Security Leaders Offer Real-World Advice for Stronger Breach Prevention and Response
“We thought we were doing the right things, but it turns out we couldn’t keep up with evolving attacks.”
We recently hosted an in-depth discussion with two seasoned CxOs who have successfully led through worst case scenarios: breaches that exposed customer data.
SpyCloud’s Chip Witt speaks with Harry D. Fox, former CIO of CareFirst BlueCross BlueShield, and Damian Taylor, former CISO of Landry’s, about the impact of recent breaches and how the companies responded and remediated.
They share lessons learn on:
The nuances of responding to breaches stemming from phishing and malware
Communicating with boards of directors about recovery plans and findings
Handling media relations & notifying customers
Investing in new early-detection solutions to stay ahead of evolving threats
Making big strategic shifts in cybersecurity programs, policy changes, and company culture post-breach
It’s a rare peek into the aftermath of data breaches from the C-suite that’ll help you better prepare your own prevention and response plans.
About the CareFirst Breach
CareFirst is a health insurance provider serving more than 3 million individuals and groups in the Maryland and the Washington metropolitan area. Affecting 1.1M customers, the breach stemmed from a phishing incident with the same digital signature as the attackers who compromised Anthem. Learn more here.
About the Landry’s Breach
Landry’s 60 brands include seafood and steak restaurants like Morton’s and McCormick & Schmick’s, as well as Golden Nugget hotels and casinos. Of their 600 properties, 350 were affected by a malware attack designed to steal cardholder names, card numbers, expiration dates, and verification codes. Learn more here.
Watch the Webinar
Surviving a Data Breach
Damian Taylor, Former CISO of Landry’s
Damian is a computer science and information security expert, a retired U.S. Naval Officer, and currently serves as the Senior IT Specialist for the United States Postal Service Office of the Inspector General. Prior his current role, he served as the Chief Information Security Officer for Landry’s, Inc. and Fertitta Entertainment (parent company of the Houston Rockets).
Damian’s information security career stretches back 20+ years as he’s served in multiple IT security roles throughout the Department of Defense with a focus on national security, information privacy, computer network defense, penetration testing, compliance, cybersecurity policy & strategy development.
Damian has a M.S. in Information Technology Management with a concentration in IT Security, CIO and CISO graduate certificates from National Defense University and a graduate certificate in Advanced Computer Security from Stanford University. He has taught IT Security courses as an adjunct professor and spoken at multiple IT Security focused events.
Harry D. Fox, Former CIO of CareFirst
Harry Fox is currently a Principal at Oak Advisor’s Group, a strategic advisory firm focusing on the intersection of information technology and healthcare.
Harry was the Executive Vice President, Chief Information Officer and Shared Services Executive at CareFirst Blue Cross Blue Shield from 2011 to mid-2018. CareFirst is a $9.0 billion not-for-profit health care company offering a comprehensive portfolio of health insurance products and administrative services to 3.2 million individuals and groups in Maryland, the District of Columbia, and Northern Virginia. Harry was the most senior out executive at CareFirst and was the Executive Sponsor for ProPride, CareFirst’s LGBTQ Associate Resource Group.
Harry has also held senior-level positions at Kaiser Permanente, Coventry Health Care (now Aetna), and PricewaterhouseCoopers, and serves on the boards of multiple private equity-backed companies and not-for-profit organizations.
Harry is a graduate of the Wharton School, where he received an M.B.A. in finance.
Chip Witt, Vice President of Product Management
Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the VP of Product Management at SpyCloud, where he drives the company’s product vision and roadmap. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.
The SpyCloud Difference
SpyCloud provides offers early detection of potentially compromised accounts – those using credentials that have appeared in a third-party breach and are therefore at risk of account takeover. And we automate the remediation of exposed passwords, enabling enterprises to lock down accounts quickly, before damage is done.
Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.
If your account takeover prevention program primarily focuses on automated credential stuffing attacks, you may be leaving your organization exposed to serious losses. Learn more in this webinar we hosted with ISMG.