The document summarizes the top 5 security issues for 2012 according to Joe Schorr, a principal security architect. The top 5 issues are: 1) mobile security due to increased use of mobile devices, 2) cloud security given challenges of managing security in the cloud, 3) malware and viruses as ongoing threats, 4) data leakage of intellectual property and personal information, and 5) targeted attacks like spear phishing that aim to steal information from specific individuals. The document provides tips and recommendations for addressing each of these security issues.

1. SECURITY AWARENESS SERIES
TOP 5 SECURITY ISSUES FOR 2012
Presented By:
Joe Schorr
Principal Security Architect
Jschorr@cbihome.com

2. Agenda
• Current Events
• Top 5 Security Issues in 2012
• Self-Defense Online
• Tips for home
• Next Steps
• Q&A
• Glossary of Terms
2 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

3. Security Trends
CHALLENGING
THREAT LANDSCAPE
MALICIOUS INSIDERS
TARGETED ATTACKS
EVOLVING INCREASING
INCREASING FINANCIAL
INFRASTRUCTURE COMPLEXITY
AND BRAND RISK
COMPLIANCE
DATA GROWTH REQUIREMENTS
MOBILE VIRTUALIZATION
VENDOR COMPLEXITY
CLOUD
Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

4. State of Security
Source: 2011 Symantec State of Security Survey
4 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

5. Recent Events – ‘The Year of The Hacker’
5 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

6. Recent Events – Personal Information Lost
6 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

7. Top 5 Security Issues in 2012
 Mobile Security
 Cloud Security
 Malware and Viruses
 Data Leakage
 Targeted Attacks
7 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

8. Mobile Security
And yet…
29% of enterprises use tablets today1
67% intend to in the next year1
60+ million iPads® in less than 2 years2
75% of Fortune 500 testing and
deploying iPads3
Q1 2012 – The Mobile Tsunami Arrives:
• Execs (and others) are bringing in iPads,
Tablets and Smart Phones with or without
permission
• Comingling of personal and corporate apps
heightens risk to data
• Primary concern is email, followed by web,
file sharing, social media & other cloud-
based that use web to share data
1 Morgan Stanley Research Blue Paper: “Tablet Demand and Disruption”, Feb. 2011
2 Forecast: Media Tablets by Operating System, Worldwide, 2008-2015, 3Q11 Update, 16 Sept. 2011, Gartner
3 Apple CFO, Apple earnings call, April 2011
8 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

9. Mobile Security - Tips
 Audit your current state
 Create a policy!
 Assess your Plan
Invest in Mobile
 Management
9 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

10. Cloud Security – Attractive but Challenging
Talent
• Do you have knowledgable Security staff?
• Can you invest in developing them going
forward?
Time
• 24/7 management
• 24/7 incident response
Technology
Time
• Up-to-date, optimal mix of defensive
solutions
Tech • If your working methods change, does
Talent security keep pace
10 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

11. Cloud Security - Tips
Check the reputation of
 the Service Provider
How does the Provider
 address your security
needs
Research Service Level
 Agreements, Certifications
and Disaster Recovery
Try it! Cloud makes it easy
 to ‘turn on/turn off’
11 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

12. Malware and Viruses
SMB Threat Awareness Poll Global Results 2011
12 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

13. Malware and Viruses - Tips
Conduct a ‘Healthcheck’ of
 your current defenses
Review the results and
 match against your security
needs
Ensure you are updated and
 using all standard features
13 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

14. Data Leakage:
Intellectual Property (IP) and Personal Info (PII)
+ Billion/year
$6
=
14 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

15. Data Leakage Tips
 Classify your data!
Create a IP PII policy
 (what is and isn’t
allowed out)
Perform a Risk
 Assessment
Factor ‘Data Leakage’
 protection into the
security plan
15 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

16. Targeted Attacks
Phishing is a well-known type of hacking attack using spam
emails to trick the recipient into clicking a link or opening
an attachment in order to get control of their computer.
Spear Phishing is a newer, targeted attack using email.
These attacks are random but more often the persistent
efforts of criminal enterprises, or state-sponsored
professionals seeking trade secrets, financial gain or
military intelligence.
Spear Phishing uses social engineering techniques and
appear to come from within a person’s place of
employment, an authority figure or a friend.
16 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

17. What this looks like to you….
1. The targeted person receives the fake email
2. User follows instructions on false site they are directed to
3. Or… the user opens a malicious payload in an attachment
17 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

18. Online Defense Tips
1. REVIEW! Your personal information on the internet
and social networking sites immediately. Start to
look at your online persona as an attacker would.
18 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

19. Online Defense Tips
2. SANITIZE! Your online life. Remove references to
personal information on social networking and social
media sites. Even family info, photos and hobbies
can be used against you and your company.
19 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

20. Online Defense Tips
3. DON’T! Click links or respond to mysterious email
messages. Double-check the authenticity especially if
they seem abnormally urgent. Examine the link
names.
20 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

21. Online Defense Tips
4. UPDATE! And patch your anti-virus software. Many
attackers make use of ‘zero-day’ or very new viruses
and attack vectors. Keeping up to date is your best
defense against new malware.
21 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

22. Online Defense Tips
5. TURN ON! All the features on your security software.
Make sure that all elements of the solution are
enabled and active. It does no good if your anti-virus
is ‘On’ but the firewall or email filters are ‘Off’.
22 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

23. Tips for Home
http://www.connectsafely.org/ http://www.staysafeonline.org http://us.norton.com/content/en
pdfs/fbparents.pdf /sites/default/files/resource_d /us/home_homeoffice/media/the
ocuments/Parents%20Internet me/parentresources/FamilyOnlin
%20Safety%20and%20Security eSafetyGuide_3rdEd_final.pdf
%20STC.pdf
23 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

24. Next Steps
• Publish a corporate policy for public information
• Prohibit publication of org charts, personal info, phone lists,
customer lists, etc.
• Implement awareness training for your employees
• Let them know they are targets and what attackers want to
know
• Create a Response Strategy
• Begin to track the kinds of ‘spam’ you’re getting (you may be
targeted and not realize it)
• Contact CBI for assistance with these and other information
security and security awareness issues, including security and
vulnerability assessments
24 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

25. MVAS Services
(Managed Vulnerability Assessment Services)
MVAS was developed and
Conduct
created in response to many Baseline
clients requesting ongoing Assessment
vulnerability assessments from
Remediate
CBI Identified
Presentation
of Results
Risks
Generally these clients require a
more frequent occurrence of
assessment testing based on
different variables:
Remediate
• Regulatory Compliance Presentation
of Results
Identified
Risks
• Due Diligence
• Highly volatile Threat
Conduct
Landscape Quarterly
Assessment
• Previous Incidents
25 Jschorr@cbihome.com
800.747.8585 | comerica@cbihome.com

26. THANK YOU
jschorr@cbihome.com
@JoeSchorr