Andy Norton

Threat Response, Cisco Systems

"Business owners should increase their efforts to build security protections into their products and services and not have a bolt on approach toward security", says Andy Norton, from the Threat Response team at IronPort Security Systems during his presentation on "Memetics Security And A Brief Recap Of The Risk Trends In 2010". He highlighted the threats that businesses face ranging from fake antivirus, search engine poisoning, web page hijacking, targeted phishing to more malicious threats such as rootkits, Trojan horses, key loggers and other kind of Fully UnDetectable (FUD) and custom built Malware.

The increase in mobile and connected devices, virtualization, collaboration and online social networking has made enterprises even more vulnerable to sophisticated cyber threats than before. Businesses need to quickly take action to strengthen and rethink their approach to enterprise security. The web has become the most essential platform due to a proliferation of browser based technology and applications. Traditional defenses are proving to be inadequate against this rapidly changing web-based malware, leaving corporate networks exposed to the inherent danger posed by these threats and emphasizing the importance of a robust, secure platform to protect the enterprise network perimeter from such threats.

As businesses and users become better at detecting attempts to phish for personal information, the trend now is to target small groups with smartly targeted and socially-engineered approach using online social networking websites such as Facebook and Twitter to duping employees in a particular business or with a particular job function.  Showing examples of a real time study conducted by the Cisco IronPort team, Andy warned that 'Spear Phishing' has become very common it is easy to convince carefully selected victims to unwittingly pass sensitive and confidential data to online criminals. Criminals have also set up automated systems to collect banking login information from unsuspecting customers. These applications install themselves on the computer even when a user is visiting a apparently 'safe' site and the user has absolutely no ways to avoid being infected.

Andy concluded urging that for businesses seeking solid protection against any of these malicious attacks, they should apply a multi layered, built in security solution which blends reputation filters, URL authentication technologies and Internet traffic monitoring.

 

Sudeep Das

Lead Consultant, RSA, The Security Division of EMC

It's a well known fact that companies are facing challenges in complying with regulations and securing sensitive data such as US SSNs, credit card data and bank account numbers. With new technologies such as Web 2.0, mobility and virtualization, the security landscape has changed dramatically. Sudeep Das, Lead Consultant - DLP, RSA - the Security Division of EMC, examines these changes and their impact on the enterprise, and highlights other significant trends and threats creating security challenges for organizations worldwide in his presentation on 'Importance of Data Loss Prevention (DLP)'.

He stressed that confidential data security isn't limited to the data center, databases, applications, or user access policies but rather a combination of all of these things and more. According to Sudeep, a CSO needs to look at organizational security from a business requirement perspective such as Regulatory Controls, Information Protection, Customer Protection and Brand Protection as well as a Business Enablement perspective such as Customer Services, Innovation, Productivity and Globalization.

Noting that it is impossible to secure data which the organization does not manage and for that, one needs to know where the data currently exists. He stressed on the importance of data being protected throughout its lifecycle, whether it is at rest in any of the virtual or physical storage devices including memory sticks, CD ROMs and external hard disks or whether it is in motion in the form of an email, IM and web transfer.

Sudeep concluded saying that by implementing sound Information Risk Management practices and selecting proven technology solutions to manage information security, businesses can focus on IT Governance instead on IT Compliance. This approach will prevent internal silos to be created wastefully and the business can comply with multiple regulations while protecting information across the organization.