{Webinar Notes}: The Security Threat Report 2012

computer-security
Webinar Sponsor:

Sophos

Webinar Presentor(s):

Chester Wisniewski

Webinar Description:

Web-based attacks such as fake antivirus malware and SEO poisoning are the biggest threat to data security today. And the explosion of mobile devices and social networking only increases your exposure to risk. To stay secure, you need to understand the risks and know how these threats work. View this Webcast to learn about the latest threat trends and how to keep your organization safe.

{ Attend Webinar }


You can also download the audio podcast and presentation slides.


My Notes:

The presentation frequently refer to Sophos’ Threat Report 2012.  You might find helpful to download it for references.  You can also download it here.

Exploit Kits:
  • Threat report page 12: types of exploits and % of each
  • exploit kits = programmical web page contents/codes that “exploit” the vulenibilities
  • exploit kits – free to get or available to buy
  • there’s a “ebay” system to buy and sell exploit kits
  • people who write expliots –> sell to other criminals
Patching:
  • takes legit companies long time to patch exploits
  • conficker info: p.6
Mac Malware:
  • Threat report page 14: Mac malware 1982 – 2011
  • MacDefender was legit, name got borrowed by crooks
  • malware can be hidden in USB keys and get passed around
Spam:
  • spammers are learning to use social media/social networks to spread spam
  • social networks making it easier for spammer to spam becuase of the ease of access to info
Mobile Security:
  • Threat report page 19: mobile security stats
  • 33% smartphone users not using passcode protecting their phones
  • lots of users lack concerns for mobile security
Data Loss:
  • data loss = privacy loss
  • data leakage = privacy loss
  • data loss = not only loosing data, but also allows criminal to steal the info
  • data loss = lead to loss of client confidence in you
  • encryption = keeping the good stuff in (just as important as keeping the bad stuff out)
  • many large companies don’t encrypt their data (e.g. Sony)