2. Why is data security an important issue?
• Data breaches cost
companies millions if
not billions of dollars
each year.
• With more than 50,000
new threats emerging
each day, it can be
challenging to keep
your organization
protected.
December 3, 2013
3. Security by the Numbers
There were
855
data breaches
in 2011 alone
174 81%
million records were
compromised
98%
December 3, 2013
3
of these attacks
were attributed
to external
agents
of attacks involved
some sort of digital
hacking
79%
of victims
were targets of
opportunity
Source: 2012 Data Breach Investigations Report
4. Why are you being attacked?
Fraud
Activism
Industrial Espionage
These attacks are after
credit card numbers,
bank accounts, pass-words
… anything they can use
themselves or
sell for profit.
Activists disagree with a
particular political or social
stance you take, and want
only to create chaos and
embarrass your company
until you’ve learned your
lesson.
This is the most difficult
motive to protect yourself
against because specific
proprietary information
is targeted.
December 3, 2013
4
5. Top Three Security Threats
Once you’re able to identify your organization’s
potential targets, it’s important to understand
the most common types of attacks could face.
• Malware
• Internet-facing applications
• Social engineering
December 3, 2013
6. Social Engineering:
You Are the Weakest Link
For a company
with more than 30
employees, one expert
puts the success rate of
social engineering at
100%.
Social engineering is the art of
deceptively influencing a
person face to face, over the
phone, via email, etc., to get
the information you want.
For example:
Convincing an employee to share a company
password over the phone
Tricking someone into opening a malicious
email attachment
Sending a company “free” hardware that’s
been pre-infected
7. There is a bright side . . .
“Criminals are lazy and don’t want to work, so they go after the
low-hanging fruit. Companies need to think about this so their baseline
of security is above the level of low-hanging fruit.”
—Kevin Mitnick, the world’s most famous former hacker
8. How can you help keep
your organization safe?
• Educate and train your staff on the
dangers of social engineering.
• Perform a security audit to find and fix any
glaring vulnerabilities.
• Ask yourself (or whoever is in charge
of IT) five simple questions . . .
8
December 3, 2013 3, 2013
December
Xerox Internal Use Only
8
9. 1
2
3
4
5
“What security controls and processes are set up in the organization
to prevent and detect security breaches?”
“Do we test our security posture on an annual basis
(called pen testing)?”
“What is the response capability if a security incident is detected?”
“Are we able to handle our security requirements in-house or do
we need to outsource them?”
“If we need to outsource it, how do we find the best provider?”
December 3, 2013
9
10. Follow These Everyday Rules of Thumb
1. Establish a VPN connection when using free Wi-Fi.
This keeps bad guys from eavesdropping on
your internet usage.
2. Use Google Chrome as your default browser.
This isn’t a plug for Google—Internet Explorer
is the most frequently targeted browser.
3. Make sure all of your software is up to date.
Enable automatic update settings and frequently
check for newer versions of software.
4. Be wary of peer-to-peer sharing.
Downloading certain file-sharing utilities can
open up your entire hard drive to the world.
5. Diversify your passwords.
If you’re having trouble keeping them straight,
use a free, downloadable password manager.
December 3, 2013
10
11. For more valuable insights,
visit GetOptimistic.com
Presented by Xerox