Enhancing Laptop Security: Key Pillars and Challenges for Businesses

1. Keeping Laptops Secure Defense Team: Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil

2. Agenda • Four cornerstones of secure computing as they relate to laptop security • Confidentiality • Authenticity • Integrity • Availability

3. Confidentiality Problems Over 600,000 laptop thefts occurred in 2004, totaling an estimated $720 million in hardware losses and $5.4 billion in theft of proprietary information. -- Safeware Insurance, 2004

4. Confidentiality Problems • Intellectual Property – data is easily accessible to competitors • Brand/Company Impact – damaging information can be found on laptops that can tarnish the brand or company • Public Policy – fines from regulatory agencies or government; FERPA, HIPAA, California Senate Bill 1386, Sarbanes-Oxley & Title One

5. Confidentiality Problems Cont. • High Costs – direct costs from above as well as peripheral expenses due to legal fees, free credit monitoring for customers and loss of customer/investor trust • Portable Memory – e.g. reliance on USB memory sticks to transfer data; devices are easy to lose due to size • 60% of data breaches are due to loss of mobile devices1

6. Authenticity Problems • Cracking Security: • Strong password requirements are often not mandated. In these cases, brute force entry does not take a tremendous effort. • Well known accounts often remain enabled, providing an easy target. • Circumventing Security: • Booting an Operating System off of USB devices or optical media is another way to circumvent security. • Unknowingly or mistakenly connecting to a network run by a hacker can provide access to data.

7. Integrity Problems • Many laptop users have Administrator privileges • Able to install unauthorized programs, both intentionally and unintentionally • Viruses, spyware, and other malware can install automatically using the user’s elevated privileges • Unauthorized installed applications can lead to system instability or conflicts with approved application • May accidentally uninstall necessary programs or delete important system files • Causes more administrative overhead for IT staff

8. Integrity Problems Cont. • Expired Antivirus Definitions • Exposes laptop to newer viruses • Wide range of damage depending on virus • Insecure Networks • Laptop user may connect to insecure networks (wired or wireless) • Snooping or intercepting of data can occur • Company IP can be lost • Laptop more exposed to hacker threats

9. Availability Problems • Availability - The ability to use the information or resource desired • For laptops, a loss of available information is loss of data • Hardware damage • Software corruption • Loss of data for laptops * • 44% - Hardware Malfunction • 32% - User Error • 14% - Software Corruption • 7% - Computer Viruses • 3% - Natural Disasters * Data provided by “Disc Data Recovery”, http://www.diskdatarecovery.net

10. Availability Problems 44% - Hardware Malfunction • Availability - The ability to use the information or resource desired • For laptops, a loss of available information is loss of data • Hardware damage • Software corruption • Loss of data for laptops * • 44% - Hardware Malfunction • 32% - User Error • 14% - Software Corruption • 7% - Computer Viruses • 3% - Natural Disasters * Data provided by “Disc Data Recovery”, http://www.diskdatarecovery.net • “head crash” • Read-write head touches the rotating platter • Platters spin 5,000 to 15,000 RPMs / second • A touching head is the equivalent of a 72 mph crash • “The click of death” • Clicking sound in disk storage systems that signals the device has failed, often catastrophically • IBM’s 75GXP harddrives were known for this ($2B loss) • Harddrive manufactures claim a 1% failure rate • Carnegie-Mellon research suggests 2-4% • Under some conditions: 13% 44% - Hardware Malfunction

11. Questions?