Southern California/Orange County CIO Breakfast Round Table
March 8, 2012 meeting
Present: Jeff Hecht, David Mann, Jim Sutter, Keith Golden, Jennifer Curlee, KJ Grinde, Sean Brown, Dave Phillips
We welcomed KJ Grinde, Edwards Lifesciences, to his first meeting.
The following is a list of topics and speakers through September:
4/12/12 Mobile Device Security David Mann, Neudesic
5/10/12 Global Company IT Challenges Rich Hoffman, Avery Dennison
6/14/12 Big Data Paul Gray, Claremont (Emeritus)
7/12/12 Developing IT Teams Jon Grunzweig, Majestic Realty
8/9/12 Mobile Application Development
9/13/12 Ken Wechsler CIO Compensation
Topic: New Security Challenges
Jeff Hecht started his presentation by noting how the security landscape had changed – it used to be hacking for fun, but now it’s much more serious. Millions of $ are at play, either through quick strikes or extended attacks. It’s getting to be hard to know who to trust. Still, most organizations rely primarily on signature based perimeter defenses.
Hacktivism is usually politically motivated, with humorous overtones, and has the capacity to be a solo activity. Recent attacks have targeted security companies like HBGary Federal (because of their investigations into a group called Anonymous) by that very group, much to their embarrassment. Another was on Sony by a teenager, George Hotz - Sony sued Hotz and Anonymous got involved in many more attacks. The cost to Sony is in the multiple 100M dollars range. Symantec is another example. Anonymous is a loosely run organization and one of the main actors, Hector Monsegur (Sabu), was arrested in June 2011, and he has revealed other members of the group. Another problem is Certificate Authority (CA) impersonation. A CA is supposed to provide digital protection by a combination of public and private keys. If trust in the private key is lost, then all guarantees are off. Jeff explained what advanced evasion techniques (AET) can do for you – I recommend that you spend a few minutes looking at his slides on this topic. Yet a more dangerous element is the Advanced Persistent Threat, where the attackers are willing to take the time to select the target (not just by chance), identify the potential gain, develop the attack approach often from within, and hide the evidence – check out Jeff’s slides on this one. He had 5 predictions for 2012 – first Android worm; loss of your personal data from a social network; political theater; SMBs are no longer immune; Mac malware will increase. What can we do to protect ourselves? Do the basics (not enough but still important); use layers; train employees on security; find someway to really identify someone; focus on protecting your crown jewels; watch what is going in and out. Great presentation!
KJ thanked Jeff and complimented him on a really current presentation. Anonymous has vowed to take down the Internet.
Jennifer noted that Anonymous was not a real organization, but a loosely connected group of individuals, whose fingerprints are well known.
Keith is still struggling with network modification and will address security next.
Jim noted that his client is very much into business intelligence, especially pricing by location, using whatever means are available, including hiring each other’s sales people.
David said that his company has a team focused on security, and they are trying to stay ahead of the game. The biggest threat is the human factor.
Good session – thank you, Jeff, for the presentation.
Monday, March 12, 2012
Subscribe to:
Posts (Atom)
