©2017 – Treasury Alliance Group LLC – All Rights Reserved
Cybercrime – Stealing in the
Connected Age
Treasury Alliance Group LLCwww.treasuryalliance.com
April 24, 2017
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Cybercrime – A Growing Threat
Source: McAfee
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Cybercrime – A Growing Threat
60% of survey participants indicated that they had been the target of cybercrime. This supports the 2015 AFP Payments Fraud Report in which 62% of survey respondents indicated that they had been targeted in the prior year.
Source: TAG Cybercrime Survey
©2017 – Treasury Alliance Group LLC – All Rights Reserved
CYBERCRIME
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Malware
• 20 million new malware samples in 1st quarter of 2016– Slightly higher than 2015
– Trojans continue to be the majority
– Ransomware has increased significantly
• 33% of all PCs around the globe are now infected
Source: Anti-Phishing Work Group
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Ransomware
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Vector of Malware Installation
The Rule of 20
Source: U.S. Secret Service
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Phishing
The creation and use of e-
mails and websites designed
to look like e-mails and
websites of well-known
legitimate businesses to
deceive Internet users into
disclosing their bank and
financial account information
or other personal data such as
usernames and passwords
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Phishing Illustrated
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Key Tells
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Pharming
Phishing’s evil twin – If you won’t answer our email, we’ll get you to come to us!
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Pharming Illustrated
92.100.01.01
98.155.01.01
98.155.01.01
www.nicebank.com
©2017 – Treasury Alliance Group LLC – All Rights Reserved
BYOD – A Growing Issue
©2017 – Treasury Alliance Group LLC – All Rights Reserved
An Increasingly Mobile Universe
• Potential rise of infested mobile apps. Don’t rely on mobile vendors’ app vetting processes. Do your corporate diligence. Installing an app on your phone may expose access to ALL of your phone data and ongoing activities, including contact books, email, login information, browsing history, GPS location history, security codes that you enter for conference calls, etc.
• Onset of bring-your-own-device cultures. The mobile revolution has partly benefited corporate mobile costs by inviting privately chosen devices into corporate networks. However, this poses security risks stemming not only from the nature of mobile, but also from the scope of devices on the network. Hardware and software have known and lurking vulnerabilities. More variety creates more exposure.
• Mobile vulnerabilities are multi-dimensional. Phones with data access to the corporate network can expose data, network authentication information, network application access, remote sessions, browsing data, and even DNS information. These exploits can be escalated to the land-based network.
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Smishing and Vishing
• The rise of mobile creates new channels for the same old tricks.
• Sending you a fake SMS alert (Smishing) or voice mail (Vishing) to create panic, so that you reveal useful security information.
• Objective is to confirm authenticity of your mobile information (i.e.. the target phone is actually yours) and to encourage a subversive action by you.
• Example: “Your account has been compromised. Immediately call 1-800-IAM-FAKE to help us investigate this security breach. Alternatively, immediately log in with your normal bank account user name and password at www.authenticbank.fakesecurity.com.”
©2017 – Treasury Alliance Group LLC – All Rights Reserved
• Corporate version of ID Theft
• Mimics internal fraud
• Funds are often gone before you are aware there is a problem
• “Mules”, who often think they are doing legitimate business, are used to move the money out of the country
• Originally aimed at large companies but now cybercrooks are targeting smaller businesses, municipalities and non-profits
Corporate Account Takeover
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Business Email Compromise
• Over $3 billion in loses world wide
• Reported in every state and over 100 different countries
• Typically uses “spoofed” email that appears to come from corporate executives
• Targeted executives are typically out of office
• Typically requests for wire transfers but can also include requests for confidential data such as W2s.
Page 16
©2017 – Treasury Alliance Group LLC – All Rights Reserved
COST OF CYBERCRIME
©2017 – Treasury Alliance Group LLC – All Rights Reserved
What are Cybercriminals After?
• Usernames and passwords, obviously, but there’s MUCH more
• Information about the hardware and software you are running:
• Trade secrets and trade data – corporate espionage
• Personally Identifiable Information – Social Security Number
– Drivers License Number
– Card Numbers
– Bank Account Numbers
– Etc. etc.
©2017 – Treasury Alliance Group LLC – All Rights Reserved
True Cost
• Remediation
• Legal costs
• Regulatory costs and fines
• Loss of customers
• Reputation
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Total Cost
Source: Ponemon Institute, HP
2016 Cost of Cybercrime Study
Cost expressed in US dollars (000,000), n = 237 separate companies
©2017 – Treasury Alliance Group LLC – All Rights Reserved
BEST PRACTICES
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Best Practices
• Educate your staff • Conduct periodic email tests• Use pop-up blockers and anti-virus software and maintain
them!• Never respond to emails or pop-ups asking for personal
(corporate) info• Be suspicious of unknown or unexpected emails• Never open email attachments unless you already know
what’s in them• Lock unattended workstations• Use limited purpose workstations for financial transactions• Cyber risk policy and action plan• Insurance• Report suspicious activity
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Better to do it now …
before you have a problem!
Improve Your Authentication
• Don’t use the same password for different login levels.
• Change your passwords regularly.• Use complex passwords, even if not enforced.• Consider using encrypted password “vaults” or
managers to store and machine-enter authentication strings.
• Be aware of symptoms of key-logging.
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Password Vaults
• Store passwords
• Create strong passwords
• Device agnostic / cross-platform capabilities
• Single password for access
©2017 – Treasury Alliance Group LLC – All Rights Reserved
• Incident Response Plan– Specify the response team
– Notification channels
– Escalation Procedures
– Identify regulatory requirements
– Don’t forget PR
– Test at least annually
• Data Privacy Policy– Identify access to all PII and related information
– Specify security policies and procedures
– Review vendor agreements and processes
– Board level approval
Cyber Risk Management Plan
©2017 – Treasury Alliance Group LLC – All Rights Reserved
CYBER LIABILITY
26
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Cyber Insurance
• First Party– Notification
– Credit Monitoring
– Business Interruption
– Extortion
– Crises Management/PR
• Third Party– Invasion of Privacy Rights
– Media Intellectual Property
– Failure to implement, maintain or enforce reasonable security policies
– Unfair, Deceptive and unlawful business practices
– Regulatory Actions
Source: Oswald Insurance
©2017 – Treasury Alliance Group LLC – All Rights Reserved
OOPS
28
©2017 – Treasury Alliance Group LLC – All Rights Reserved
When It Happens
And it will happen!• Notify - Notify your bank immediately and
consider suspending funds transfer capabilities until you know the scope of the problem.
• Report - Contact appropriate law enforcement and file a report.
• Record - Make a written record of what happened, what was lost, and the steps you took to report the incident and attempt to recover the funds involved.
©2017 – Treasury Alliance Group LLC – All Rights Reserved
CONCLUSIONS
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Conclusions
• Cybercrime is a growing problem around the world• Convenience of easy access complicates the
problem• The total cost can be immense• There are things that you should be doing to protect
yourself– Policies and procedures– Training– Action plans– Insurance– Board involvement
• Cybercrime is not just an IT issue, it should be part of your overall enterprise risk planning
©2017 – Treasury Alliance Group LLC – All Rights Reserved
Mark K. Webster, CCM, CPA, Partner
Phone (216) 932-1678
Treasury Alliance Group LLC
www.treasuryalliance.com
Contact Information
Page 32