Industry Trendsin Information Security

1,643 views

Published on

As technology changes, new threats arise. There are new trends emerging in information security that organizations need to know. Trends such as employee usage of Social Media and Mobile applications can put the company at risk.

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,643
On SlideShare
0
From Embeds
0
Number of Embeds
14
Actions
Shares
0
Downloads
51
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Industry Trendsin Information Security

  1. 1. Industry Trends In Information Security<br />Gary Bahadur<br />CEO KRAA Security<br />www.kraasecurity.com<br />
  2. 2. What Are The Key Trends?<br /><ul><li>Social networks
  3. 3. Regulatory Compliance
  4. 4. Data Loss Prevention
  5. 5. Malware</li></ul>Identity Theft<br />Mobile security threats<br />Web application weaknesses<br />Insider threats<br />
  6. 6. Objectives of Security Threats<br />Information Capture<br />Destruction<br />Monetary<br />Competitive Advantage<br />Political Gain<br />Activism<br />Attacks aim to compromise <br />Confidentiality<br />Integrity<br />Availability<br />
  7. 7. Identity Theft<br />Weaknesses caused by:<br />Lack of proper data handling procedures<br />Weak data protection<br />Inadvertent data loss<br />Unencrypted data<br />Source FTC<br />
  8. 8. Identity Theft - Data Breaches That Could Lead To Identity Theft By Sector<br />Source: Attrition.org<br />
  9. 9. Mobile Security<br />Weaknesses caused by:<br />Theft of device<br />Unencrypted data on devices<br />No management of devices<br />Unsecure mobile applications<br />No socialization of security on mobiles<br />Spyware and attachments compromise mobiles<br />Most Risky Mobile Devices – Ponemon Institute<br />
  10. 10. Web Applications<br />Weaknesses caused by:<br />Poor Coding<br />Not testing enough<br />No protection mechanism on the website<br />No Security Development Lifecycle Model<br />Un-patched servers<br />Vulnerability by Industry – Source Whitehat<br />
  11. 11. Insider Threats<br />Weaknesses caused by:<br />Weak internal controls<br />Unvetted employees<br />Disgruntled employees with excessive access<br />Inadvertent weaknesses introduced<br />Losses due to insiders - CSI<br />
  12. 12. Social networking<br />Weaknesses caused by:<br />Very un-educated users<br />Insecure social networking applications<br />Ease of development of social applications<br />
  13. 13. Regulatory<br />Weaknesses caused by:<br />Inability to manage against requirements<br />No consistent assessment process<br />Unable to keep up with new changes<br />No accountability for measurements<br />Source -E&Y<br />
  14. 14. Data Loss Prevention<br />Weaknesses caused by:<br />Insecure internal data storage<br />Lost data through backup process<br />Application vulnerabilities<br />Excessive user permissions<br />No tracking, monitoring, blocking of data movement<br />
  15. 15. Organizations Attacked Most Often<br />Source – Breach Security<br />
  16. 16. Malware<br />Weaknesses caused by:<br />Weakly protected systems<br />Email and Web surfing<br />External device connections<br />Uneducated users<br />Source McAfee<br />
  17. 17. Malware<br />
  18. 18. 2008 CSI Computer Crime and Security Survey<br />Average reported cost of breach close to $500,000 (for those who experienced financial fraud)<br />The second-most expensive, was dealing with “bot” computers within the organization’s network, $350,000 per respondent. <br />Virus incidents occurred most frequently occurring at almost half (49 percent) of the respondent<br /> Insider abuse of networks was second-most frequently occurring, at 44 percent<br />Third was theft of laptops and other mobile devices (42 percent).<br />
  19. 19. What does data cost in the Underground?<br />Source: Symantec Global internet Security Treat Report XIII<br />
  20. 20. Frequency and Costs of Data Breaches<br />10 (+1) Largest Data Breaches Since 2000<br />As more information goes digital, it becomes more important to protect against hackers.<br />Data Processors International<br />5 MILLION AFFECTED<br />March 6, 2003<br />Citigroup<br />30 MILLION<br />June 6, 2005<br />U.S. Department of Veteran Affairs<br />26.5 MILLION<br />May 22, 2006<br />Dai Nippon Printing Company<br />8.6 MILLION<br />March 12, 2007<br />TD Ameritrade<br />6.3 MILLION<br />September 14, 2007<br />2003 2004 2005 2006 2007 2008<br />America Online<br />30 MILLION<br />June 24, 2004<br />Visa, MasterCard, and American Express<br />40 MILLION<br />June 19, 2005<br />TJX Companies, Inc.<br />94 MILLION<br />January 17, 2007<br />Fidelity National Information Services<br />8.5 MILLION<br />July 3, 2007<br />HM Revenue and Customs<br />25 MILLION<br />November 20, 2007<br />Source: Attrition Data Loss Archive and Database<br />FlowingData<br />According to Ponemon Institute, an independent information practices research group, data breaches cost businesses an average of $197 per customer record in 2007, up from $182 in 2006. Ponemon also reports the average cost of a data breach in 2007 was $6.3 million, up from $4.8 million in 2006. <br />GS Caltex<br />11 MILLION<br />SEPTEMBER 06, 2008<br />
  21. 21. Percentages of Incidents<br />Source CSI<br />
  22. 22. State Breach Notification Laws<br />State Security Breach Notification Laws As of July 27, 2009. Forty-five states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. <br />http://www.ncsl.org/<br />
  23. 23. How to Address These Trends?<br />Risk Assessment<br />Security Policies and Procedures Processes<br />Security Layered Approach<br />Data Loss Protection Mechanisms<br />Used Security Educations<br />Secure Development<br />Monitoring<br />
  24. 24. Contact<br />Gary Bahadur<br />info@kraasecurity.com<br />www.kraasecurity.com<br />blog.kraasecurity.com<br />Twitter.com/kraasecurity<br />888-KRAA-911<br />

×