PatchUpgradeVirusNewVersionFirewallRulebaseIDS SignaturesRegulationWorm
The Growing Malware Threat
Exponential Growth in                             Malware and Attacks                                 at the Endpoint     ...
1. Allow the Assumption That Data is in the Data Center2.3.4.5.6.7.
The fleet of smart phones you have deployed to your sales staff enables            them to be more productive, and to work...
The Ponemon Institute states that each customer record lost is worth $179. If youlook at total cost of loss, you can easil...
1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices Based on the Value of the Physical Asset...
Many IT departments make the sad mistake of considering replacement value forIT assets when developing risk models (if the...
Example –What if a Coke bottle is only worth the CRV (recycling value)?What about the contents?
1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices Based on the Value of the Physical Asset...
About those Smartphones,Have you considered that they are as powerfulas your desktops of 5 years ago?Now let’s consider la...
The days of the M&M Model of Perimeter Defense are behind us.Your approach to security needs to keep up.
•                Email                "Endpoint . . . solutions are        Internet Video                now a            ...
1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices based on the Value of the Physical Asset...
Web 2.0 has brought user interaction to a whole different level.Facebook, Twitter, and other social network platforms allo...
Outside of your marketing department, and PR…WHY are employees on social networks during the day?Facebook is    •Email wit...
1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices based on the Value of the Physical Asset...
With the evolution of our work platforms, we rely more andmore every day on web based applications, PDFs, andother cloud-b...
Intel recently had to mention on their SEC filings that theywere part of the 34 companies impacted by OperationAurora.How ...
1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices based on the Value of the Physical Asset...
Who would you rather fight?       Stevie Wonder vs. Mohammed Ali         Can’t fight what you can’t see…Or Is Protection j...
•••                                                   9%                                                                  ...
“We had no idea this malware was                     High getting through.”                                 Probability of...
Only a comprehensive system allows you to take appropriate action,not merely monitor or inform.However, we need to put the...
1. Allow the Assumption that Data is in the Data Center2. Treating mobile devices based on the value of the physical asset...
How many times have you heard your IT team say “We’re covered… We arecompliant”, only to have your expensive external audi...
Frankly, what your IT department is losing is credibility…With you, the business owners.But keep in mind…You still must fu...
“Everyone Has a Plan… Until They Get Hit”                   Michael Tyson                   Philosopher and Pugilist
•
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
Upcoming SlideShare
Loading in …5
×

2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target

140
-1

Published on

2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
by Daniel J. Molina, Kaspersky

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
140
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target

  1. 1. PatchUpgradeVirusNewVersionFirewallRulebaseIDS SignaturesRegulationWorm
  2. 2. The Growing Malware Threat
  3. 3. Exponential Growth in Malware and Attacks at the Endpoint Minimal Increase In IT Security Software Spending with Little Thought to LikelihoodMalware growth IT spend
  4. 4. 1. Allow the Assumption That Data is in the Data Center2.3.4.5.6.7.
  5. 5. The fleet of smart phones you have deployed to your sales staff enables them to be more productive, and to work around the clock, but it also jeopardizes your data. With the proliferation of laptops, mobile devices, and USB memory sticks,it is now likely that the majority of your data is no longer under the custody of your ITdepartment.Consider how many copies of emails, PowerPoint presentations, business plans, andother intellectual property are now on devices that are not in your data center.
  6. 6. The Ponemon Institute states that each customer record lost is worth $179. If youlook at total cost of loss, you can easily get to the point where you lose yourbusiness 3-4 times a day, based on risk analytics!Any risk model which ignores the lifeblood of your business, grosslyunderestimates your exposure.Any risk model that ignores reality, is worthless.
  7. 7. 1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices Based on the Value of the Physical Asset, not the Data on the Physical Device3.4.5.6.7.
  8. 8. Many IT departments make the sad mistake of considering replacement value forIT assets when developing risk models (if they have them) •What about all the late nights working on those business plans, board presentations, and patents? •The intellectual property on your laptop is worth much more than the physical device.
  9. 9. Example –What if a Coke bottle is only worth the CRV (recycling value)?What about the contents?
  10. 10. 1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices Based on the Value of the Physical Asset, not the Data on the Physical Device3. Treating Mobile Devices as Desktops4.5.6.7.
  11. 11. About those Smartphones,Have you considered that they are as powerfulas your desktops of 5 years ago?Now let’s consider laptops, USB devices, etc…Can you really afford to have a myopic IT departmentcreate a single policy for internal assets as well as for mobile assets?Whether it is laptops or smart phones, sometimes different rules should applywhen you change locations.
  12. 12. The days of the M&M Model of Perimeter Defense are behind us.Your approach to security needs to keep up.
  13. 13. • Email "Endpoint . . . solutions are Internet Video now a line of defense . . .” Personal Websites Charles Kolodgy Business Websites Research Director IDC Security Products Program Social Media
  14. 14. 1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices based on the Value of the Physical Asset, not the Data on the Physical Device3. Treating Mobile Devices as Desktops4. Adoption of Social Media Without Proper Protection5.6.7.
  15. 15. Web 2.0 has brought user interaction to a whole different level.Facebook, Twitter, and other social network platforms allow for collaboration,interaction and exchanges of ideas on a many-to-many.However, aside from being a potential drain on corporate resources, they alsojeopardize the integrity of your data, encourage employees to post potentiallysensitive data without thinking, and empower a new wave of identity theft basedon abuse of trust.
  16. 16. Outside of your marketing department, and PR…WHY are employees on social networks during the day?Facebook is •Email without the controls… •450 million strong… •and zero culture.They are viruses with legs!
  17. 17. 1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices based on the Value of the Physical Asset, not the Data on the Physical Device3. Treating Mobile Devices as Desktops4. Adoption of Social Media Without Proper Protection5. Allowing Apple & Google to Become Your IT / QA Department6.7.
  18. 18. With the evolution of our work platforms, we rely more andmore every day on web based applications, PDFs, andother cloud-based applicationsWhat that means, in reality, is that the QA of your workingplatforms is in the hands of Google, Adobe, Apple, andMicrosoft.A breach in the foundation of these platforms means abreach in your business processes.
  19. 19. Intel recently had to mention on their SEC filings that theywere part of the 34 companies impacted by OperationAurora.How is THAT for security as a board level issue?And if you are considering cloud based services, orSaaS solutions, ensure that the infrastructure is secureand robust.
  20. 20. 1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices based on the Value of the Physical Asset, not the Data on the Physical Device3. Treating Mobile Devices as Desktops4. Adoption of Social Media Without Proper Protection5. Allowing Apple & Google to Become Your IT / QA Department6. Focusing on Protection rather than Detection7.
  21. 21. Who would you rather fight? Stevie Wonder vs. Mohammed Ali Can’t fight what you can’t see…Or Is Protection just slightly more important than Detection?
  22. 22. ••• 9% 2% 34% 22% 23% 4% Doors Locks Alarm Motion detector Dog Gun Windows Fence Monitoring Crime watch Police Insurance Source: “Data @ Risk” by David H. Stelzl
  23. 23. “We had no idea this malware was High getting through.” Probability of Likelihood Occurrence decreases with Detection and Response“We’ve got it covered.” Low Low Impact of Risk High
  24. 24. Only a comprehensive system allows you to take appropriate action,not merely monitor or inform.However, we need to put the decisions in the hands of thebusiness process owner, instead of leaving it with IT.
  25. 25. 1. Allow the Assumption that Data is in the Data Center2. Treating mobile devices based on the value of the physical asset, not the data on the physical device3. Treating mobile devices as Desktops4. Adoption of Social Media without proper protection5. Allowing Apple and Google to become your IT / QA Department6. Focusing on Protection rather than Detection7. Assuming everything is OK
  26. 26. How many times have you heard your IT team say “We’re covered… We arecompliant”, only to have your expensive external audit firm come in and deliver ascathing report that enumerates thousands of missed items, erroneousconfigurations, and process violations?
  27. 27. Frankly, what your IT department is losing is credibility…With you, the business owners.But keep in mind…You still must fund the lighthouse!
  28. 28. “Everyone Has a Plan… Until They Get Hit” Michael Tyson Philosopher and Pugilist
  29. 29.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×