David Burg is a principal in PwC’s U.S. Advisory practice and PwC’s Global and U.S. Cybersecurity Leader. In this role he leads a team of cybersecurity professionals who assist multi-national businesses, private organizations and governments to understand, plan for and mitigate the risk of global cyber threats. Based in PwC’s office in McLean, VA., Dave leads a variety of engagements around the world, including work in connection with a number of significant sensitive data breaches and intellectual property thefts, hacking events, forensic investigations and security and vulnerability assessments for clients in a range of industries.
He has lectured at NYU’s Stern School of Business, Georgetown University, and Penn State University. Dave regularly contributes to and has been quoted in a variety of business and industry journals, including The Wall Street Journal CIO Journal, The Wall Street Journal Risk & Compliance Journal, The Washington Post, Financial Times, SC Magazine, CSO magazine, Consulting magazine and has been a guest on NPR. He has presented a wide range of topics at global corporations, law firms, industry events, and government agencies.
Dave holds an MBA from the College of William and Mary and a BA from the University of Pennsylvania.
How 3D printing puts manufacturers at risk of cybertheft
The rise of 3D printing provides a new portal for cyberthieves—so you better protect your trade secrets.
The FBI says you’ve been breached by a nation-state. Now what?
What to do if your company’s network falls victim to hacking by a nation-state.
Anatomy of a Skimmer Attack
Lately it seems every day brings news of a cybersecurity attack in the retail space. How do cyber criminals pull it off? Let’s break down the anatomy of a skimmer attack. Thieves install electronic software “skimmers” on point of sale (POS) terminals. As customers swipe their credit cards, these skimmers collect the track data— the electronically encoded data on the magnetic strip on the back of a credit card. The capture of track data enables a cybercriminal to create counterfeit cards. They do so by encoding the track data onto a new card with a magnetic strip. In addition to the track data, thieves can secure information about the store’s location and zip code. This data enables cybercriminals to enhance the value of the stolen card numbers and evade fraud detection techniques based upon card user zip codes. Some cybercriminals work with insiders. Insiders are unreliable and unmonitored employees, contractors, or vendors with authorized access to the retailer’s POS infrastructure. The insider can use both access and knowledge of the system to install the skimmer, establish the collection and exfiltration process and software, and either disable, circumvent, or otherwise remain under the visibility of security controls. If the thief is …
Espionage Tradecraft Targeting Businesses
Spies want what companies have—trade secrets, confidential business plans, and personally identifiable information. To mine this rich lode of data, foreign intelligence services, criminal organizations, and other groups have a sophisticated and varied set of tools. The use of cutting-edge technology in espionage against economic and other targets has dominated recent headlines. But intelligence collectors also employ longstanding human-based tactics, such as eliciting information from unsuspecting contacts, setting up face-to-face meetings to recruit and run sources, and “social-engineering” people into opening e-mails or accessing thumb-drives loaded with malicious code. Our increasingly connected digital world has created several new ways for attackers to exploit their targets and, conversely, new ways to be detected and caught: The interconnectedness of objects and people has made possible ubiquitous and nearly invisible surveillance. Foreign intelligence services and law enforcement agencies collect a wealth of data on espionage targets—including businesspersons and technical experts—and some transnational criminal organizations are developing similar capabilities. Media and other reports have highlighted several governments’ efforts to tap massive amounts of Internet and other communications. These surveillance efforts are boosted by social-networking sites (SNS). People divulge personal and professional information—both inadvertently and because they have been engineered or tricked into doing so—that …
The Internet of Things Raises New Security Questions
Within the last few years the number of devices connected to the Internet exceeded the number of people on the planet— some estimates placing the figure at over 10 billion Internet-connected objects. In coming years a growing number of things—food, furniture, livestock, buildings, clothing, medical devices and even entire cities—will be increasingly interconnected. While the Internet of Things (IoT) brings great convenience to daily life it is also creating significant and little explored security vulnerabilities that need to be carefully considered. As more devices and sensors get connected, we will see changes in business models across numerous sectors, precision marketing and advertising, and homes that are connected and automated. Companies, organizations and individuals need to begin preparing now for new vulnerabilities and threats resulting from the expansion of the interconnectivity that is at IoT’s core. As the number of networked objects grows exponentially, so too will data transmission and storage methods—as well as the number of threats. Organizations of all types will need to understand threats not only to their own networks but also to other networks as interdependencies increase. What’s Next for Internet of Things Security? The IoT holds great promise but there are new developments and factors that businesses …