Your SlideShare is downloading. ×

Industry Trendsin Information Security


Published on

As technology changes, new threats arise. There are new trends emerging in information security that organizations need to know. Trends such as employee usage of Social Media and Mobile applications …

As technology changes, new threats arise. There are new trends emerging in information security that organizations need to know. Trends such as employee usage of Social Media and Mobile applications can put the company at risk.

Published in: Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Industry Trends In Information Security
    Gary Bahadur
    CEO KRAA Security
  • 2. What Are The Key Trends?
    • Social networks
    • 3. Regulatory Compliance
    • 4. Data Loss Prevention
    • 5. Malware
    Identity Theft
    Mobile security threats
    Web application weaknesses
    Insider threats
  • 6. Objectives of Security Threats
    Information Capture
    Competitive Advantage
    Political Gain
    Attacks aim to compromise
  • 7. Identity Theft
    Weaknesses caused by:
    Lack of proper data handling procedures
    Weak data protection
    Inadvertent data loss
    Unencrypted data
    Source FTC
  • 8. Identity Theft - Data Breaches That Could Lead To Identity Theft By Sector
  • 9. Mobile Security
    Weaknesses caused by:
    Theft of device
    Unencrypted data on devices
    No management of devices
    Unsecure mobile applications
    No socialization of security on mobiles
    Spyware and attachments compromise mobiles
    Most Risky Mobile Devices – Ponemon Institute
  • 10. Web Applications
    Weaknesses caused by:
    Poor Coding
    Not testing enough
    No protection mechanism on the website
    No Security Development Lifecycle Model
    Un-patched servers
    Vulnerability by Industry – Source Whitehat
  • 11. Insider Threats
    Weaknesses caused by:
    Weak internal controls
    Unvetted employees
    Disgruntled employees with excessive access
    Inadvertent weaknesses introduced
    Losses due to insiders - CSI
  • 12. Social networking
    Weaknesses caused by:
    Very un-educated users
    Insecure social networking applications
    Ease of development of social applications
  • 13. Regulatory
    Weaknesses caused by:
    Inability to manage against requirements
    No consistent assessment process
    Unable to keep up with new changes
    No accountability for measurements
    Source -E&Y
  • 14. Data Loss Prevention
    Weaknesses caused by:
    Insecure internal data storage
    Lost data through backup process
    Application vulnerabilities
    Excessive user permissions
    No tracking, monitoring, blocking of data movement
  • 15. Organizations Attacked Most Often
    Source – Breach Security
  • 16. Malware
    Weaknesses caused by:
    Weakly protected systems
    Email and Web surfing
    External device connections
    Uneducated users
    Source McAfee
  • 17. Malware
  • 18. 2008 CSI Computer Crime and Security Survey
    Average reported cost of breach close to $500,000 (for those who experienced financial fraud)
    The second-most expensive, was dealing with “bot” computers within the organization’s network, $350,000 per respondent.
    Virus incidents occurred most frequently occurring at almost half (49 percent) of the respondent
    Insider abuse of networks was second-most frequently occurring, at 44 percent
    Third was theft of laptops and other mobile devices (42 percent).
  • 19. What does data cost in the Underground?
    Source: Symantec Global internet Security Treat Report XIII
  • 20. Frequency and Costs of Data Breaches
    10 (+1) Largest Data Breaches Since 2000
    As more information goes digital, it becomes more important to protect against hackers.
    Data Processors International
    March 6, 2003
    30 MILLION
    June 6, 2005
    U.S. Department of Veteran Affairs
    26.5 MILLION
    May 22, 2006
    Dai Nippon Printing Company
    8.6 MILLION
    March 12, 2007
    TD Ameritrade
    6.3 MILLION
    September 14, 2007
    2003 2004 2005 2006 2007 2008
    America Online
    30 MILLION
    June 24, 2004
    Visa, MasterCard, and American Express
    40 MILLION
    June 19, 2005
    TJX Companies, Inc.
    94 MILLION
    January 17, 2007
    Fidelity National Information Services
    8.5 MILLION
    July 3, 2007
    HM Revenue and Customs
    25 MILLION
    November 20, 2007
    Source: Attrition Data Loss Archive and Database
    According to Ponemon Institute, an independent information practices research group, data breaches cost businesses an average of $197 per customer record in 2007, up from $182 in 2006. Ponemon also reports the average cost of a data breach in 2007 was $6.3 million, up from $4.8 million in 2006.
    GS Caltex
    11 MILLION
    SEPTEMBER 06, 2008
  • 21. Percentages of Incidents
    Source CSI
  • 22. State Breach Notification Laws
    State Security Breach Notification Laws As of July 27, 2009. Forty-five states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.
  • 23. How to Address These Trends?
    Risk Assessment
    Security Policies and Procedures Processes
    Security Layered Approach
    Data Loss Protection Mechanisms
    Used Security Educations
    Secure Development
  • 24. Contact
    Gary Bahadur