Information Security


Published on

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

Information Security

  1. 1. Information Security The issue, why you should care and how you can help keep your data safe.
  2. 2. Why is data security an important issue? • Data breaches cost companies millions if not billions of dollars each year. • With more than 50,000 new threats emerging each day, it can be challenging to keep your organization protected. December 3, 2013
  3. 3. Security by the Numbers There were 855 data breaches in 2011 alone 174 81% million records were compromised 98% December 3, 2013 3 of these attacks were attributed to external agents of attacks involved some sort of digital hacking 79% of victims were targets of opportunity Source: 2012 Data Breach Investigations Report
  4. 4. Why are you being attacked? Fraud Activism Industrial Espionage These attacks are after credit card numbers, bank accounts, pass-words … anything they can use themselves or sell for profit. Activists disagree with a particular political or social stance you take, and want only to create chaos and embarrass your company until you’ve learned your lesson. This is the most difficult motive to protect yourself against because specific proprietary information is targeted. December 3, 2013 4
  5. 5. Top Three Security Threats Once you’re able to identify your organization’s potential targets, it’s important to understand the most common types of attacks could face. • Malware • Internet-facing applications • Social engineering December 3, 2013
  6. 6. Social Engineering: You Are the Weakest Link For a company with more than 30 employees, one expert puts the success rate of social engineering at 100%. Social engineering is the art of deceptively influencing a person face to face, over the phone, via email, etc., to get the information you want. For example: Convincing an employee to share a company password over the phone Tricking someone into opening a malicious email attachment Sending a company “free” hardware that’s been pre-infected
  7. 7. There is a bright side . . . “Criminals are lazy and don’t want to work, so they go after the low-hanging fruit. Companies need to think about this so their baseline of security is above the level of low-hanging fruit.” —Kevin Mitnick, the world’s most famous former hacker
  8. 8. How can you help keep your organization safe? • Educate and train your staff on the dangers of social engineering. • Perform a security audit to find and fix any glaring vulnerabilities. • Ask yourself (or whoever is in charge of IT) five simple questions . . . 8 December 3, 2013 3, 2013 December Xerox Internal Use Only 8
  9. 9. 1 2 3 4 5 “What security controls and processes are set up in the organization to prevent and detect security breaches?” “Do we test our security posture on an annual basis (called pen testing)?” “What is the response capability if a security incident is detected?” “Are we able to handle our security requirements in-house or do we need to outsource them?” “If we need to outsource it, how do we find the best provider?” December 3, 2013 9
  10. 10. Follow These Everyday Rules of Thumb 1. Establish a VPN connection when using free Wi-Fi. This keeps bad guys from eavesdropping on your internet usage. 2. Use Google Chrome as your default browser. This isn’t a plug for Google—Internet Explorer is the most frequently targeted browser. 3. Make sure all of your software is up to date. Enable automatic update settings and frequently check for newer versions of software. 4. Be wary of peer-to-peer sharing. Downloading certain file-sharing utilities can open up your entire hard drive to the world. 5. Diversify your passwords. If you’re having trouble keeping them straight, use a free, downloadable password manager. December 3, 2013 10
  11. 11. For more valuable insights, visit Presented by Xerox