Tim Matthews, Senior Director Product Marketing, Symantec
Security practitioners today are confronted with a large complex threat surface of exposure of confidential information: data theft on laptops, information copied to USB devices, stored on smartphones, posted on blogs, burned to CDs and DVDs and sent via IM and e-mail. The consequences for loss of this data are quite severe including regulatory fines/sanctions, brand damage and customer attrition. The WikiLeaks scenario we hear so much about in the press represents a further escalation in the risks and consequences of breach of sensitive data. The results of the latest U.S. Cost of a Data Breach from the Ponemon Institute indicate that malicious attacks are more prevalent than in years past and they’re the most expensive form of breach event. Malicious attacks come from both outside and inside the organization, ranging from data-stealing malware to social engineering. Malicious insiders with intent to misuse information are most often white collar criminals, terminated employees and corporate espionage aspirants. Well-meaning insiders who walk out the door with corporate data on a USB drive do so for mostly legitimate reasons like working from home or for an off-site meeting. These insiders seem to think either that company security policies are a hindrance to their jobs or that they can get away with it as long as they’re careful. These insiders, however well-intentioned, make it easier for hackers and malicious insiders to get their hands on confidential data and leak it. It’s easy to see how the dual priorities of a worker-friendly environment and the need to share information quickly could lead to a data loss scenario. This session will explore these risks, as well as how to protect your sensitive data by implementing multi-level security practices such as encryption, device control, data loss prevention, protection against advanced persistent threats and broader information protection best practices.