Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
© 2019 RSM Canada Consulting LP. All Rights Reserved. © 2019 RSM Canada Consulting LP. All Rights Reserved.
RECOGNIZING CYBER THREATS:HOW TO PROTECT YOUR COMPANY DATA
RYAN DUQUETTEPARTNER – RSM CANADA - SECURITY AND PRIVACY RISK CONSULTING
May 28, 2020
ESSA | Environmental Services Association of Alberta
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Agenda
• Cyber Incident Stats (just a few!)
• How are you being targeted
• Defining Cybersecurity
• Why SMEs
• What can be done and how to build a corporate culture of
security
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Cyber Incident – attack types 2019
Business Email Compromise
58%
Ransomware / Malware
21%
Litigation7%
Other11%
WebApp Compromise3%
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Cyber incidents – sectors (all) 2014–2019
21.5%
19.3%
9.6%8.8%
7.9%
5.7%
5.5%
4.7%
4.5%
3.2%
2.9% 1.8% 1.1% 0.8% 0.8%
0.7%
0.7% 0.3%
Professional Services Healthcare Retail Financial Services
Manufacturing Technology Education Nonprofit
Other Public Entity Hospitality Transportation
Energy Media Restaurant Entertainment
Telecommunications Gaming & Casino
Source: https://rsmus.com/what-we-do/services/risk-advisory/cybersecurity-data-privacy/the-real-cost-of-a-data-breach.html
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Company Size – 2019
Source: Netdilligence 2019 report
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Cyber incident – costs
Source: https://rsmus.com/what-we-do/services/risk-advisory/cybersecurity-data-privacy/the-real-cost-of-a-data-breach.html
NPO Breach Costs
Min 1K Max
1.6M
Average 72K
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Cyber incident – costs
Source: https://rsmus.com/what-we-do/services/risk-advisory/cybersecurity-data-privacy/the-real-cost-of-a-data-breach.html
Professional Services
Min 1K Max
3.6M
Average 90K
© 2019 RSM Canada Consulting LP. All Rights Reserved.
What it sells for?
Social Insurance
Number
Online Payment
Services
Driver’s Licence Loyalty Accounts
Diplomas Passports
Credit or Debit Cards
Non-Public Financial General Logins
$1 $20 - $200
$20 $20
With CCV #
$5
With Bank Info
$15
Full Info
$30
$1 - $10 $1
$100 - $400 $1000 +
Subscription Services Medical Records
$1 - $10 $1 - $1000
© 2019 RSM Canada Consulting LP. All Rights Reserved.
How are you being targeted? Social Engineering
© 2019 RSM Canada Consulting LP. All Rights Reserved.
How are you being targeted? Reused Creds
© 2019 RSM Canada Consulting LP. All Rights Reserved.
A blend of technologies, processes, and
practices designed to protect networks,
devices, programs, and data from attack,
damage, or unauthorized access.
Defining cybersecurity
”
“
© 2019 RSM Canada Consulting LP. All Rights Reserved.
• Cybersecurity is a business issue, not a technical problem
The facts
• Business enhancing actions can quickly lead to disruption
• The landscape is complex, and competing drivers are
common
• Complex controls can hamper success
© 2019 RSM Canada Consulting LP. All Rights Reserved.
“Why isn’t this easier?”
• Regulatory obligations
• Evolving technology
• People
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Ransomware
• Victims: 2019 - Average $84,116
• 6,300 dark web marketplaces selling ransomware
• 45,000 products – averaging $10.50
• $6+ million in ransomware sales – well over 1+ billion in
payoutshttps://www.nytimes.com/2020/02/09/technology/ransomware-attacks.html
© 2019 RSM Canada Consulting LP. All Rights Reserved.
1. A vulnerability will be exploited
2. Everything is vulnerable, somehow
3. We trust, even when we shouldn’t
4. Innovation leads to exploitation
5. When in doubt, see #1
Key points
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Mature processes,
methods, tools and
skills, working in
unison, with a
common goal.
The objective
Resulting in:
Well trained people, following
well developed procedures, using
well implemented technology
© 2019 RSM Canada Consulting LP. All Rights Reserved.
The (simplified) Approach
Identify ‘Crown Jewels’
Protect Assets
Detect Problems
Incident Response
Navigation
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Why SMEs?
SMEs often collect sensitive
PII, including donor
information, health
information, social insurance
numbers, confidential emails,
employee records, and billing
information.
SMEs often have multiple
locations (working from home),
BYOD, and might not have
resources to spend on large
scale cybersecurity initiatives.
+
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Information
Protection
Considerations
Choices
1. Very secure
2. Very functional3. Low cost
You can only pick two
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Risks
loss
reputation
clients
employees
financial
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Risks
Time
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Things to think about
Understand the data
Be sure of your obligations
Think of the risks
Introduce appropriate controls
Consider the technology
Do you need it?
22
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Things to do
Back upInsider Threat ProgramHave a planTest your environmentTrain you staffHave a teamConsider cyber coverage
23
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Remote Workforce Considerations
24
• Where is your data being stored? On cloud services? Employees’ personal computers? Mobile devices?
• How is your data being transmitted?
• Are there any weaknesses that could allow attackers to compromise your employees’ remote networks or personal systems, potentially granting VPN access to the internal network?
• Have your business processes been updated to account for remote operations (e.g., accounts payable/receivable, payroll)
• Are you capturing more private data (e.g., home environments, geolocation data)? How does this affect compliance with privacy regulations?
© 2019 RSM Canada Consulting LP. All Rights Reserved.
In closing
Source:http://www.antifraudcentre-centreantifraude.ca/features-vedette/10-frauds-fraudes-eng.htm
Fraud Type Reports
Extortion 10,278
Personal Information 7,642
Phishing 5,053
Top 3 frauds of 2019
The following are the top 3 reported frauds in Canada in 2019, ranked by number of reports
© 2019 RSM Canada Consulting LP. All Rights Reserved.
Thank you – Questions and Answers?
416-706-2273
LI: RyanDuquetteMSC
Twitter: @RyanDuquette4n6