financial crisis and it security
DESCRIPTION
Financial Crisis And IT Security: Difficulties, Risks and ActionsTRANSCRIPT
George Fares, FInstSMM 1
Financial Crisis & IT Security: Difficulties, Risks and Actions
By George Fares, FInstSMM
International Business Development ManagerPANDA Security
George Fares, FInstSMM 2
The Discussion - Question
Question: What is the Current State of IT Security?Answer: According to several studies, companies face at
least two main problems with IT Security: (a)Decrease in spending on IT Security(b)Increased risks
Question: Is the Financial Crisis to Blame or
What is the role of the Financial Crisis in the two aforementioned problems
George Fares, FInstSMM 3
AgendaThe Financial Crisis: What Does It All Mean?
Financial Crisis and the StakeholdersFinancial Crisis and the CompanyFinancial Crisis, the Company and IT SecurityFinancial Crisis, the Company and IT Security: Some Examples
IT Security Before the Financial CrisisIn Summary:
Before and After the Crisis: Comparison and ContrastThe DifficultiesThe Risks
The Dilemma: To Spend or not to SpendExamples of Action to be TakenConclusion: Difficulties, Risks and Actions
George Fares, FInstSMM 4
George Fares, FInstSMM 5
Financial Crisis and the Stakeholders
George Fares, FInstSMM 6
Financial Crisis and the Company
George Fares, FInstSMM 7
Financial Crisis and The Company and IT Security
George Fares, FInstSMM 8
Financial Crisis, the Company and IT Spending: The Case of DuPont
$400 MILLION: The value of trade secrets stolen by a DuPont scientist for a Chinese rival
George Fares, FInstSMM 9
Financial Crisis, the Company and IT Spending: Survey results
“The company can't trace the information back to me”.According to a survey from Ponemon Institute, 79% of
the people who took information from their companies among other things said the above phrase.
George Fares, FInstSMM 10
NOTICE: Emphasis is on ‘Increased’ complexity
George Fares, FInstSMM 11
Before the Crisis: Some Examples
Viruses:Jerusalem – 1988 (MS-DOS)Morris (a.k.a. Internet Worm) - November 1988Solar Sunrise – 1998Melissa – 1999I Love You - May 2000The Code Red worm - July 2001Nimda - 2001
George Fares, FInstSMM 12
Before the Crisis: Some Examples
Security issues (breaches):Nissan Motor – 5.4 million customer records stolen (2004)CardSystems – 40 million credit card accounts stolen (2005)DuPont – $400 million damage from research (2005)D.Telekom – 17 million mobile users data stolen (2006)TJX – 94 million Visa & MasterCard accounts stolen (2007)Fidelity National Information Services – 8.5 million credit
card & bank accounts stolen (2007)
George Fares, FInstSMM 13
Problems have been there before the crisis, however the crisis increased the complexity
George Fares, FInstSMM 14
Misperceptions create risks
Is the Financial Crisis really the problem?
No, it is the trigger for the revelation and increase of problems already in place!!!!
So, should the financial crisis be blamed?
No, but merely our perceptions of what IT security is.
George Fares, FInstSMM 15
The Main Difficulties: Changing the Perception
IT Security is not a cost; it is an investmenttherefore
IT Security should not be viewed Short-Termly but Long-Termly
George Fares, FInstSMM 16
The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his
not attacking, but rather on the fact that we have made our position unassailable.
(The Art of War by Sun Tzu, Chinese General,500BC)
George Fares, FInstSMM 17
To Spend or Not to Spend: That is the Question
To Spend:Serves the Long-Term Strategy
Not to Spend: Serves Short-Term Goals
George Fares, FInstSMM 18
Ideal Perception:
IT Security SpendingIs an Investment and not merely a Cost (or Waste)
Should be thought of as part of a Long-Term Strategy and not as part of Short-Term Goals
George Fares, FInstSMM 19
Action to be Taken: In Practice
Re-evaluation of current IT Security policies & systemsImplementation of tighter policiesEducation of the users for better understanding why we
enforce these measuresInvest in latest technology in H/W & S/W with advanced
capabilities to eliminate risks.
George Fares, FInstSMM 20
George Fares, FInstSMM 21
Resolving the Dilemmas
Difficulties: current profits and cash
Risks: losing money and value in the long-term future
Action: Change Perceptions, Take Measures : spend on IT Security!!!
George Fares, FInstSMM 22
Thank You