Contents
1.1.2 Unprotected Personal Information
1.1.3 Quantifying Dark Breaches
1.1.5 Dark and Darker Breaches
1.2.2 Raise Your Hand if You’ve Had a Data Breach
1.2.3 Cybersecurity Vendor Data
2.2 The Five Data Breach Risk Factors
2.4 Anonymization and Renonymization
2.4.1 Anonymization Gone Wrong
2.4.2 Big Data Killed Anonymity
2.5.1 Pharmacies: A Case Study
3.1.2 Data Breaches Are Different
3.1.4 The Four Stages of a Crisis
3.2 Crisis Communications, or Communications Crisis?
3.2.6 Uber’s Skeleton in the Closet
3.3.5 Crisis Communications Tips
4.1 The Birth of Data Breaches
4.1.1 Data Breaches: A New Concept Emerges
4.2.1 The Identity Theft Scare
4.2.2 The Product Is . . . You
4.2.3 Valuable Snippets of Data
4.2.4 Knowledge-Based Authentication
4.3.1 The Smoldering Crisis Begins . . .
4.4.1 Ain’t Nobody Here But Us Chickens
4.4.2 Just California . . . Really
4.4.3 . . . Oh, and Maybe 110,000 Other People
4.4.6 That New Credit Monitoring Thing
4.4.7 Act Now, While Goodwill Lasts
4.5.3 Implement Additional Access Controls
4.6.2 A Time for Introspection
4.6.3 Testifying before Congress
4.8.1 Cybersecurity Starts at the Top
4.8.2 The Myth of the Security Team
5.2.1 From Fraud to Data Breaches
5.3.6 Modern Dark Data Brokers
5.4.1 Personally Identifiable Information
Chapter 6 Payment Card Breaches
6.1 The Greatest Payment Card Scam of All
6.2.1 How Credit Card Payment Systems Work
6.2.7 Poor Consumers, After All
6.3.3 Security Standards Emerge
6.4.1 PCI Data Security Standard
6.4.3 The Man behind the Curtain
6.5.1 Operation Get Rich or Die Tryin’
6.5.2 Point-of-Sale Vulnerabilities
6.5.8 Data Breach Legislation 2.0
6.6.2 Retroactively Noncompliant
6.6.4 Making Lemonade: Heartland Secure
6.7 PCI and Data Breach Investigations
6.7.1 PCI Forensic Investigators
6.7.2 Attorney-Client Privilege
7.1.2 Small Businesses Under Attack
7.1.3 Attacker Tools and Techniques
7.2.1 Two-Factor Authentication
7.2.2 Vulnerability Management
7.2.4 Account and Password Management
7.3.4 Home Depot Did a Better Job
7.4.3 To Reissue or Not to Reissue?
7.5.1 Alternate Payment Solutions
7.5.3 Changing the Conversation
7.5.4 Preventing Data Breaches . . . Or Not
8.2 Technology Supply-Chain Risks
8.2.1 Software Vulnerabilities
8.2.3 Hacking Technology Companies
Chapter 9 Health Data Breaches
9.1 The Public vs. the Patient
9.1.2 Data Breach Perspectives
9.3 HIPAA: Momentous and Flawed
9.3.1 Protecting Personal Health Data
9.3.3 The Breach Notification Rule
9.3.5 Impact on Business Associates
9.4.2 Mandated Information Sharing
9.5.1 More Breaches? Or More Reporting?
9.5.2 Complexity: The Enemy of Security
9.5.3 Third-Party Dependencies
9.5.4 The Disappearing Perimeter
9.6.4 Learning from Medical Errors
Chapter 10 Exposure and Weaponization
10.3.3 Cooperation: A New Model
10.3.7 Timed and Synchronized Releases
10.3.8 Takedown Attempts Backfire
11.2.2 Encryption and Decryption
11.2.5 Is Ransomware a Breach?
11.3.1 Regulated Data Extortion
12.1 Growth of Cyber Insurance
12.4 Commercial Off-the-Shelf Breach Response
12.4.1 Assessing Breach Response Teams
12.4.2 Confidentiality Considerations
12.5 How to Pick the Right Cyber Insurance
12.5.1 Involve the Right People
12.5.2 Inventory Your Sensitive Data
12.5.3 Conduct a Risk Assessment
12.5.4 Review Your Existing Coverage
12.5.6 Review and Compare Quotes
12.6 Leverage Your Cyber Insurance
13.2.1 Business Email Compromise (BEC)
13.3.1 The Beauty of End-to-End Encryption
13.3.2 The Ugly Side of End-to-End Encryption