infrastructure that we have not seen in the past. Like other historical events, we are doomed to repeat these mistakes if we do not learn from them.
The presentation will illustrate how sensitive data is stolen using metrics from over 1,000 cases of confirmed data breach. We will illustrate who is stealing the sensitive data, why they are doing it, and what can be done to protect against further data breach. By using data from real world investigations we are able to use an evidence based risk management approach. This enables our analysis to bring the critical problems to the surface and focus the attention on what truly matters to remediate the root causes of data breaches. Recommendations are presented in a very prescriptive and practical fashion so they are immediately implementable.