Information Security - Whats hot for 2012 - Jared Carstensen


Published on

A look into the top threats and topics in Information Security for 2012.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Information Security - Whats hot for 2012 - Jared Carstensen

  1. 1. What’s Hot in InformationSecurity - 2012Jared Carstensen SSCP, CISSP, CRISC, CCSKSecurity &
  2. 2. Hot Topics - 2011Looking Back – What was featured for 2011• Social Networking – increase in threats and online defamation cases• Growth in e-Discovery cases and solutions• Protecting data at the data layer (Wikileaks)– DLP tools• Smart Phones and risks involved (iPhone proliferation)• Malware for Cyber warfare (Stuxnet)• Online transactions security (customer end point security)• Virtualized environments – security implications• Cloud Computing & security implicationsLast year saw an unprecedented level of Data Breaches, Hacks,and high profile security related incidents including Sony, RSA,Epsilon, TripAdvisor, United Nations etc.2 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  3. 3. Hot Topics - 2012Looking Forward – What lies ahead for 2012• Cloud Security• Cyber Warfare and Cyber Security initiatives• End to End eDiscovery• iPhones / iPads / Smart devices Security• Advanced Persistent Threats3 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  4. 4. Cloud Security – Here to StayCloud Security will remain a hotly debated and dominant feature in2012. With Cloud adoption continuing to increase both here inIreland and Internationally, the following elements will continue tofeature:• Abuse and Nefarious Use of Cloud Computing• Malicious Insiders• Shared Technology Issues• Data Loss or Leakage• Account or Service Hijacking• Unknown Risk Profile• Compliance (Privacy / Data Protection)• Governance & Risks Elements4 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  5. 5. Cyber Warfare & Cyber SecurityCyber attacks and Cyber threats have been a constant threat to bothnational infrastructure and businesses alike over the past 24-36months with a startling number of increases in attacks.Internationally, protecting national infrastructure and coregovernment systems from cyber threats is a key strategic priority,with cyber attacks identified as a top tier risk over the next fiveyears.Governments, Multinationals, Utilities,Financial Services, Energy, andServices organisation are currentlyfocussing efforts and resources tosecure and safeguard critical assets.*Department of Justice & FinanceWebsite attacks on 24/01/20115 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  6. 6. eDiscovery & Digital Forensics“If you recorded all human communication from the dawn of time to2003, it would take up about five billion gigabytes of storage space.Now we’re creating that much data every two days.” ~Eric Schmidt [Google]• Current Economic Conditions will continue to increase the number of civil litigation cases involving digital data • Digital investigations (Forensics) will assist the growing number of cases both internal to organisations and externally. • Cloud Computing may be the “forgotten” element introducing additional complexity and challenges for investigations6 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  7. 7. iPhones / iPads / Smart devices SecurityIncreasing Requirement for Seniors / Board Members to haveiPhones / iPads / Smart Devices. Some of the challenges from asecurity perspective include:• Limited authentication / encryption / audit / logging• Very limited number of security control options• No granularity in application policies (either on/off)• No centralised management• Cannot push new policies over the air on demand• Weak encryption protection if device is stolen• Sensitive data susceptible to jailbreak attacks7 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  8. 8. Convergence of mobile devices and the corporate environment leads to newrisks that must be addressed • Unencrypted data • Missing screen-lock • Software installed via • Insecure PINs scam mails Compromise • Remote exploitable Local Data vulnerabilities with Physical Access• Against users• Against third Compromise Local Data parties Liability Risks with Remote Access Risk • Mobile Device is• Data Protection associated to mobile devices Unauthorised used as an entry• Telecommuni- Legal and Non Access to the point for the Compliance cations Law Risks Corporate corporate network• Company Network Policy• Disables protection Jailbreaking, Malware and • Apps containing compromised measures on signed Rooting, … malicious code used for Apps apps attacks against the user• Increased attack or the corporate network vector © 2008 Deloitte Touche Tohmatsu
  9. 9. Advanced Persistent Threats (APT’s)Conventional hacker or cybercriminals have been around for quite some time.They tend to operate on a hit ratio or successful outcome basis – they tend not tobe solely focussed on any particular target. They may want a thousand credit cardnumbers for fraud, or to break into an account and turn it into a zombie, or forother associated uses.APT attackers are:• Attackers who are focussed and set on attacking you or a specific target!• It doesnt matter how secure you think you are! All that matters is whether youre secure enough to keep them out.• APT attackers are more highly motivated – there is a motive or reason they are targeting an entity or company.• Theyre likely to be better skilled, better funded, and more patient (there is typically no “end date”).• Theyre likely to try several different avenues of attack. And theyre much more likely to succeed.9 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  10. 10. Questions?10 Whats Hot in Information Security - 2012 © 2012 Deloitte & Touche
  11. 11. THANK YOUJared Carstensen SSCP, CISSP, CRISC, CCSKSecurity & Forensicsjcarstensen@deloitte.ie086 322 8004Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a private company limited by guarantee, and its network of memberfirms, each of which is a legally separate and independent entity. Please see for a detailed description of the legalstructure of Deloitte Touche Tohmatsu Limited and its member firms.Deloitte’s 1,200 people in Dublin, Cork and Limerick provide audit, tax, consulting, and corporate finance to public and private clientsspanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-classcapabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges.Deloitte’s approximately 182,000 professionals are committed to becoming the standard of excellence.This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, Deloitte Global Services Limited, DeloitteGlobal Services Holdings Limited, the Deloitte Touche Tohmatsu Verein, any of their member firms, or any of the foregoing’s affiliates(collectively the “Deloitte Network”) are, by means of this publication, rendering accounting, business, financial, investment, legal, tax, orother professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as abasis for any decision or action that may affect your finances or your business. Before making any decision or taking any action that mayaffect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall beresponsible for any loss whatsoever sustained by any person who relies on this publication.© 2012 Deloitte & Touche. All rights reserved