Your information: how do they steal it and where does it go?€¦ · - News.com “ The average...

13
Cyber Security A People Problem Stan Gallo Partner KPMG Forensic

Transcript of Your information: how do they steal it and where does it go?€¦ · - News.com “ The average...

Page 1: Your information: how do they steal it and where does it go?€¦ · - News.com “ The average cost of cybercrime to a business in Australia is around $276,000…” - Business Victoria

Cyber SecurityA People Problem

Stan GalloPartner KPMG Forensic

Page 2: Your information: how do they steal it and where does it go?€¦ · - News.com “ The average cost of cybercrime to a business in Australia is around $276,000…” - Business Victoria

2

Document Classification: KPMG Confidential

© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.

Finance Sector

41%Health Sector

55%

“myGov scam tricking victims into handing over bank details through cloned website…”- ABC

“Global fear over Australian cyber attack as dozens of US entities targeted by Iran and China…”- News.com

“The average cost of cybercrime to a business in Australia is around $276,000…”- Business Victoria

“Nearly half of Australian companies hit by cyber crime…”- ABC

“WhatsApp users targeted by spyware via in-app phone call prompting upgrade calls”Updated yesterday at 3:54pm- ABC

Its About Awareness

35% Human Error

60% malicious or

criminal

28% Credentials by unknown

means

Office of the Australian Information Commissioner – National Data Breaches Scheme – 12 months insights report – 964 Breaches reported

Page 3: Your information: how do they steal it and where does it go?€¦ · - News.com “ The average cost of cybercrime to a business in Australia is around $276,000…” - Business Victoria

3

Document Classification: KPMG Confidential

© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.

(Super)Highway Robbery

Page 4: Your information: how do they steal it and where does it go?€¦ · - News.com “ The average cost of cybercrime to a business in Australia is around $276,000…” - Business Victoria

4

Document Classification: KPMG Confidential

© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.

Felix Krause Blog (10 October 2017) - https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking/

My Apple is Safe?

Page 5: Your information: how do they steal it and where does it go?€¦ · - News.com “ The average cost of cybercrime to a business in Australia is around $276,000…” - Business Victoria

5

Document Classification: KPMG Confidential

© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.

Current Scams (redacted)

Page 6: Your information: how do they steal it and where does it go?€¦ · - News.com “ The average cost of cybercrime to a business in Australia is around $276,000…” - Business Victoria

6

Document Classification: KPMG Confidential

© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.

The man in the middle

Normal Company A - Chinese CompanyEmail Communications

Hijacked Compay A – Chinese CompanyEmail Communications

Company A Employee Chinese

Company Employee

The Bad Guy

Page 7: Your information: how do they steal it and where does it go?€¦ · - News.com “ The average cost of cybercrime to a business in Australia is around $276,000…” - Business Victoria

7

Document Classification: KPMG Confidential

© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.

This lasted for 2 Months

Page 8: Your information: how do they steal it and where does it go?€¦ · - News.com “ The average cost of cybercrime to a business in Australia is around $276,000…” - Business Victoria

8

Document Classification: KPMG Confidential

© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.

A Commercial Approach

Page 9: Your information: how do they steal it and where does it go?€¦ · - News.com “ The average cost of cybercrime to a business in Australia is around $276,000…” - Business Victoria

9

Document Classification: KPMG Confidential

© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.

Lets go Shopping

Page 10: Your information: how do they steal it and where does it go?€¦ · - News.com “ The average cost of cybercrime to a business in Australia is around $276,000…” - Business Victoria

10

Document Classification: KPMG Confidential

© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.

Australia is not immune

Page 11: Your information: how do they steal it and where does it go?€¦ · - News.com “ The average cost of cybercrime to a business in Australia is around $276,000…” - Business Victoria

11

Document Classification: KPMG Confidential

© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.

• Cyber security often focusses on the technical – malware, indicators of compromise, anomalous flows

• Cyber Security is a people problem too• Cyber intelligence isn’t really intelligence about

cyberspace… it should be about what people do

• Controls evolve but breaches continue – what are we doing wrong?

• Behaviour Based Safety• Bringing the disciplines together – very

different views• Tone from the top is critical

• It matters… because criminals are getting more creative…

Intent centric security – learning the lessons of the past

"Cyber-security is about people, processes and technology, and organisation’s need to bolster the weakest link - which invariably is the human element.”

- Kevin Mitnick

Page 12: Your information: how do they steal it and where does it go?€¦ · - News.com “ The average cost of cybercrime to a business in Australia is around $276,000…” - Business Victoria

12

Document Classification: KPMG Confidential

© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.

Here’s some ideas

Page 13: Your information: how do they steal it and where does it go?€¦ · - News.com “ The average cost of cybercrime to a business in Australia is around $276,000…” - Business Victoria

13

Document Classification: KPMG Confidential

© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.

Stan GalloPartner, KPMG ForensicPh: 0414 507 [email protected]

www.linkedin.com/in/stangallo

sgallo01

Thank You

The information contained in this document is of a general nature and is not intended to address the objectives, financial situation or needs of any particular individual or entity. It is provided for information purposes only and does not constitute, nor should it be regarded in any manner whatsoever, as advice and is not intended to influence a person in making a decision, including, if applicable, in relation to any financial product or an interest in a financial product. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

To the extent permissible by law, KPMG and its associated entities shall not be liable for any errors, omissions, defects or misrepresentations in the information or for any loss or damage suffered by persons who use or rely on such information (including for reasons of negligence, negligent misstatement or otherwise).

© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.


HALO KIOSK - airportindustry-news.com

HALO KIOSK - airportindustry-news.com

Steal Their Style Swim

Steal Their Style Swim

Steal the Oil

Steal the Oil

STEAL THIS PRESENTATION

STEAL THIS PRESENTATION

steal strength

steal strength

New Zealand's Top 10 Road Trips _ News.com

New Zealand's Top 10 Road Trips _ News.com

Steal Your Competitors Traffic

Steal Your Competitors Traffic

Steal Away

Steal Away

Steal this presentation!

Steal this presentation!

grafenwoehr-news.com // Issue #9 // November / December 2012 // English

grafenwoehr-news.com // Issue #9 // November / December 2012 // English

Steal My Top-Performing Autoresponder Email Scriptsthecopycloset.com/wp-content/uploads/2016/04/Steal-My-Scripts.pdf · Steal My Top-Performing Autoresponder Email Scripts ... and

Steal My Top-Performing Autoresponder Email Scriptsthecopycloset.com/wp-content/uploads/2016/04/Steal-My-Scripts.pdf · Steal My Top-Performing Autoresponder Email Scripts ... and

Limbo FROM $276,000* - Mojo Homes · 2019-06-25 · Limbo Contact Mojo Homes: 1300 00 6656 mojohomes.com.au FROM $276,000* 4 2 2 Home Only Package Suits Lot Size 12.5m x 28m TempoByMojo

Limbo FROM $276,000* - Mojo Homes · 2019-06-25 · Limbo Contact Mojo Homes: 1300 00 6656 mojohomes.com.au FROM $276,000* 4 2 2 Home Only Package Suits Lot Size 12.5m x 28m TempoByMojo

Steal lady mailru

Steal lady mailru

Tippett - Steal Away

Tippett - Steal Away

Jungo SMS Setup Guide - mpc-news.com

Jungo SMS Setup Guide - mpc-news.com

Wendy Max · steal steal me you me you steal steal steal steal the the time , num num ber ber ven_ ven_ me, me, ven_ ven_ ven_ ven_ (fine) (fine) that that D.C. Now Now al fine ver

Wendy Max · steal steal me you me you steal steal steal steal the the time , num num ber ber ven_ ven_ me, me, ven_ ven_ ven_ ven_ (fine) (fine) that that D.C. Now Now al fine ver

© create, don’t steal | PhotoshopCAFE.com · © create, don’t steal | PhotoshopCAFE.com

© create, don’t steal | PhotoshopCAFE.com · © create, don’t steal | PhotoshopCAFE.com

STEAL THAT PROPERTY

STEAL THAT PROPERTY

Steal car?

Steal car?

Subclavian steal syndrome

Subclavian steal syndrome