Here are some of the stats and tidbits I left with. As some of the themes overlapped throughout the presentations, so I'm not going to attribute each bullet point to a specific presenter. However the presentations were sponsored by the following companies: WatchGuard, Axway, Sourcefire, Top Layer Security, JCS & Associates, Kaspersky Lab, Cyber-Ark, FaceTime and Arora / McAfee. You can learn more about the presentations specifics and download some of the slide decks here on the event agenda page.
- End users in the workplace expect to have access to the web and popular web applications, however 25% of companies need to update their policies related to web use. Instead of addressing the policy issues, companies simply block access to web applications entirely.
- End users need more education about threats like email scams, pop-ups offering anti-virus solutions, links sent via social media sites, tiny URLs, etc. End users are your biggest threat - often due to error or accidents.
- The average employee spends 3 hours a day doing non-work items on their computer.
- Consider reviewing and improving on your file transfer management practices. How do people share data within your organization and externally? Is it secure and managed?
- Most companies feel secure, but aren't really. Check out http://www.idtheftcenter.org/ for a list of companies that have experienced data breaches. Many companies simply rely on their vendors to declare that they are secure and protected.
- Consider using different vendors to protect your data at different levels. Different vendors use different mechanisms to detect and deter threats.
- As an administrator, you have to review logs on computers, firewalls, servers, etc. This way you are familiar with what is "normal" and can easily recognize potential breaches.
- Consider data encryption as means to enable your company to meet regulation compliance. Encryption technology has evolved and it doesn't have to be as painful as it has been in the past.
- You should patch all your computer regularly - don't forget that your printers, routers and switchers are computers too.
- The top Internet search terms that are likely to lead you to site with malware on it are "screensavers" (51.9% chance of an exploit), "lyrics" (26.3%) and "free" (21.3%).
- In 2009, the Firefox browser had the greatest number of patches and overall, vulnerabilities in applications exceeded operating system vulnerabilities.
- The web browser is the #1 used application, but the patch cycle for browser add-ins is slower than for other applications and operating systems.
- Drive-by downloads are still the #1 way to exploit computers.