This document discusses security issues that small businesses face and provides recommendations to address them. It notes that networks are large and complex, and that businesses have limited time and money for security. However, the size of a business does not correlate with the likelihood of a data breach. The document recommends pursuing simplicity, vigilance, consistency, and utilizing managed security services and affordable utilities to help protect against threats. It concludes by asking if the audience has any other questions.
9. “Thieves are more likely to select targets
based on the perceived value of the
data and cost of attack than victim
characteristics such as size” -Verizon
10. Somewhat interesting Stats.
Verizon Report Highlights
• 4% of breaches.
• 87% had evidence.
• 94% = financial services
• NO CORRELATION BETWEEN ORG SIZE AND CHANCE OF
DATA BREACH!
11. What can we do?
Simplicity
• 4%
• Vigilance
• Consistency
Resources
• Managed Services
• Affordable Utilities
• Users?
12. Topic of Slide
Sub-topic 1
• Point a.
• Point b.
• Point c.
Sup-topic 2
• Point a.
• Point b.
• Point c.
(1999) What is this ball of colors in the map below? It is the North American Internet, or more specifically a map of just about every router on the North American backbone, (there are 134,855 of them for those who are counting).
The colors represent who each router is registered to.
Red is Verizon, blue AT&T, yellow Qwest, green is other backbone players like Level 3 & Sprint Nextel, black is the entire cable industry put together, & gray is everyone else, from small telecommunications companies to large international players who only have a small presence in the U.S.
This map demonstrates that although AT&T & Verizon own a lot of Internet pipes, they currently do not dominate the Internet infrastructure (yet).
Next time your Internet connection goes down....the problem might not be right here in town....it could be six states away. And tracking down the problem, while we have the expertise to do so, does not mean we always have the power to fix it.
2003
Sometimes it feels like putting a brushfire out with a bucket of water…and the bucket has a hole.
Lets throw money at it! Lets put encryption in there somewhere!
Just because you have spent a lot of money and time doesn’t mean you are secure.
Small Business Security has its own issues.
Bucket of water vs a brushfire.
Poor budgets.
No time.
Overwhelming responsibilities.
CEO’s Blackberry illustration.
2010 Data Breach Report From Verizon Business
Only 4 percent of breaches assessed required difficult and expensive protective measures.
Most breaches (60 percent) continue to be discovered by external parties and then only after a considerable amount of time.
11 percent were linked to business partners.
49 percent were caused by insiders.
48 percent of breaches were attributed to users who, for malicious purposes, abused their right to access corporate information
40 percent of breaches were the result of hacking,
28 percent were due to social tactics and 14 percent to physical attacks.
87 percent of victims had evidence of the breach in their log files, yet missed it.
94 percent of all compromised records in 2009 were attributable to financial services.
The report finds no correlation between an organization’s size and its chances of suffering a data breach.
2010 Data Breach Report From Verizon Business
Only 4 percent of breaches assessed required difficult and expensive protective measures.
Most breaches (60 percent) continue to be discovered by external parties and then only after a considerable amount of time.
11 percent were linked to business partners.
49 percent were caused by insiders.
48 percent of breaches were attributed to users who, for malicious purposes, abused their right to access corporate information
40 percent of breaches were the result of hacking,
28 percent were due to social tactics and 14 percent to physical attacks.
87 percent of victims had evidence of the breach in their log files, yet missed it.
94 percent of all compromised records in 2009 were attributable to financial services.
The report finds no correlation between an organization’s size and its chances of suffering a data breach.
Back to the 4% stat, this is good news!
Watch and be aware of your network, You know your network better than anyone, you know the holes that DO EXIST, that rash is not supposed to be there!
Cant afford the time or an employee? Managed Services have become popular and are very affordable. Open source utilities can be fun and useful. Spiceworks, know what is on your network, check your events, backtrack, your own brain.
Users can be taught and can become eyes and ears. Build up a reputation with them…