Information Security - What's hot for 2013 - Jared Carstensen


Published on

Recent presentation on a look ahead at the Information Security Challenges for 2013.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Information Security - What's hot for 2013 - Jared Carstensen

  1. 1. What’s Hot in InformationSecurity - 2013Jared CarstensenEnterprise Risk Services - Security &
  2. 2. Hot Topics - 2013Keeping it Simple!• Apps• BYOC / BYOD• Consumerization of IT• Data Loss Prevention & Data Breaches• Evolution of InfoSec• Final Thoughts2 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  3. 3. Apps – Mobile Threat• Cloud Apps have become a daily part of life, and a necessity for many organisations to offer access and services in a convenient way. Warning: Queue cybercriminals and thegrowing trend of malicious, and cybercrime focussed Apps that canharvest all your phone data, the moment the user clicks “Allow”.• 40 billion Apps downloaded in 2012• Most organisations DO NOT block or restrict Apps / App downloads on corporate devices• Increasing simplicity in developing and releasing Apps• High hit ratio of Apps – numbers game• Most Apps do not disclose what they collect, or why the information is collected• No visibility of company, developers, or ties to cybercrime / authenticity3 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  4. 4. BYOC & BYOD – Fundamental Shifts Over the past 24 months or so Ireland has seen a sizable shift from centrally managed, governed and regimented procurement functions – to a more “flexible” and costfocussed approached. Enter BYOD and its newer compatriot BYOC.BYOD continues to evolve and thrive in terms of organisationaluptake – 31% of Irish organisations currently support BYOD.Bring Your Own Cloud (BYOC) is asomewhat new and rapidly increasingtrend which evades traditionalgovernance and risk based approaches.Have credit card = can purchase!*Stats from Irish Information Security & Cybercrime Survey 2012 - Deloitte4 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  5. 5. Consumerisation of IT – Queue the Changes “The consumerisation of IT will be the single most influential technology trend of this decade.” ~ Gartner• Facebook & Twitter• Dropbox• iPads & iPhones• Tablets & AndroidInformation Technology is currently moving at the rate of theFashion Industry – new trends coming and going every season, withorganisations keen on ensuring the end user is satisfied, rather thanrunning IT and security operations securely, and in-line withbusiness requirements. Whether we admit it or not, we have effectively empowered end users – and removed the decision making process from executives.5 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  6. 6. Data Loss Prevention & Data Breaches 2012 saw unprecedented number of data breaches globally, with the usual suspects including laptop theft, loss, unencrypted storage drives among others.• How will DLP be handled for BYOD?• How will DLP be applied to cloud based environments?• Have DLP policies & processes kept up with technology changes?6 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  7. 7. Evolution of InfoSec – A lighter Side Have we effectively learned from our historical challenges, or do we continue to apply the same controls and techniques to both new, and age old challenges?• 1970’s – early stages of Cracking and War-Dialling• 1980’s – Worms, Cracking, Hacking & formation of Computer Fraud & Abuse Act• 1990’s – Web Browser vulnerabilities, cybercrime & Government system hacking• 2000’s – DDOS, Trojans, Malware, Web Applications Security• 2010’s – Smart Devices, Mobile Apps, Application Security, Cybercrime, DLP• Present – See sections 1970’s to presentWe are better funded, equipped, qualified and awareness is far greater – butwe still are losing the battle? “Insanity: doing the same thing over and over again and expecting different results.” – Albert Einstein7 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  8. 8. Final Thoughts – Reckless or Asleep at the Wheel? In the same way as there are car accidents every single day, there are security incidents almost as frequently. Are there similarities?• Rules of the road to protect drivers and pedestrians• Regulations & standards to protect organisations and consumers.• Speed limits depending on the road type• Regulations depending on type of business & industry• Wide choice of cars available, depending on your needs• Wide choice of providers and security options available depending on your needs• By not adhering to rules of the road – you put your own, and others lives at risk• By not adhering to security rules – you put the business and its customers at risk• Despite all these road rules – thousands of accidents happen every day• Despite all the regulations, standards and security awareness - countless security incidents, breaches, and non-compliance continue.Are organisations “driving recklessly”, or are they simply asleep at the wheel? 8 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  9. 9. Questions?9 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  10. 10. THANK YOUJared CarstensenEnterprise Risk Services - Security & Forensicsjcarstensen@deloitte.ie01 417 5700 / 086 322 8004Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a private company limited by guarantee, and its network of memberfirms, each of which is a legally separate and independent entity. Please see for a detailed description of the legalstructure of Deloitte Touche Tohmatsu Limited and its member firms.Deloitte’s 1,200 people in Dublin, Cork and Limerick provide audit, tax, consulting, and corporate finance to public and private clientsspanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-classcapabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges.Deloitte’s approximately 182,000 professionals are committed to becoming the standard of excellence.This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, Deloitte Global Services Limited, DeloitteGlobal Services Holdings Limited, the Deloitte Touche Tohmatsu Verein, any of their member firms, or any of the foregoing’s affiliates(collectively the “Deloitte Network”) are, by means of this publication, rendering accounting, business, financial, investment, legal, tax, orother professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as abasis for any decision or action that may affect your finances or your business. Before making any decision or taking any action that mayaffect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall beresponsible for any loss whatsoever sustained by any person who relies on this publication.© 2012 Deloitte & Touche. All rights reserved