Your information: how do they steal it and where does it go?€¦ · - News.com “ The average...
Transcript of Your information: how do they steal it and where does it go?€¦ · - News.com “ The average...
Cyber SecurityA People Problem
Stan GalloPartner KPMG Forensic
2
Document Classification: KPMG Confidential
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.
Finance Sector
41%Health Sector
55%
“myGov scam tricking victims into handing over bank details through cloned website…”- ABC
“Global fear over Australian cyber attack as dozens of US entities targeted by Iran and China…”- News.com
“The average cost of cybercrime to a business in Australia is around $276,000…”- Business Victoria
“Nearly half of Australian companies hit by cyber crime…”- ABC
“WhatsApp users targeted by spyware via in-app phone call prompting upgrade calls”Updated yesterday at 3:54pm- ABC
Its About Awareness
35% Human Error
60% malicious or
criminal
28% Credentials by unknown
means
Office of the Australian Information Commissioner – National Data Breaches Scheme – 12 months insights report – 964 Breaches reported
3
Document Classification: KPMG Confidential
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.
(Super)Highway Robbery
4
Document Classification: KPMG Confidential
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.
Felix Krause Blog (10 October 2017) - https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking/
My Apple is Safe?
5
Document Classification: KPMG Confidential
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.
Current Scams (redacted)
6
Document Classification: KPMG Confidential
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.
The man in the middle
Normal Company A - Chinese CompanyEmail Communications
Hijacked Compay A – Chinese CompanyEmail Communications
Company A Employee Chinese
Company Employee
The Bad Guy
7
Document Classification: KPMG Confidential
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.
This lasted for 2 Months
8
Document Classification: KPMG Confidential
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.
A Commercial Approach
9
Document Classification: KPMG Confidential
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.
Lets go Shopping
10
Document Classification: KPMG Confidential
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.
Australia is not immune
11
Document Classification: KPMG Confidential
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.
• Cyber security often focusses on the technical – malware, indicators of compromise, anomalous flows
• Cyber Security is a people problem too• Cyber intelligence isn’t really intelligence about
cyberspace… it should be about what people do
• Controls evolve but breaches continue – what are we doing wrong?
• Behaviour Based Safety• Bringing the disciplines together – very
different views• Tone from the top is critical
• It matters… because criminals are getting more creative…
Intent centric security – learning the lessons of the past
"Cyber-security is about people, processes and technology, and organisation’s need to bolster the weakest link - which invariably is the human element.”
- Kevin Mitnick
12
Document Classification: KPMG Confidential
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.
Here’s some ideas
13
Document Classification: KPMG Confidential
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.
Stan GalloPartner, KPMG ForensicPh: 0414 507 [email protected]
www.linkedin.com/in/stangallo
sgallo01
Thank You
The information contained in this document is of a general nature and is not intended to address the objectives, financial situation or needs of any particular individual or entity. It is provided for information purposes only and does not constitute, nor should it be regarded in any manner whatsoever, as advice and is not intended to influence a person in making a decision, including, if applicable, in relation to any financial product or an interest in a financial product. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
To the extent permissible by law, KPMG and its associated entities shall not be liable for any errors, omissions, defects or misrepresentations in the information or for any loss or damage suffered by persons who use or rely on such information (including for reasons of negligence, negligent misstatement or otherwise).
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Liability limited by a scheme approved under Professional Standards Legislation.