Your SlideShare is downloading. ×
2010-05 Real Business, Real Threats!  Don't be an Unsuspecting Target
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target

91
views

Published on

2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target …

2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
by Daniel J. Molina, Kaspersky

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
91
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. PatchUpgradeVirusNewVersionFirewallRulebaseIDS SignaturesRegulationWorm
  • 2. The Growing Malware Threat
  • 3. Exponential Growth in Malware and Attacks at the Endpoint Minimal Increase In IT Security Software Spending with Little Thought to LikelihoodMalware growth IT spend
  • 4. 1. Allow the Assumption That Data is in the Data Center2.3.4.5.6.7.
  • 5. The fleet of smart phones you have deployed to your sales staff enables them to be more productive, and to work around the clock, but it also jeopardizes your data. With the proliferation of laptops, mobile devices, and USB memory sticks,it is now likely that the majority of your data is no longer under the custody of your ITdepartment.Consider how many copies of emails, PowerPoint presentations, business plans, andother intellectual property are now on devices that are not in your data center.
  • 6. The Ponemon Institute states that each customer record lost is worth $179. If youlook at total cost of loss, you can easily get to the point where you lose yourbusiness 3-4 times a day, based on risk analytics!Any risk model which ignores the lifeblood of your business, grosslyunderestimates your exposure.Any risk model that ignores reality, is worthless.
  • 7. 1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices Based on the Value of the Physical Asset, not the Data on the Physical Device3.4.5.6.7.
  • 8. Many IT departments make the sad mistake of considering replacement value forIT assets when developing risk models (if they have them) •What about all the late nights working on those business plans, board presentations, and patents? •The intellectual property on your laptop is worth much more than the physical device.
  • 9. Example –What if a Coke bottle is only worth the CRV (recycling value)?What about the contents?
  • 10. 1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices Based on the Value of the Physical Asset, not the Data on the Physical Device3. Treating Mobile Devices as Desktops4.5.6.7.
  • 11. About those Smartphones,Have you considered that they are as powerfulas your desktops of 5 years ago?Now let’s consider laptops, USB devices, etc…Can you really afford to have a myopic IT departmentcreate a single policy for internal assets as well as for mobile assets?Whether it is laptops or smart phones, sometimes different rules should applywhen you change locations.
  • 12. The days of the M&M Model of Perimeter Defense are behind us.Your approach to security needs to keep up.
  • 13. • Email "Endpoint . . . solutions are Internet Video now a line of defense . . .” Personal Websites Charles Kolodgy Business Websites Research Director IDC Security Products Program Social Media
  • 14. 1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices based on the Value of the Physical Asset, not the Data on the Physical Device3. Treating Mobile Devices as Desktops4. Adoption of Social Media Without Proper Protection5.6.7.
  • 15. Web 2.0 has brought user interaction to a whole different level.Facebook, Twitter, and other social network platforms allow for collaboration,interaction and exchanges of ideas on a many-to-many.However, aside from being a potential drain on corporate resources, they alsojeopardize the integrity of your data, encourage employees to post potentiallysensitive data without thinking, and empower a new wave of identity theft basedon abuse of trust.
  • 16. Outside of your marketing department, and PR…WHY are employees on social networks during the day?Facebook is •Email without the controls… •450 million strong… •and zero culture.They are viruses with legs!
  • 17. 1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices based on the Value of the Physical Asset, not the Data on the Physical Device3. Treating Mobile Devices as Desktops4. Adoption of Social Media Without Proper Protection5. Allowing Apple & Google to Become Your IT / QA Department6.7.
  • 18. With the evolution of our work platforms, we rely more andmore every day on web based applications, PDFs, andother cloud-based applicationsWhat that means, in reality, is that the QA of your workingplatforms is in the hands of Google, Adobe, Apple, andMicrosoft.A breach in the foundation of these platforms means abreach in your business processes.
  • 19. Intel recently had to mention on their SEC filings that theywere part of the 34 companies impacted by OperationAurora.How is THAT for security as a board level issue?And if you are considering cloud based services, orSaaS solutions, ensure that the infrastructure is secureand robust.
  • 20. 1. Allow the Assumption That Data is in the Data Center2. Treating Mobile Devices based on the Value of the Physical Asset, not the Data on the Physical Device3. Treating Mobile Devices as Desktops4. Adoption of Social Media Without Proper Protection5. Allowing Apple & Google to Become Your IT / QA Department6. Focusing on Protection rather than Detection7.
  • 21. Who would you rather fight? Stevie Wonder vs. Mohammed Ali Can’t fight what you can’t see…Or Is Protection just slightly more important than Detection?
  • 22. ••• 9% 2% 34% 22% 23% 4% Doors Locks Alarm Motion detector Dog Gun Windows Fence Monitoring Crime watch Police Insurance Source: “Data @ Risk” by David H. Stelzl
  • 23. “We had no idea this malware was High getting through.” Probability of Likelihood Occurrence decreases with Detection and Response“We’ve got it covered.” Low Low Impact of Risk High
  • 24. Only a comprehensive system allows you to take appropriate action,not merely monitor or inform.However, we need to put the decisions in the hands of thebusiness process owner, instead of leaving it with IT.
  • 25. 1. Allow the Assumption that Data is in the Data Center2. Treating mobile devices based on the value of the physical asset, not the data on the physical device3. Treating mobile devices as Desktops4. Adoption of Social Media without proper protection5. Allowing Apple and Google to become your IT / QA Department6. Focusing on Protection rather than Detection7. Assuming everything is OK
  • 26. How many times have you heard your IT team say “We’re covered… We arecompliant”, only to have your expensive external audit firm come in and deliver ascathing report that enumerates thousands of missed items, erroneousconfigurations, and process violations?
  • 27. Frankly, what your IT department is losing is credibility…With you, the business owners.But keep in mind…You still must fund the lighthouse!
  • 28. “Everyone Has a Plan… Until They Get Hit” Michael Tyson Philosopher and Pugilist
  • 29.