Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Measures To Protect Your Organisation From Fraud And Cyber Terrorism: How To Prevent IT From Costing Your Organisation Millions Wong Joon Hoong.

Published byAlexandra Jenkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Measures To Protect Your Organisation From Fraud And Cyber Terrorism: How To Prevent IT From Costing Your Organisation Millions Wong Joon Hoong."— Presentation transcript:

1 Security Measures To Protect Your Organisation From Fraud And Cyber Terrorism: How To Prevent IT From Costing Your Organisation Millions Wong Joon Hoong Country Sales Manager Trend Micro Malaysia

2 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 2 Agenda  Ever Changing Network  Today’s Security Top Concern  Social Engineering Spam mail & Virus evolution  Summary  Q & A

3 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 3 Ever changing network  Broadband adoption  Wireless Network  Integrated communication devices  Information Island -> LAN -> MAN -> WAN  Internet ->Intranet -> Extranet-> Internet commerce

4 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 4 Goal of Security Previous : Security is to prevent losses, protect against confidentiality breaches Today: The goal of Security is enabling e-Business

5 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 5 Security Challenges Spam Viruses & Worms System Vulnerabilities Unwelcome Visitors  Firewall ensures that unauthorized users/hackers can’t gain access to internal company network Remote Access  VPN ensures that employees may securely access company data on the road or from home.  Monitoring for and applying patches to applications and OS as soon as they are made available  YTD, 50% of Internet email is spam, and growing  Spam clogs resources and drain productivity  85% of viruses comes from the Internet  Difficult to maintain current antivirus versions and to protect all possible access points

6 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 6 Spam – The Rising Problem Junk Mail Rate 2002 * 75% 100% 125% 150% 175% 200% JanFebMarAprMayJunJulAugSept 20% 25% 30% 35% 40% * Source: 7 billion actual customer messages processed by Postini  Junk mail rate for corporations approaching 50% and continuing to rise.  Pornographic spam causing workplace liability concerns.  There is no end in sight, thus email for business use could become useless by 2004. (Think it couldn’t happen? Usenet Newsgroups suffered a similar fate)

7 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 7 Got Spam? Censored!!!!

8 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 8 What is the tangible cost of Spam? Base on 500 User email users in an organsition!

9 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 9 Un-be-lievable.  IDC survey: more than a third (37 percent) of business email users would still open the attachment of an email titled 'ILOVEYOU'  The report found that on any day of the year, business users would open an email appearing to be from someone they know if the following appeared in the subject line: “Great Joke” (54 percent) “Look at this” (50 percent) “Message” (46 percent) “No title” (40 percent) “Special offer” (39 percent) Source: http://www.theregister.co.uk/content/8/16668.html 2/6/2001http://www.theregister.co.uk/content/8/16668.html

10 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 10 Malicious Code Growth 1990 199119941996199819992000200120022003

11 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 11 Evolution of Viruses

12 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 12 Recent Network Virus Attacks YearAttackNumber of Infected PC’s Est. Amount of Loss (USD) Y 2003Worm_MSBLAST1.4 Million +Still Counting…… Y 2003SQL Slammer200,000 +950 million ~ 1.2 billion Y 2002Klez6 Million +9 Billion Y 2001CodeRed1 Million +2.6 billion Y 2001NIMDA8 Million +600 million Y 2000Love Letter8.8 billion

13 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 13 Virus attack and mail spamming are the most common types of security breaches experienced Types of security breach(es) experienced before % Virus attack Mail spamming Employee's abuse: Downloading pornography Employee's abuse: Inappropriate use of e-mail system Employee's abuse: Downloading pirated software Denial of service Theft: Hardware/ Computer Hack threat/ system penetration CDs/ Diskette stolen Website unauthorized access/ misuse Sabotage of data or network Theft: proprietary information Website vandalism Financial fraud Active wire tap None of the above Base : All organisations 100 NISER 2003 Survey

14 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 14 Problem #1: Network Viruses (Worms) Have been Unstoppable No security solution has stopped or contained these network viruses Most often it has been too late = $2.15B in damages in Year 2003 alone Source: Trend Micro, Computer Economics Central Site VPN Firewall DoS Protection Intrusion Prevention Traditional Antivirus Vulnerability Assessment Nimda Code Red Slammer MSBlaster.A Welchia Security Mgmt. Internet

15 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 15 Problem #2: Vulnerability Prioritization and Isolation is Daunting Window of time from patch availability to outbreak is shrinking Difficult to prioritize patches to apply and isolate unpatched machines during an outbreak Source: Trend Micro MSBlaster.A Aug. 11, 2003 Patch: MS03-026 Jul. 16, 2003 Patch: MS02-039 Jul. 24, 2002 Slammer Jan. 25, 2003 Nimda Patch: MS00-078 Oct.17, 2000 Sept. 18, 2001 SASSER.B May,02, 2004 Patch: MS04-01 Apr 13, 2004 Window 26 days 185 days 336 days 17 days

16 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 16 Problem #3: Ineffective Policy Enforcement Leads to Re-infections 199920022003 Millions of infections (2003) 2001 5 of Top 10 viruses in 2003 released 1-4 years ago Non-compliant devices connect from multiple network access points Ineffective access control of these devices leads to re-infections Source: Trend Micro

17 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 17 Why the current industry solution is ineffective  Mixed threat attacks need more than pattern files  Attack-specific policy and system assessment and cleanup  Inconsistent or inaccurate security policy settings  Lack of central policy management  Inability to respond quickly enough when outbreak or reinfection occurs  Pattern files take time to develop  Out-of-date pattern files, AV not present on all hosts and pathways  Lack of central management and updates = missed detections  Security devices don’t coordinate  Enterprises must coordinate themselves with several vendors

18 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 18 Virus Outbreak Lifecycle = Customer Experience Threat Information Attack Prevention Notification and Assurance Pattern File Scan and Eliminate Assess and Cleanup Restore and Post- mortem Antivirus focus is not sufficient Enterprise TCO and lost productivity affects the customer at all stages of the lifecycle. $$ $$$$ $$$ “An estimated 74% of outbreak cost is related to cleaning.” -- Computer Economics, 2002 $ $ The Result Vulnerability Assessment Vulnerability Assessment $$

19 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 19 Security Wish List Requirements Remain Unfulfilled

20 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 20 Which Security Solution should I invest to? Point Products Proactive Mixed defense Security Solution Security Suites: Integrated firewall, AV, CF, IDS

21 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 21 Vulnerability Assessment Outbreak Prevention Services Virus Response Services Damage Cleanup Services Outbreak Mgmt. You need protection strategy instead of product COMMAND CENTRE Malicious Code Eliminated Outbreak Prevention Virus Response Assessment and Restoration Malicious Code Attack Vulnerability Prevention Vulnerability Discovered Proactive Outbreak Lifecycle Management

22 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 22 Summary  Network and security landscape ever changing  Virus/Worn and Spam making use of social engineering delivery mixed threat attack, traditional way of handling virus/spam is no longer effective  Antispam : 2/3 of today spam email is 1 st time spam and hybrid behaviour. Need heuristic antispam approach and integration of AV + Content Filtering + Antispam as solution.  Internal : Enforce Security policy, practice secure computing, Management involvement and support in IT security decision  External : Deployed proactive, centrally managed, precise security mixed threat defense solution instead of point product or suite product  Let the security system work for you instead!

23 RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Copyright 2002-2003, Trend Micro, Inc. 23 Fastest growing antivirus vendor in the world.*  Founded in the US in 1988. Corporate headquarters in Tokyo, Japan. Publicly traded on NASDAQ and NIKKEI exchanges  Antivirus and content security software and services provider to enterprise, small and medium business, and consumer segments  Transnational company with 1800+ employees across 30 business units worldwide  First and only security solution provider pioneering end-to-end proactive outbreak life cycle management *Antivirus Software 2002: A Segmentation of the Market (IDC) Trend Micro Overview

24 THANK YOU

Download ppt "Security Measures To Protect Your Organisation From Fraud And Cyber Terrorism: How To Prevent IT From Costing Your Organisation Millions Wong Joon Hoong."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Worry-Free Business Security 7

Worry-Free Business Security 7
Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.

Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.

(n)Code Solutions Presentation on the importance of a Secure Technology Infrastructure.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES & BUSINESS CONTINUITY Presented to Dr. Yan Chen MITP 458- Information Security & Assurance Business.

THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES & BUSINESS CONTINUITY Presented to Dr. Yan Chen MITP 458- Information Security & Assurance Business.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.

Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
SiteLock Internet Security: Big Threats for Small Business.

SiteLock Internet Security: Big Threats for Small Business.

Similar presentations

Ads by Google