Recorded:   March 18 | 2014     Play

In December 2013, US retailer Target suffered a high profile data breach at the hands of a cybercriminal group, who infected its point-of-sale (PoS) terminals with malware to steal the details of around 110 million customers. Marcus Group's systems were also compromised recently and crooks made off with customer card details, while several other merchants are reported to be preparing to go public with their own breaches.

Data breaches are nothing new but we are seeing a significant increase in incidents, and 2013 was the worst year in terms of data breaches recorded to date. According to the Online Trust Alliance over 740 million records were exposed in 2013, and they determined that 89% of all breach incidents were avoidable had basic security controls and best practices been enforced. Join us as we discuss some key lessons learned from the recent breaches and:

• Discuss how malware aimed at retailers is evolving on a daily basis;
• Analyze the tools and methodology employed hackers to bypass security;
• Address steps retailers and banking institutions should take to secure their networks;
• Provide procedural and technical steps for securing third party code;
• Discuss how to develop an effective Data Incident (DIP) Plan, including a communication strategy.

Speakers

Brandon Dunlap is the Managing Director of research at Brightfly. He has more than 15 years of experience managing business technology risk in large and small organizations. He has served in a variety of roles across heavily regulated industries, successfully leading all aspects of IT security programs, including policy and procedure management, oversight and control, strategy, architecture, development, and training. Currently, he is the Managing Director of Research of Brightfly, an independent, advisory and research firm that focuses on building a collaborative IT practitioner communities and bridging the gaps within information technology, security, risk, compliance, and audit disciplines.

Terence Spies is the Chief Technology Officer at Voltage Security. He has over 19 years of security and systems software development experience, working with leading companies such as Microsoft, Asta Networks and others. Terence now serves as Chief Technology Officer, overseeing the expansion of Voltage technology into new application areas such as mobility, payments and other areas where application data security is required. He is active within the standards community and currently serves as chair of X9F1, the Cryptographic Tools group of X9 whose charter is to draft cryptographic algorithm standards for use in the financial industry. Terence graduated with a Bachelor of Science degree in Logic and Computation from Carnegie Mellon University.

Chris Merritt is the Director of Solutions Marketing for Lumension. He has worked for over a decade in the software industry, along with previous experience in the solar, semiconductor and defense industries. In his role at Lumension, he leads the market positioning and strategy for Lumension’s endpoint and data protection solutions. Prior to joining Lumension, Chris held various engineering, technical marketing and product management roles at high tech companies, and has lived & worked in Europe and Japan. Chris earned a BSME from the University of Illinois and an MBA from Thunderbird.

Matt Getzelman is the PCI Practice Director at Coalfire and his experience with financial systems security covers a broad spectrum of disciplines including audit and assessment for merchants of all sizes, processors, and banks. He has more than nine years of experience working with financial systems security. His experience covers a broad spectrum of security disciplines from application and systems development to securing multiple distributed platforms, mainframe and acquiring financial environments. Matt has audit and assessment experience across the entire hierarchy of financial organizations from the largest processors and banks, Fortune 500 companies and on down to the smallest of merchants.