Inside the Threat Matrix

Risk Management for Cyber Security Events

Private and Confidential

Your Presenter Today

2

Bill Hardin has worked on hundreds of forensic engagements in the

areas of data breach and cyber incident response, theft of trade

secrets, white collar crime, FCPA investigations, and enterprise risk

management. Many of his cases have been mentioned in The Wall

Street Journal, Financial Times, Forbes, and Krebs on Security,

amongst other publications. With a background in finance, operations,

and software development, he brings valuable insights to clients from

multiple dimensions. In addition to his forensic engagement

assignments, Bill has served in numerous interim management roles

for organizations experiencing disruption. He has assisted companies

with various management consulting assignments pertaining to

strategy, operations, and software implementations.

Mr. Hardin is a CPA/CFF, Certified Fraud Examiner (CFE), and a

certified Project Management Professional (PMP). Mr. Hardin has

spoken at numerous events on cybercrime, risk management, and

strategy/operations consulting. He serves on the board for Legal Prep

Charter Schools and is an adjunct professor at DePaul University in

Chicago.

You can reach him at bhardin@crai.com

mailto:bhardin@crai.com

Private and Confidential

DISCLAIMER

3

The material presented in this presentation is not intended to provide legal or other expert

advice as to any of the subjects mentioned, but rather is presented for general information

only. You should consult knowledgeable legal counsel, forensic experts, or other

knowledgeable experts as to any legal or technical information.

Private and Confidential4

Private and Confidential

Agenda for Today

5

• In the News

• Threats

• Valuation

• Behavioral Aspects

• Game Simulation

• Questions and Answers

Private and Confidential6

Private and Confidential

In the News

7

IF WHEN

WHIF

Private and Confidential8

DISRUPTIONWe Are Here, There, and Everywhere

Private and Confidential

Threats

9

Employee

Mistakes

Criminal

HackersHacktivists

Cloud or

3rd Party

Compromise

Malicious

Insider

Private and Confidential

Black Market Economics

10

Value of your data

Name

Date of Birth

Challenge Questions

Social Security Number

Employee ID

Driver’s License

User Name

Password

Medical Record Number

Email Address

Email

Address

Social

Security

Number

User

Name

Password

Private and Confidential

Game Theory in Practice

11

Behavioral Economics - To cooperate or not to cooperate?

Private and Confidential

Ransomware – Jigsaw Variant

12

Private and Confidential

Business Email Compromise – Example 1

13

Dear John,

Please wire the proceeds of the sale to the following

account in the amount of $50,000. This is related to

the Sun transaction.

Confirm receipt of this email.

Emanuel Goldstein

Private and Confidential

Business Email Compromise – Example 2

14

Dear John,

Please send me the W-2 information for

all company employees. Please

provide in an excel spreadsheet or

send me the PDFs.

Confirm receipt of this email.

Emanuel Goldstein

CEO

Private and Confidential15

Phishing Emails

STAGE ONE

300 Individuals

STAGE TWO

15 Individuals Clicked Document and Backdoor

created

30 Individuals Clicked Document and Not Impacted

255 Individuals did not do anything

Threat Actor has full control over asset (including file

share access, email, local file access, installed programs)

Private and Confidential16

Ransom – Example 1

PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have chosen your website/network as target for our next DDoS attack. All of your servers will be subject to a DDoS attack starting in two days.

How do I stop this? We are willing to refrain from attacking your servers for a small fee. The current fee is 5 Bitcoins (BTC). The fee will increase by 5 Bitcoins for each day that has passed without payment.

What if I don't pay? This is not a hoax, do not reply to this email, don't try to reason or negotiate, we will not read any replies. Once you have paid we won't start the attack and you will never hear from us again! Please note that Bitcoin is anonymous and no one will find out that you have complied.

Private and Confidential17

An email is sent to the , CFO with the following:

Dear CFO,

We managed to gain access to some things we probably shouldn't have had access

to. After looking through these files and information we found something that stood out to

us. Pricing information, employee data, customer lists, etc..

Like you, we are a for-profit group. Due to security reasons we are only able to receive our

payment in bitcoin. If you are interested in keeping this information private, please send 35

bitcoins to the bitcoin address listed at the very bottom of this email.

We advise you to keep this confidential.

Bitcoin Address:

1P4STNLNAOGNrLRFCyER2vfQVjKRMG7ihGDoy8

Two days. noon pacific time.

Ransom – Example 2

Private and Confidential

Ransom Letter - The Next Day

18

CFO receives another email:

Paying our fee is less expensive that going out of business. Here is proof of my request.

(Two documents are attached – one is an excel report, while the other is a word document).

You have one more day to pay my fee or information will be released.

Private and Confidential

Statistics Telling the Story

19

Cyber Industry Trends

Paper 5%

Human Error 15%Privacy Policy 8%

Hack 29%

Rogue Employee14%

Software Error3%

Other 8%

Laptops13%

Hard Drives3%

Other 2%

Lost/Stolen Devices

18%

Industry Breakout:

• Healthcare – 30%

• Technology – 11%

• Professional

Services – 14%

• Retail – 9%

• Financial

Institutions – 7%

Private and Confidential

Cyber Industry Trends (10 years)

Triggers by Industry Segment (as of 10/2015)

20

0%

5%

10%

15%

20%

25%

Hack RogueEmployee

Lost/StolenDevices

HumanError

PrivacyPolicy

7%

25%

18%21%

10%

Healthcare

0%

5%

10%

15%

20%

25%

30%

35%

40%

Hack RogueEmployee

Lost/StolenDevices

HumanError

PrivacyPolicy

36%

8%

21%

10%12%

Technology

0%

10%

20%

30%

40%

50%

Hack RogueEmployee

Lost/StolenDevices

HumanError

PrivacyPolicy

50%

11% 11%

3%

14%

Retail

0%

5%

10%

15%

20%

25%

30%

Hack RogueEmployee

Lost/StolenDevices

HumanError

PrivacyPolicy

23%

10%

26%

20%

5%

Professional Services

Private and Confidential

Exposure for a Company

21

Exposure

Liability

Suits from your

customers

Consumer Class Action Suits

Regulatory

Settlements with the FTC,

State AGs, HHS, FINRA,

SEC, etc.

Privacy Regulatory Proceeding inc. Fines

and Consumer Redress Funds

Defense costs

Privacy Event Expenses

Notification Costs

Forensics Legal

and PR

Credit Monitoring

2016 and 2017 Predications

Question and Answer Period