1

Fraud and Prevention:Lessons from the Fire ServiceAugust 24, 2015

2

Today’s Discussion

By the numbers

Practical nextsteps

Lessons from the fire service

3

Today’s Discussion

Lessons from the fire service

Practical nextsteps

By the numbers

42012

2013

2014

2015

IRS

Aus.Img.Dept

US OfficeOf Personnel

Mgmt[2nd Breach]

US OfficeOf Personnel

Mgmt

CalifDept of

Child Svcs

FloridaDept of

Juv Justice

FloridaCourts

KissingerCables

MedicaidOffice of

The TexasAttorney General

WashingtonCourt System

South AfricanPolice

GreekGovernment

Government Data Breaches Since 2012:Selected losses of 30,000+ records

Source: informationisbeautiful.net.

5

“The South Carolina Department of Revenue data breach in 2012 exposed 3.6 million Social Security numbers to hackers.”

-Government Technology

6

“Names, birth dates, Social Security numbers, and other personally identifiable information belonging to about 850,000 job seekers in Oregon was exposed after hackers gained illegal access to a database containing information at the State Employment Department.”

-Information Week

7

“The personal data of an estimated 18 million current, former and prospective federal employees were affected by a cyber breach at the Office of Personnel Management.”

-CNN

8

“Medicaid Suffers Massive $33M in Fraud in at Least 4 US States.”

-Sputnik International

9

94M Government Records Since 2009

58 days between discovery and disclosure

$201 per record breached

$5.8M per breach

Sources: “Rapid7 Report: Data Breaches in the Government Sector.” Rapid7. September 6, 2012.

2014 Cost of Data Breach Study, Ponemon Institute, Navigant Breach Report, March 2014.

10

Small & Medium Sized States…

Large States…

~15Mper month

attacks

~10Mper day

attacks

Source: NASCIO. Conveyed at the 2015 NASBO Annual Conference.

11

Less than half of all data breaches are due to malicious attacks

44% 31% 25% maliciousattacks

humanerror

systemglitches

Source: 2014 Cost of Data Breach Study, Ponemon Institute, Navigant Breach Report, March 2014.

12

Today’s Discussion

Practical nextsteps

By the numbers

Lessons from the fire service

13

246530

every… a fire department responds to a fire

one structure fireis reported

one civilian fireinjury is reported

seconds

seconds

minutes

Source: National Fire Protection Agency

14

1980 Today

Source: Michael J. Kartner. Fire Loss in the United States.

734,000home fires

370,000home fires

5,200fire deaths

2,520fire deaths

15

Q: How was the fire service able to achieve over a 50% decrease in each of these

important areas?

16

AdequateFunding

ExecutiveSupport

ModernTechnology

Visibility &Influence

Governance &Authority

FireProfessionals

A: Through vigilant and deliberate action across the fire service.

17

AdequateFunding

ExecutiveSupport

ModernTechnology

Visibility &Influence

Governance &Authority

Fire SecurityProfessionals

States face a lack of [sic] as it relates to cybersecurity and fraud prevention…

Source: NASCIO State CIO Survey, 2014.

18

Today’s Discussion

By the numbers

Lessons from the fire service

Practical nextsteps

19

Have a plan – A call to action from the NGA

Establish a governance and authority structure

Conduct risk assessments and allocate resources accordingly

Implement continuous vulnerability assessments

Create a culture of risk awareness

20

Stop looking in the rear view mirror.

Continuous Diagnostics & Monitoring tools can help.

21

“Too little attention has been placed on continuous controls monitoring by chief

financial officers, internal auditors, and corporate risk

management and compliance leaders…

CCM solutions can increase operational efficiency for critical financial processes,

reduce fraud and improve financial governance

resulting in a substantial return on investment.”

22Techniques for detecting and preventing fraud.

Rules Based Analytics &

Known Patterns

Data Science & Predictive

Analytics

23

Address the talent crisis.

Hire the right professionals

Collaborate with HR and definecareer paths

Provide training and development for professionals

24

All four layers of controls must be monitored across processes.

25Establish a fraud prevention framework.

26

Questions?