merit event - closing the back door in your systems
DESCRIPTION
Loss of critical documents and data, via the back-door, is the the biggest threat to many organisations today, big and small, yet has been almost entirley neglected until now". Barry James, the UK’s leading expert in the emerging field of mobile applications and endpoint security, will explore the emerging threat and explain the remedies available.TRANSCRIPT
![Page 1: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/1.jpg)
www.TakewareGatekeeper.co.uk
![Page 2: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/2.jpg)
The protection you need.
MERIT
Congratulations!
![Page 3: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/3.jpg)
The protection you need.
Closing the back door
Quote
"The History of every major Galactic Civilization tends to pass
through three distinct and recognizable phases, those of
Survival, Inquiry and Sophistication, otherwise known as the
How, Why and Where phases. "For instance, the first phase is
characterized by the question How can we eat? the second by the
question Why do we eat? and the third by the question Where
shall we have lunch? .” Douglas Adams
![Page 4: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/4.jpg)
The protection you need.
Closing the back door
Introduction
• What door? Why we need to act?• The nature of the threat - How bad is it?• Who’s vulnerable?• When will it become a practical problem?• How can it be addressed?• The five point action plan• Where can we get help? • Where can we have lunch?
![Page 5: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/5.jpg)
The protection you need.
The Threat!
• Tiny outside…• Massive capacity inside.• Very Fast• Easy to conceal, Unobtrusive…• A watch or mobile phone• Practically impossible to exclude• Can you frisk staff and visitors?
Samsung SGH-i310 8 Gigabyte phone
featuring an 8 gigabyte hard disc.
![Page 6: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/6.jpg)
The protection you need.
The Threat!
![Page 7: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/7.jpg)
The protection you need.
The Threat!
Price £69.99 incVAT
![Page 8: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/8.jpg)
The protection you need.
The nature of the threat – Who says…
![Page 9: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/9.jpg)
The protection you need.
The nature of the threat
The DTI Security Breaches Report 2006
• Published 24th April 2006• Tracks the use and abuse of data• Identifies current and growing trends & threats• Firewalls and anti-virus• Large enterprises better protected than smaller
firms• Impact of incidents much larger on smaller firms
![Page 10: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/10.jpg)
The protection you need.
The nature of the threat
The DTI Security Breaches Report 2006
• Removable memory devices - Identified as the
top emerging threat• iPods, MP3 Players, Memory sticks, Watches
and even mobile phones – up to 60Gb.• Fast• Massive capacity - Gigabytes
![Page 11: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/11.jpg)
The protection you need.
The Threat!
![Page 12: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/12.jpg)
The protection you need.
The nature of the threat
The DTI Security Breaches Report 2006
Found that… “such devices are being used in 84 per cent of companies and, on average, a third of employees are
using them in the office”.
90% of those surveyed said they were aware of the
potential danger that removable media presents, and a
third of organisations admitted that removable media is
being used without authorisation.
![Page 13: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/13.jpg)
The protection you need.
The nature of the threat
The DTI Security Breaches Report 2006
"With removable media plummeting in price, soaring memory
capacity and more people using them at work, companies need to
be aware of how easy it is for staff to use them, lose them or take
competitive information away on them, all in the palm of their
hands,"
"If lost or stolen, vast amounts of valuable information could
seriously expose a company to extortion, digital identity fraud, or
damage to their reputation, integrity and brand."
![Page 14: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/14.jpg)
The protection you need.
The nature of the threat
The DTI Security Breaches Report 2006
• Mass data theft • Malware and hacker tools• Loss of the devices• Insiders as well as outsiders • Departing and disgruntled employees• Coercion – some ‘mafia style’ activity
![Page 15: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/15.jpg)
The protection you need.
The nature of the threat
Quotes
‘Opportunity makes the thief. If you give them the opportunity to
access systems that they shouldn’t, then things can go wrong’
‘There seems to be a fixation on threats from the internet and
external hackers but for the criminals, going the insider route is
easier and there can be much more financial benefit for them’
‘In addition, organised crime gangs have been blackmailing
people inside companies to obtain information ‘
![Page 16: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/16.jpg)
The protection you need.
The nature of the threat
Gartner Research
"Organisations are increasingly putting themselves at risk by
allowing the unauthorized and uncontrolled use of portable
storage devices". “These are ideal for anyone intending to steal
sensitive and valuable data… The impact of this goes beyond the
commercial value of the data.”
![Page 17: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/17.jpg)
The protection you need.
How Bad Is the Threat?
A demonstration
![Page 18: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/18.jpg)
The protection you need.
How Bad Is the Threat?
www.PodSnaffler.co.uk
![Page 19: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/19.jpg)
The protection you need.
Who’s Vulnerable
• If you have an unprotected PC – you are!
• If it’s happening why don’t I hear about it?
• Why wants to admit that their security was
breached?
![Page 20: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/20.jpg)
The protection you need.
Who’s Vulnerable
“In a recent survey 70% of employees admitted
taking information from work to which they were
not entitled. As Computer Weekly has
commented “anyone planning to leave will
remove most of the information they want well in
advance.”
![Page 21: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/21.jpg)
The protection you need.
What’s at risk
The Crown Jewels…
• Customer Lists (and CRM)• Contracts and Proposals• Correspondence• Prospects• Address books• Price Lists• Sales Invoices• Staff Records.
![Page 22: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/22.jpg)
The protection you need.
What’s at risk
Organisations that suffer massive data loss.• 80% are out of business within 3 Years• 30% are out of business within the year.
![Page 23: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/23.jpg)
The protection you need.
What’s at risk
Portable Hacking Tools
Powerful hacking tools are starting to appear on the Internet
which work from a small flashdrive, freely available:
• Showtraf - a tool that monitors network traffic on a
network and displays.• 'John-the-Ripper' (a password cracker)• Netpass - a utility used to ‘recover’ network passwords• Nemesis (Network intrusion tool).• …
![Page 24: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/24.jpg)
The protection you need.
When will it become a practical problem?
• Now.• If your data had left the building would you even know?• Has it already happened?• After the event is too late.• The DTI have raised the flag.• The possibility is ‘out there’.• Employee’s leaving – it happens before you know it.
![Page 25: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/25.jpg)
The protection you need.
Closing the back door
Quote
“A learning experience is one of those things that says,
'You know that thing you just did? Don't do that.' ”
Douglas Adams
“Human beings, who are almost unique in having the ability to
learn from the experience of others, are also remarkable for their
apparent disinclination to do so.”
Douglas Adams
![Page 26: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/26.jpg)
The protection you need.
Who’s Vulnerable
In the press…
BBC 29AprilDigital cameras, MP3 players and handheld computers could be the tools that disgruntled UK employees use to sabotage computer systems or steal vital data, warn security experts.
The removable memory cards inside the devices could be used to bring in software that looks for vulnerabilities on a company's internal network. The innocent-looking devices could also be used to smuggle out confidential or sensitive information.
The dangers disgruntled employees posed was highlighted by a survey showing that almost half of the most serious security incidents businesses suffered last year were caused by company workers.
![Page 27: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/27.jpg)
The protection you need.
In the press…
Inside jobComputing Magazine 14 April
While companies guard against external hacks, it is easy to
overlook threats closer to home
Last year, more than a dozen employees who had worked for Citibank’s Indian call centre partner
Mphasis were arrested for allegedly stealing $350,000 (£199,842) from the bank’s American
customers.
…Similar threats can occur inside many organisations, warns Floris Van Den Dool, head of consultant
Accenture’s European security practice. ‘There seems to be a fixation on threats from the internet
and external hackers but for the criminals, going the insider route is easier and there can be much
more financial benefit for them,’ he says…
The UK’s former National Hi-Tech Crime Unit produced similar research that suggests 38% of
financial fraud results from internal security breaches and collusion. ‘Accessing unsecure
business applications from within the organisation is much easier than hacking through the corporate
firewall and the potential for fraud is far greater, according to Van Den Dool.
But according to a recent survey by the Department of Trade and Industry (DTI), 99%of UK companies
are failing to implement all the safeguards available to them to help prevent internal security breaches.
![Page 28: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/28.jpg)
The protection you need.
Who’s Vulnerable
In the press…
insiders infiltrating firms, U.K. cops warnApril 25, 2006, Silicon.com / CNET News.com
Employees are still one of the greatest threats to corporate security, as "new-age" mafia
gangs infiltrate companies, the U.K.'s crime-fighting agency has said.
Speaking on Tuesday Tony Neate, e-crime liaison for the Serious Organised Crime Agency
(SOCA), said insider "plants" are causing significant damage to companies.
"We have fraud and ID theft, but one of the big threats still comes from the trusted
insiders. That is, people inside the company who are attacking the systems," he said.
"(Organized crime) has changed. You still have traditional organized crime, but now they have
learned to compromise employees and contractors. (They are) new-age, maybe have computer
degrees and are enterprising themselves. They have a wide circle of associates and new
structures," he added.
![Page 29: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/29.jpg)
The protection you need.
Who’s Vulnerable
In the press…
Beware the enemy withinNews, Data Theft
Almost half the security experts who attended the recent E-Crime Congress in
London agreed that internal users were the greatest risk to their IT
security. Only 11% of respondents thought that external hackers were more
dangerous, while 44% rated external and internal threats equally.
The survey also established that only eight percent of respondents felt the
“average” company takes a proactive approach to security - with over half
(59%) reporting that companies were only reactive.
![Page 30: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/30.jpg)
The protection you need.
In the press…
A Spy Downloads on
China
… He claims to have downloaded some
of these documents from his police
computer into his MP3 player and given
a sample of them to Australian
immigration officials as proof of his
claims.
The Sydney Mercury Herald.
![Page 31: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/31.jpg)
The protection you need.
In the press…
Some other stories related to data theft in the news
•Workplace data theft runs rampant - BBC On-Line•Suspect in SJ Medical Data Theft to be in Court - CBS•Laptop Security - Full Disclosure•iPods Open Backdoor for Data Theft - VUnet•Healthcare Security Incidents: Summary Incidents list on - SecurityFocus•50 million identities stolen in US - Washington Post•Ford discloses employee data theft - UPI•Data breaches worst ever last year - Seattle Times•Portable storage devices: the curse of convenience - InfoWorld•Data Theft grew 650% over past three years - US Department of the Interior•Wave of Data Theft Causes Corporations to Consider Network Risks - Aon
Focus•Time to Get Physical (Physical Security and Data Theft) - Redmond
Magazine•Sacked Staff Turn to Sabotage - InfoSec News
…
![Page 32: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/32.jpg)
The protection you need.
How Can it Be Addressed?
The easy way and the hard way
• Public hangings and floggings?• Close the ports?• Physical security?• Frisk the staff?• Rely on the tekkies?• Sysadmin solutions?• Prevention is better than cure!
![Page 33: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/33.jpg)
The protection you need.
How Can it Be Addressed?
The easy way and the hard way
• Consult, train, confer, support your staff…• Inform staff – develop your AUP collaboratively.• Supportive technology: prevent abuse – not
merely report it.• Police the use of devices.• Police the use of content.• Audit trail.• Fit and Forget – on a day to day basis
Prevention is better than cure!
![Page 34: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/34.jpg)
The protection you need.
Five Point Action Plan
1. Be aware of the threats & plan an appropriate and
proportionate response.
2. Consider threats from insider as well as outside.
3. Ensure you have an appropriate AUP (acceptable use
policy) in place and that all staff are aware of it and agree it.
4. Adopt supportive technology to monitor and control use
of devices and data…
5. Conduct a security risk assessment - Ensure that this,
and your AUP, also covers the use of removable devices - as
well as Internet and Email use etc.
… (and don’t panic!)
![Page 35: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/35.jpg)
The protection you need.
Where can we get help?
Links and Resources
• www.TakewareGatekeeper.co.uk/issues• www.TakewareGatekeeper.co.uk/downloads• www.PodSnaffler.co.uk• www.merit.org.uk• www.security-survey.gov.uk
![Page 36: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/36.jpg)
The protection you need.
An Announcement
Gatekeeper AntiTheft for Small businesses
.
![Page 37: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/37.jpg)
The protection you need.
Closing the back door
Quote
" There is a feeling which persists in England that making a
sandwich interesting, attractive, or in any way pleasant to eat is
something sinful that only foreigners do.” Douglas Adams
![Page 38: Merit Event - Closing the Back Door in Your Systems](https://reader035.vdocuments.site/reader035/viewer/2022062617/54bc0c9e4a7959bf6a8b456b/html5/thumbnails/38.jpg)
The protection you need.
Closing the back door
Thank you
Please visit the demo during lunch…