270 likes | 416 Views
Business Continuity In a Digital World. Larry Bridwell VP Global Security Strategies Grisoft. Introduction.
E N D
Business Continuity In a Digital World Larry Bridwell VP Global Security Strategies Grisoft Security Week 2007 Brasil
Introduction • A Business Continuity Plan (BCP) identifies the threats that can affect the continued operation of the business and the actions that will restore business to normal activity in response to these threats. • A business owner or manager needs to put the same priority on protecting the business against Internet or Digital threats as “classical” threats • Business owners and managers must understand NO company is too small to be a target for these Internet-based threats • Examine these digital threats and discover how to mitigate the risk these threats bring Security Week 2007 Brasil
Today’s Topics • The Internet Has Changed Our World • The Internet Has Change Our Businesses • The Internet Has Changed Business Risks • Digital Threats to Business Continuity • Mitigating the Risk of Digital Threats • Summary Security Week 2007 Brasil
The Internet Has Changed our World Security Week 2007 Brasil
The Internet Has Changed our World Security Week 2007 Brasil
The Internet Has Changed our World • >1 billion people globally have access to the Internet • >1 million companies globally = 50% of their revenue • Rapidly becoming the primary source for information • Yahoo: • >250 million mail users; • > 500 million users • Google: • >150 million searches a day; • >67.6 million people visited Google an average of 6.2 12/2006 • last year's revenue was between $60 million and $300 million. • Rapid Growth in Web 2.0 Social Sites • VoIP growth immense and growing Security Week 2007 Brasil
The Internet Has Changed our Offices Security Week 2007 Brasil
The Internet Has Changed our Offices Customers Network Partners Branch Office Desktops Internet Routers Web Servers Modems Servers Telecommuters Wireless Devices Security Week 2007 Brasil
The Internet Has Changed our Business • Extend business hours for sales and customer information to 7x24x365 • Extends business across regional and national borders • Communicate with customers one-on-one through email • Use web sites to advertise a company and its products • Create a whole new sales channel using the Web, in addition to, or sometimes instead of retail stores • Improve employee productivity through tele-commuting • Improve employee efficiency through better internal communications • Drives down the cost for sales by using online stores on web sites • Reducing costs for supplies and services, through increased efficiency and accuracy and wider range of choices via the Web • Eliminating the expense of express services and postal services by using free email and VoIP communications Security Week 2007 Brasil
The Internet Has Changed our RISKS Network Internet Customers Partners Branch Office Desktops Routers Wireless Devices Web Servers Modems Servers TODAY!! Telecommuters Security Week 2007 Brasil
Business Continuity Need • An AT&T study1 found that, “Nearly 1/3 of U.S. businesses do not have emergency continuity plans in place – up from 25% a year earlier. • The survey also found that 2/3 of companies with a disaster lost business • 16% losing between $100,000 and $500,000 per day • 26% saying they did not know how much it cost per day • In another study2 47% of risk managers surveyed said, “Unplanned downtime of information technology systems lasting 24 hours or more could jeopardize the survival of their entire business.” 1Amanda Cantrell, “Is your company prepared? One company's experience, plus tips for preparing.” http://money.cnn.com/2005/10/04/technology/disaster_recovery/index.htmBusiness after disaster 2“Economist Intelligence Unit survey highlights the extreme criticality of IT Systems,” http://www.continuitycentral.com/news03100.htm Security Week 2007 Brasil
Digital Business Continuity Cost Computer Economics Security Week 2007 Brasil
Digital Business Risks • Corporate Espionage • Identity Theft and Fraud • Extortion • Unfair and Deceptive Trade Practices • General Privacy Invasions • Distributed Denial of Services • Loss of Productivity Security Week 2007 Brasil
Viruses • Worms • Trojan Horse or Trojan • Spam/UCE • Spyware • Adware • Bots; Rootkits • Phishing • Backdoors • Hacker Agents/Kits • Malicious Websites • Drive-by download • Yesterday • Written for Fame/Notoriety • Nusiance • Today • Written for PROFIT • Crime • Organized Groups • More Complex Digital Business Threats Malware Motivation Security Week 2007 Brasil
Global Monthly Malware Reports Security Week 2007 Brasil
Brazil Monthly Malware Reports Security Week 2007 Brasil
BOTS: Brazil-Global Security Week 2007 Brasil
Spyware: Brazil-Global Security Week 2007 Brasil
Adware: Brazil-Global Security Week 2007 Brasil
Trojans: Brazil-Global Security Week 2007 Brasil
Consequences of a Cyber Attack What If The Computers In Your Office Gets Infected? • Loss of revenue; personal liability resolution. • Additional operations expenses incurred due to the disruptive event • Financial loss from resolution of violation of contract agreements • Financial loss from resolution of violation of regulatory or compliance requirements And also: • Loss of competitive advantage or market share. • Loss of public confidence or credibility, or incurring public embarrassment. • Think TJX - 45.7 million credit card holders were affected by the data thefts from 2005-2006 Security Week 2007 Brasil
Point Solutions: Firewalls, IDS, AV were considered Security • Security for the Perimeter • Security was Business Reactive • The IT team handled Security • Security team had limited exposure to: • Executive Management • Business Plan • Security managed in Operating Unit • Security Compliance at the IT level • Security looked at with ROI Today • Business require Global Presence • Businesses deal with customers online • Companies must deal with Trusted partners • Compliance drive industry specific solutions • Security must be part of the Corporate business plan • Security is now a process that requires integrated point solutions Yesterday Business Security Needs Have Changed Security Week 2007 Brasil
Who? Security Yesterday When? Executives User Host Protocols Network Domain Applications Lexical IP addresses Sockets Data How? Binary Streams Sessions Files Security Today Documents What? Holistic Information Security Security Week 2007 Brasil
Protect Detect Recover Desktop Firewall Anti-Spyware Data & Systems Anti-Virus Anti-Spam Anti-Phishing Integrated Security Security Week 2007 Brasil
Identify critical assets • Internal & External • Data • Devices • Networks • Users • Locations IDENTIFY • Assess Security Risks • Analyze: • network perimeter • desktops, notebooks • PDAs, phones, printers • Review policies • Inspect facilities • How much Risk can I afford? • Focus on Risks that Matter ASSURE ASSESS SECURE • Secure Critical Assets • Create Risk Reduction program • Maintain & Manage infrastucture • Assure your security posture Managing the Risks INTELLIGENCE Security Week 2007 Brasil
Summary • Businesses today NEED have a Business Continuity Plan • That Plan MUST consider Digital disruptions • The BCP needs to consider today’s Digital Risks • Today’s Digital Risks demand Holistic approach • Integrated Solutions • Identifying Assets • Assessing Assets • Securing Assets • Assuring acceptable Security Posture • Up to date Intelligence is key • Focus on the Risks that matter! Security Week 2007 Brasil
Thank You! WHEW!! Larry Bridwell P: 717-802-2603 F: 717-828-1082 lbridwell@grisoft.com Security Week 2007 Brasil