A look into the top threats and topics in Information Security for 2012.

1. What’s Hot in Information
Security - 2012
Jared Carstensen SSCP, CISSP, CRISC, CCSK
Security & Forensics
Deloitte
jcarstensen@deloitte.ie

2. Hot Topics - 2011
Looking Back – What was featured for 2011
• Social Networking – increase in threats and online defamation
cases
• Growth in e-Discovery cases and solutions
• Protecting data at the data layer (Wikileaks)– DLP tools
• Smart Phones and risks involved (iPhone proliferation)
• Malware for Cyber warfare (Stuxnet)
• Online transactions security (customer end point security)
• Virtualized environments – security implications
• Cloud Computing & security implications
Last year saw an unprecedented level of Data Breaches, Hacks,
and high profile security related incidents including Sony, RSA,
Epsilon, TripAdvisor, United Nations etc.
2 What's Hot in Information Security - 2012 © 2012 Deloitte & Touche

3. Hot Topics - 2012
Looking Forward – What lies ahead for 2012
• Cloud Security
• Cyber Warfare and Cyber Security initiatives
• End to End eDiscovery
• iPhones / iPads / Smart devices Security
• Advanced Persistent Threats
3 What's Hot in Information Security - 2012 © 2012 Deloitte & Touche

4. Cloud Security – Here to Stay
Cloud Security will remain a hotly debated and dominant feature in
2012. With Cloud adoption continuing to increase both here in
Ireland and Internationally, the following elements will continue to
feature:
• Abuse and Nefarious Use of Cloud Computing
• Malicious Insiders
• Shared Technology Issues
• Data Loss or Leakage
• Account or Service Hijacking
• Unknown Risk Profile
• Compliance (Privacy / Data Protection)
• Governance & Risks Elements
4 What's Hot in Information Security - 2012 © 2012 Deloitte & Touche

5. Cyber Warfare & Cyber Security
Cyber attacks and Cyber threats have been a constant threat to both
national infrastructure and businesses alike over the past 24-36
months with a startling number of increases in attacks.
Internationally, protecting national infrastructure and core
government systems from cyber threats is a key strategic priority,
with cyber attacks identified as a top tier risk over the next five
years.
Governments, Multinationals, Utilities,
Financial Services, Energy, and
Services organisation are currently
focussing efforts and resources to
secure and safeguard critical assets.
*Department of Justice & Finance
Website attacks on 24/01/2011
5 What's Hot in Information Security - 2012 © 2012 Deloitte & Touche

6. eDiscovery & Digital Forensics
“If you recorded all human communication from the dawn of time to
2003, it would take up about five billion gigabytes of storage space.
Now we’re creating that much data every two days.”
~Eric Schmidt [Google]
• Current Economic Conditions will continue to increase the number
of civil litigation cases involving digital data
• Digital investigations (Forensics)
will assist the growing number of
cases both internal to
organisations and externally.
• Cloud Computing may be the
“forgotten” element introducing
additional complexity and
challenges for investigations
6 What's Hot in Information Security - 2012 © 2012 Deloitte & Touche

7. iPhones / iPads / Smart devices Security
Increasing Requirement for Seniors / Board Members to have
iPhones / iPads / Smart Devices. Some of the challenges from a
security perspective include:
• Limited authentication / encryption / audit / logging
• Very limited number of security control options
• No granularity in application policies (either on/off)
• No centralised management
• Cannot push new policies over the air on demand
• Weak encryption protection if device is stolen
• Sensitive data susceptible to jailbreak attacks
7 What's Hot in Information Security - 2012 © 2012 Deloitte & Touche

8. Convergence of mobile devices and the corporate environment leads to new
risks that must be addressed
• Unencrypted data
• Missing screen-lock • Software installed via
• Insecure PINs scam mails
Compromise • Remote exploitable
Local Data vulnerabilities
with Physical
Access
• Against users
• Against third Compromise
Local Data
parties Liability Risks
with Remote
Access
Risk • Mobile Device is
• Data Protection associated to mobile
devices Unauthorised
used as an entry
• Telecommuni- Legal and Non
Access to the point for the
Compliance
cations Law Risks
Corporate corporate network
• Company Network
Policy
• Disables protection Jailbreaking,
Malware and • Apps containing
compromised
measures on signed Rooting, … malicious code used for
Apps
apps attacks against the user
• Increased attack or the corporate network
vector
© 2008 Deloitte Touche Tohmatsu

9. Advanced Persistent Threats (APT’s)
Conventional hacker or cybercriminals have been around for quite some time.
They tend to operate on a hit ratio or successful outcome basis – they tend not to
be solely focussed on any particular target. They may want a thousand credit card
numbers for fraud, or to break into an account and turn it into a zombie, or for
other associated uses.
APT attackers are:
• Attackers who are focussed and set on attacking you or a specific target!
• It doesn't matter how secure you think you are! All that matters is whether
you're secure enough to keep them out.
• APT attackers are more highly motivated – there is a motive or reason they are
targeting an entity or company.
• They're likely to be better skilled, better funded, and more patient (there is
typically no “end date”).
• They're likely to try several different avenues of attack. And they're much more
likely to succeed.
9 What's Hot in Information Security - 2012 © 2012 Deloitte & Touche

10. Questions?
10 What's Hot in Information Security - 2012 © 2012 Deloitte & Touche

11. THANK YOU
Jared Carstensen SSCP, CISSP, CRISC, CCSK
Security & Forensics
jcarstensen@deloitte.ie
086 322 8004
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a private company limited by guarantee, and its network of member
firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/ie/about for a detailed description of the legal
structure of Deloitte Touche Tohmatsu Limited and its member firms.
Deloitte’s 1,200 people in Dublin, Cork and Limerick provide audit, tax, consulting, and corporate finance to public and private clients
spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class
capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges.
Deloitte’s approximately 182,000 professionals are committed to becoming the standard of excellence.
This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, Deloitte Global Services Limited, Deloitte
Global Services Holdings Limited, the Deloitte Touche Tohmatsu Verein, any of their member firms, or any of the foregoing’s affiliates
(collectively the “Deloitte Network”) are, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or
other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a
basis for any decision or action that may affect your finances or your business. Before making any decision or taking any action that may
affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be
responsible for any loss whatsoever sustained by any person who relies on this publication.
© 2012 Deloitte & Touche. All rights reserved