State of IT security 2012
Upcoming SlideShare
Loading in...5

State of IT security 2012






Total Views
Views on SlideShare
Embed Views



2 Embeds 5 4 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-ShareAlike LicenseCC Attribution-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

State of IT security 2012 State of IT security 2012 Presentation Transcript

  • State of IT SecurityArun BhatiaFeb 09, 2012HP EC1©2011 Hewlett-Packard Development Company, L.P. The informationcontained herein is subject to change without notice
  • Cost of security breachCost of breach - Ponemon 2011 - ~ USD 6.75-7.2 million *2011 stats - Source: Online Trust Alliance (OTA)·558 breaches·126 million records·76% server exploits·92% avoidable·$318 cost per record·$7.2 million average cost of each breach·$6.5 billion impact to U.S. businessesEducation (schools and colleges) represented 13% of the incidents, government agencies 15%,health care providers 29% and business 43%.Source: Privacy Rights Clearinghouse (PRC)Most alarming is that 96% were avoidable through simple steps and internal controls.Source: Verizon 2011 Data Breach Notification reportTwo out of five companies that experience a catastrophe or an extended system outage neverresume operations, and of those that do, one-third go out of business within two years”Source: GartnerGroup* Cost to individuals could be up to USD 14b
  • 2011 – Year of the hackerAttack history• Epsilon, Sony, Citibank, RSA• SCADA under threat Wikileaks, Diginotar• 10 days of rain.• Anonymous, Lulzsec2102...and its just January•Zappos•Symantec code theft•India MI disclosure
  • Trends•Attacks use the allowed ports on the firewall - and use Application/softwarevulnerabilities• Zero day exploits, Underground exploits market•Corporatization and nationalization of cybercrime.•Availability of sophisticated automated tools; crimeware•Commoditization of IT - tablets, smartphones, BYOD• Corporatization and nationalization of cybercrime - why Russia and the Eastern bloc•UK ICO, US Critical Infra protection/DHS/Cyber Czar• APTs, SCADA - Tilded platform (Stuxnet/doqu)•Hacktivism•Social networks and Social Engineering•Piracy and IP - SOPA/PIPA, megaupload, filesonic•Piracy - Googles policy change
  • What to expect next ?•Just literacy is not enough, be careful and be sceptic •Opportunities in 2012 - London Olympics, Mayan calendar•Challenges for corporations and nations - Internet and computing power as means ofcollaboration/trade/info sharing/business ….for the bad guys too, APTs again,politicization of cyber crime •Websense labs - almost 50% data loss happens over the web• Move to https - IDS/IDP, AV etc are left in the dark•Effects on other industries - financial risk, cyber insurance•DPA/SOPA/PIPA/ACTA/TPPA, Precise Act, NSTIC, India IT Act of 20xx•BYOD - the most popular acronym of the year•Heterogeneous environ •Not just MS any more •Malware on MAC •Blended attacks•Can I keep all my eggs in (on) the same basket (cloud)? •Recent NIST advisory•Open-everything•Mobility + Social N/w + Cloud + (NFC etc)
  • Personal responsibility•Humans are the weakest link, Security is a people and management problem, Einsteinsaid…universe and human stupidity is infinite.•Password change check•Email text replacement in forums•Ego-surfing•Unknown senders•Bank and work passwords•Credit card CVC•Password safes•Gmail OTP and dashboard•Truecrypt, Preyproject, TOR Project
  • Corporate responsibility•Policy, protection, compliance, IP• Open discussion - HP sec policy
  • Thank youarun.bhatia@hp.com8 © Copyright 2011 Hewlett-Packard Development Company, L.P.