© 2020 RSM US LLP. All Rights Reserved.€¦ · © 2020 RSM US LLP. All Rights Reserved. July 9,...
Transcript of © 2020 RSM US LLP. All Rights Reserved.€¦ · © 2020 RSM US LLP. All Rights Reserved. July 9,...
© 2020 RSM US LLP. All Rights Reserved. © 2020 RSM US LLP. All Rights Reserved.
© 2020 RSM US LLP. All Rights Reserved.
July 9, 2020
HOW CYBER CRIME COSTS YOU
2
© 2020 RSM US LLP. All Rights Reserved.
• National Leader – Digital Forensics and Incident Response
• Over 30 years experience conducting criminal and civil investigations throughout the U.S. and globally
− Subject matter and testifying expert witness on DFIR topics
− Instructor on digital investigations for the U.S. Department of Justice and U.S. Department of Treasury
− Frequent speaker on digital forensics and cybersecurity
• I like standardized tests
− Certified Fraud Examiner (CFE)
− EnCase Certified Examiner (EnCE)
− Certified Computer Examiner (CCE)
− Digital Forensic Certified Professional (DFCP)
• I snoop for a living
Sean RenshawSenior Director – RSM Risk Consulting
[email protected] / +1 312 634 4757
Today’s Presenters
3
© 2020 RSM US LLP. All Rights Reserved.
• Southeast Region Leader – Financial Investigations & Dispute Services
• Almost two decades of forensic accounting, financial investigation, and litigation support experience
− Subject matter and testifying expert witness on financial fraud
− Previous matters include Madoff investigation, anti-terrorist financing, insider trading allegations, and whistleblower investigations
− Volunteer with AICPA, ACFE, VSCPA, and local colleges & universities regarding fraud awareness, education, and best practices
• I also like standardized tests
− Certified Public Accountant (CPA) / Certified in Financial Forensics (CFF)
− Certified Fraud Examiner (CFE)
− Master Analyst in Financial Forensics (MAFF)
• My side gig is podcasting – the inSecurities Podcast from PLI
Chris EkimoffDirector – RSM Financial Consulting
[email protected] / +1 571 341 4195
Today’s Presenters
4
© 2020 RSM US LLP. All Rights Reserved.
Today’s Agenda
5
Cyber Incident Trends
You Are The Target
Case Studies
Things To Know
Internal Control Considerations
© 2020 RSM US LLP. All Rights Reserved.
OVERVIEW OF CYBER INCIDENT TRENDS
6
© 2020 RSM US LLP. All Rights Reserved.
Cyber Incident Trends – Attack Types 2019
Business Email Compromise
38%
Ransomware / Malware
35%
Forensic Technology
14%
Other13%
Source: Cyber incidents handled by RSM 5/1/2019 – 4/30/22020
7
© 2020 RSM US LLP. All Rights Reserved.
Cyber Incidents – Organization Size 2014–2018
8Source: https://rsmus.com/what-we-do/services/risk-advisory/cybersecurity-data-privacy/the-real-cost-of-a-data-breach.html
NANO (<$50M)
MICRO ($50M - $300M)
SMALL ($300M - $2B)
OTHER / UNKNOWN
© 2020 RSM US LLP. All Rights Reserved.
The Digital High Seas—Not Your Normal Pirates
9
© 2020 RSM US LLP. All Rights Reserved.
The Digital High Seas—Not Your Normal Pirates
10
© 2020 RSM US LLP. All Rights Reserved.
HOW ARE YOU BEING TARGETED?
11
© 2020 RSM US LLP. All Rights Reserved.
How Are You Being Targeted? Social Engineering
12
© 2020 RSM US LLP. All Rights Reserved.
How Are You Being Targeted? Malware
13
© 2020 RSM US LLP. All Rights Reserved.
Mind On My Money
14
© 2020 RSM US LLP. All Rights Reserved.
What’s The Cost?
15
Social Security Number
Social Security Number
Online Payment Services
Online Payment Services
Driver LicenseDriver License Loyalty AccountsLoyalty Accounts
DiplomasDiplomas PassportsPassports
Credit or Debit CardsCredit or Debit Cards
Non-Public FinancialNon-Public Financial General LoginsGeneral Logins
~$1 - 50 ~$20 - 1000
~$1 - 50 ~$5 - 20
With CCV #
~$1
With Bank Info
~$5
Full Info
~$15
~$1 - $10 ~$0
~$100 - 400 ~$500+
Subscription ServicesSubscription Services Medical RecordsMedical Records
~$1 - $100 ~$300+
© 2020 RSM US LLP. All Rights Reserved.
$0
$20,000
$40,000
$60,000
$80,000
$100,000
$120,000
$140,000
$160,000
$180,000
$1,373
$72,000
$166,000
What’s The Cost?
BUSINESS EMAIL COMPROMISE
RANSOMWARE
ROBBERY
16
© 2020 RSM US LLP. All Rights Reserved.
So What’s The Harm?
17
• Source: FBI IC3
Over $12 billion in losses since 2013 due to business email compromise
• Source: 2017 Uniform Crime Report / Source: FBI IC3
Average Robbery Loss: $1,373
Average BEC Loss: $159,469
• Source: SEC Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 Regarding Certain Cyber-Related Frauds Perpetrated Against Public Companies and Related Internal Accounting Controls Requirements
Nearly $100 million in losses for nine SEC issuers, all lost at least $1 million; two lost over $30 million
© 2020 RSM US LLP. All Rights Reserved.
Case Study
Wire Transfer Fraud Security Incident
18
© 2020 RSM US LLP. All Rights Reserved.
Case Study
Ransomware Security Incident
19
© 2020 RSM US LLP. All Rights Reserved.
How Did That Happen?
20
© 2020 RSM US LLP. All Rights Reserved.
THE MORE YOU KNOW
21
© 2020 RSM US LLP. All Rights Reserved.
• Understanding the attack scenario
• Evaluating the entity’s response to the cyber event
• Evaluating the recovery and remediation approach
• Due diligence can be your friend
Key Considerations
22
© 2020 RSM US LLP. All Rights Reserved.
• Understanding the attack scenario
• Evaluating the entity’s response to the cyber event
• Evaluating the recovery and remediation approach
• Due diligence can be your friend
Key Considerations
23
© 2020 RSM US LLP. All Rights Reserved.
• Understanding the attack scenario
• Evaluating the entity’s response to the cyber event
• Evaluating the recovery and remediation approach
• Due diligence can be your friend
Key Considerations
24
© 2020 RSM US LLP. All Rights Reserved.
• Understanding the attack scenario
• Evaluating the entity’s response to the cyber event
• Evaluating the recovery and remediation approach
• Due diligence can be your friend
Key Considerations
25
© 2020 RSM US LLP. All Rights Reserved.
Cybersecurity Best Practices – It’s EVERYONE’S Role
26
© 2020 RSM US LLP. All Rights Reserved.
Cybersecurity Best Practices
27
© 2020 RSM US LLP. All Rights Reserved.
Password Worst Practice
RANK PASSWORD
1 123456
2 123456789
3 qwerty
4 password
5 1234567
6 12345678
7 12345
8 iloveyou
9 111111
10 123123
11 abc123
12 qwerty123
RANK PASSWORD
13 1q2w3e4r
14 admin
15 qwertyuiop
16 654321
17 555555
18 lovely
19 7777777
20 welcome
21 888888
22 princess
23 dragon
24 password1
Source: SplashData - https://www.teamsid.com/1-50-worst-passwords-2019/
28
© 2020 RSM US LLP. All Rights Reserved.
WHAT DO CONTROLS HAVE TO DO WITH CYBER?
29
© 2020 RSM US LLP. All Rights Reserved.
Catching It Yourself Saves You Money
30
© 2020 RSM US LLP. All Rights Reserved.
Catching It Yourself Saves You Money
31
© 2020 RSM US LLP. All Rights Reserved.
COSO Prescribes it
32
© 2020 RSM US LLP. All Rights Reserved.
• “Having sufficient internal accounting controls plays an important role in an issuer’s risk management approach to external cyber-related threats, and, ultimately, in the protection of investors.”
• “What is clear…is that internal accounting controls may need to be reassessed in light of emerging risks, including risks arising from cyber-related frauds.”
• “Given the prevalence and continued expansion of these attacks, issuers should be mindful of the risks that cyber-related frauds pose and consider, as appropriate, whether their internal accounting control systems are sufficient to provide reasonable assurances in safeguarding their assets from these risks.”
Department of Justice Advises It
33
© 2020 RSM US LLP. All Rights Reserved.
COSO Prescribes it
34
© 2020 RSM US LLP. All Rights Reserved.
COSO Prescribes it
35
© 2020 RSM US LLP. All Rights Reserved.
• Mandate all employees receive security awareness training at least annually− Offer targeted training on specific types of threats to a specific population (e.g., training for
those who have the authority to release wires related to phishing attacks)
• Conduct periodic penetration assessments to test both the IT security infrastructure and social engineering prevention
• Implement two-factor authentication technology for all high-risk access points, including VPN and remote access to email
• Engage a third-party professional services provider to evaluate cybersecurity and privacy compared with industry benchmarks and to obtain a listing of gaps for future remediation
Examples Include
36
© 2020 RSM US LLP. All Rights Reserved.
37
© 2020 RSM US LLP. All Rights Reserved.
38
© 2020 RSM US LLP. All Rights Reserved.
This document contains general information, may be based on authorities that are subject to change, and is not a substitute for professional advice or services. This document does not constitute audit, tax, consulting, business, financial, investment, legal or other professional advice, and you should consult a qualified professional advisor before taking any action based on the information herein. RSM US LLP, its affiliates and related entities are not responsible for any loss resulting from or relating to reliance on this document by any person. Internal Revenue Service rules require us to inform you that this communication may be deemed a solicitation to provide tax services. This communication is being sent to individuals who have subscribed to receive it or who we believe would have an interest in the topics discussed.
RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International.
RSM, the RSM logo and the power of being understood are registered trademarks of RSM International Association.
© 2020 RSM US LLP. All Rights Reserved.
39