Humans Are The Weakest Link – How DLP Can Help?
•Download as PPTX, PDF•
1 like•843 views
Human is the weakest link in security. What to do? How DLP can help? All companies are invested in security, but far from all came to realize: employees’ awareness and education are the key factors to improve information protection and prevent data leaks. You can install most powerful DLP, encryption and other security tools, hire a lot of security officers and consulters to tune your business processes, eventually waste a lot of money and resources at security issues, but if end-users don’t understand threats, don’t know rules – they cannot follow internal policies and regulations, cannot correctly use appropriate tools. It’s all for nothing. Efficient information security strategy is to create a culture of awareness and enforcement – culture where users understand the consequences. This session is about 3 main things: 1) What is user awareness in information security? 2) Why user awareness is required? 3) How to raise user awareness and what are key factors. Practical recommendations for security user awareness program adopters and practitioners will be given. Role of the DLP in raising user awareness will be highlighted.
More Related Content
What's hot
What's hot (20)
Similar to Humans Are The Weakest Link – How DLP Can Help?
Similar to Humans Are The Weakest Link – How DLP Can Help? (20)
More from Vera Trubacheva
Recently uploaded
Recently uploaded (20)
Humans Are The Weakest Link – How DLP Can Help?
- 1. Click to edit Master title style Humans Are The Weakest Link – How DLP Can Help Valery Boronin, Director DLP Research Vera Trubacheva, System Analyst DLP Research, R&D, Kaspersky Lab February 3, 2012 Cancun, Mexico, Ritz-Carlton Hotel
- 2. Click to edit Master title style Agenda 1. DLP to date 2. Key challenge 3. User awareness 1. What is it? 2. Why is it required? 3. How to raise it? 4. How DLP could help? 4. Q&A
- 3. DLP to date Master title style Click to edit Customers want: Customers receive: 1. Easy 2. Convenient 3. Reliable 4. Cheap 1. Complicated 2. Inconvenient 3. Unreliable 4. Expensive Gartner research estimates that more than 800 technology vendors and other providers currently have data security offerings. Numerous nontechnical controls are also available. The difficulty of understanding all these options, their benefits and their challenges tends to lead to enterprises using limited subsets of the available tools and having serious gaps in controls and risk mitigation Typical Elements of an Enterprise Data Security Program, Gartner, Aug 2009 Page 3 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 4. Key Challenge is the Complexity Click to edit Master title style Technologies Expertise & Tools Data Luxury Protection People Processes Page 4 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 5. Accusation against title style Click to edit Master DLP 1.0 No user awareness in DLP 1.0 Claim 1: Raising user awareness. Claim 2: Control of education efficiency. Mock trial Page 5 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 6. What to userMaster title style Click is edit awareness? User awareness is making users aware of information security policies, threats, mitigating controls Security education Work Childhood Page 6 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 7. Why is user awareness required? Click to edit Master title style 1. It is required by law See Appendix 1 Page 7 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 8. Why is user awareness required? Click to edit Master title style 2. To protect the weakest link in security – the human Page 8 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 9. Why is user awareness required? Evidence 1 Click to edit Master title style Guess what this is: • • • • • Page 9 12345 qwerty 11111 abc123 admin SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 10. Why is user awareness required? Evidence 2 Click to edit Master title style Page 10 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 11. Why is user awareness required? Evidence 3 Click to edit Master title style The weakest link in security is human! Security incidents 100% Target of all successful APT attacks is a user (Mandiant) 90% Exploits need a user interaction (Symantec) 75% Human factor 60% Accidental mistakes (InfoWatch) Page 11 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 12. Why is user awareness required? Click to edit Master title style 3. To reduce huge costs! $7,2 billion per data breach in 2010 $56,165 for a lost notebook in 2010 You could buy a yacht like this for one data breach Page 12 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 13. How to raiseMaster title style Click to edit user awareness? Recognize the problem Page 13 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 14. How to raiseMaster title style Click to edit user awareness? Get top management support Page 14 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 15. How to raiseMaster title style Click to edit user awareness? Know your data Page 15 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 16. How to raise user awareness? Click to edit Master title style Prepare clear, simple instructions Page 16 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 17. What to edit Master title style Click to teach? 1.Security basics 2.Corporate policy rules 3.Incident response Page 17 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 18. How to teach? Click to edit Master title style Use different ways See Appendix 2 Page 18 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 19. Key Factor 1Master title style Click to edit Explain Page 19 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 20. Key Factor 2Master title style Click to edit Measure results before and after Page 20 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 21. Key Factor 3Master title style Click to edit Explain consequences for secure and unsecure behavior Page 21 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 22. Members of the Jury: Time for Action Click to edit Master title style Poll of the Jury Page 22 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 23. Courtto edit Master title style Click Decision: Verdict DLP 1.0 must 1. Raise user awareness 2. Control education efficiency Page 23 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 24. Click to edit Master title style Humans Are The Weakest Link – How DLP Can Help Thank you! Raise User Awareness! Valery Boronin Director DLP Research Kaspersky Lab Valery.Boronin@kaspersky.com +7 495 797 8700 x4200 Vera Trubacheva System Analyst, DLP Research Kaspersky Lab Vera.Trubacheva@kaspersky.com +7 495 797 8700 x4201
- 25. Appendix 1 Master title style Click to edit For compliance with laws and regulations: • • • • • • • • • • • • • • Page 25 Payment Card Industry Data Security Standard (PCI DSS) Federal Information System Security Managers Act (FISMA) Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act (GLBA) Sarbanes-Oxley Act (SOX) EU Data Protection Directive National Institute of Standards and Technology (NIST 800-53) International Organization for Standardization: ISO/IEC 27001 & 27002 Control Objectives for Information and Related Technology (CoBiT 4.1) Red Flag Identity Theft Prevention Personal Information Protection and Electronic Documents Act (PIPEDA) Management of Federal Information Resources (OMB Circular A-130) Some state breach notification laws (ie Massachusetts 201 CMR 17.00) Стандарт Банка России по обеспечению информационной безопасности организаций банковской системы Российской Федерации (СТО БР ИББС) SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 26. Appendix 2 Master title style Click to edit • Security topics • E-mail etiquette • Social Engineering • Clean Desk • Protecting Sensitive Information • Strong Password • Data owners • Internet • Identity theft • Personal use • Protecting data • Mobile security Page 26 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
- 27. Appendix 3 Master title style Click to edit Sources of Awareness Material: • CERT • Ponemon Institute • ISSA • The university of Arizona • NIST SP 800-50 and NIST SP 800-16 • SANS (presentations, Security Awareness Newsletters, training) • InfoSecurityLab (posters, Wallpapers & Screensavers, Newsletters) Page 27 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
Editor's Notes
- Valery brings funny toy to the scene & makes it sitting.Hello everyone.I am veryglad to openConference Day Two. My name is Valery Boronin and, together <pointing gesture to Vera> with Vera Trubacheva, werepresent DLP Research department at Kaspersky Lab.Antimalware technologiesare primarily focused on external threats and have achieved truly outstanding results to date, in many respects this success is due to years of effort by many of you. DLP focuses mainly on internal threatsandthe technology for this is not yet very mature But what is common for both is that a weakest link is always the same.Today, together with you, we will talk about the weakest link in security –the human.We will talkhow DLP can help the Human.
- Let’s briefly overview an agenda.We spend a few minutes to figure out Customers’ expectationsin regard to DLP 1.0<pointing gesture to DLP 1.0 toy>, represented by this funny toy as a personification of DLP technologies to date.Then, I’ll describe Key Challenge for DLP vendors, relate it to the topic and deliver it together with Vera. <pointing gesture to Vera> Let’s go!
- Valery :Dear friends, our performance is finished. Hope you enjoyed it. Thank you very much for your attention!