Welcome to this ACT webinar

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Welcome to this ACT webinar"

Transcription

1 Welcome to this ACT webinar Cybersecurity: threats and responses 02 June Sponsored BST by Sponsored by

2 Introduction James Lockyer Development Director ACT

3 Interactive widgets Please take a minute to familiarise yourself with the widgets on your screen. They can be moved around the screen and maximised/minimised to suit you. Click on the help widget if you experience any technical difficulties during the webinar. Download speaker presentations during the webinar by clicking on the resource widget. Submit your questions to our speakers throughout the webinar by using the Q&A widget. Please take a few minutes at the end of the webinar to provide your feedback. Follow us on twitter and tweet live during the webinar using #ACTwebinar.

4 Agenda Introduction James Lockyer, Development Director, ACT Presentation from RBS Alasdair Macfarlane, Head of Customer Security, RBS Presentation Stephen Baseby, Associate Policy & Technical Director, ACT Panel discussion and Q&A

5 Presentation Alasdair Macfarlane Head of Customer Security RBS

6 Cybercrime could become more lucrative than drugs warns police chief

7 Cybersecurity: Strategic Threats Threat Overview Instigators Motive Cybercrime Phishing and similar attacks yield banking PINs, passwords and Organised Crime Groups Financial gain payment authorisation codes (OCGs) Scams such as invoice diversion fraud trick you in to paying funds to the fraudster s account Subsidise other criminal activity, e.g. narcotics Disruptive Attacks Denial of Services attacks prevent customers and stakeholders from using your websites Hacktivists / protest groups Raise awareness of political or ideological issues OCGs Extortion Destructive Attacks Intruders to your network delete or encrypt data, and demand payment for its return Hackers OCGs Financial gain Insiders Employees deliberately or inadvertently leak sensitive data, e.g. customer contact details and credit card numbers Suppliers and trading partners with access to your networks can pose the same risk Disgruntled former + current employees Poorly trained employees Revenge Financial gain Espionage Attempt to steal intellectual property, trade secrets or other valuable data Attempt to inflict damage on flag-bearing companies as part of wider geopolitical concerns Nation states Rogue competitors Advance national interests Enhance competitiveness rbs.co.uk

8 Cybercrime: The Role of Social Engineering Vishing Contact is made by telephone Caller purports to be from your bank, the police or a fraud agency Purpose is to get you to reveal confidential information Phishing s impersonate well known companies such as banks Purpose is to get you to click on a link or attachment Spear phishing and whaling target more senior employees Malware Malicious software such as Trojans or viruses Downloaded from phishing s, illegal websites and ad banners Sits quietly in the background until you access a bank website It is essential that all employees using online banking understand the communication channels that your bank will / will not use and the circumstances in which they will be asked to disclose PINs, passwords and payment authorisation codes. rbs.co.uk

9 Spoof wire transfer s may be used to initiate payments From: Sent: 30 March :15 To: Subject: Urgent Payment Criminals spoof the address of a senior executive from your own company An urgent request is made to a junior employee to make a payment Dear John, Please send a CHAPS payment immediately for 45,000 to our new supplier ABC Ltd in respect of an approved invoice. Payment should be made to sortcode , account number , quoting reference number 7821F. Requests may be timed so that it will be difficult to verify the instruction, e.g. when the executive is travelling to a conference Please me confirmation when the transfer is complete. Regards Jane Quinn Chief Executive Officer Your Company Consider applying additional controls for any ad-hoc payment requests rbs.co.uk

10 Invoice fraud change of bank details Fraudster undertakes research to identify a key supplier relationship They initiate a bogus instruction (e.g. on headed notepaper) which claims that the supplier has switched to a different bank You will be asked to settle future invoices to a new sortcode and account number You are therefore at risk of paying funds straight to the fraudster when the next invoice is due You should verify all such requests, talking directly to a known contact at the supplier do not use the contact details quoted on the instruction itself rbs.co.uk

11 Reporting Suspected, attempted and actual fraud Action Fraud UK s national fraud and internet crime reporting centre Non-emergency service Branch of the City of London Police Reports are passed to the appropriate local police force rbs.co.uk

12 Disruptive Attacks Denial of Service Your website is deliberately bombarded with massive volumes of traffic, e.g. bogus log-on requests, severely affecting its performance This prevents genuine customers from using the site, causing inconvenience, loss of business and reputational damage Such attacks can last for hours or even days Denial of Service attacks may be launched as part of a political protest ( hacktivism ), or alternatively, may be linked to criminal extortion Specialist mitigation services can be purchased which filter between genuine and bogus traffic Acquiring excess bandwidth / capacity could also form part of your defensive strategy rbs.co.uk

13 Destructive Cyber Attacks Malware is introduced to your networks, e.g. via downloading attachments on phishing s or using stolen employee credentials The malware seeks to encrypt, delete or vandalise critical data and systems, making them inoperable Extortion may be the motive, with criminals demanding a ransom for the return of the data Robust Information Security policies & controls are needed to prevent such attacks, e.g. restrict the number of network administrator accounts Business Continuity & Incident Response Plans should incorporate destructive cyber scenarios rbs.co.uk

14 Insider Threats Deliberate & Accidental Disgruntled former and current employees may pose a significant threat Exploitation of network access can result in destruction of data, theft of intellectual property, leaking of customer data, purchase of unauthorised goods, or tampering with critical systems Data may be transferred via personal accounts, file sharing services or USB devices consider restricting access to such outlets Need to know data access policies can reduce the scope for leakage Accidental data loss (e.g. loss of a mobile device) is a related threat enterprise wide data encryption policies can mitigate If third party service companies have access to your network, undertake regular audits to ensure continued compliance with your own policies and standards rbs.co.uk

15 Espionage Warfare now extends into the cyber domain Certain sectors, e.g. hi-tech engineering, may face an increased threat of intellectual property theft linked to espionage Phishing and social engineering tactics may be deployed to obtain access to confidential networks Insiders may be coerced / bribed into undertaking the theft Corporations may endure collective punishment such as denial of service attacks, in response to geopolitical events Attacks could be launched directly by nation states or by political groups acting as their proxy rbs.co.uk

16 Useful Resource: 10 Steps to Cyber Security Outlines the building blocks of an effective risk management strategy see rbs.co.uk

17 More Information at the RBS Security Centre rbs.co.uk

18 Presentation Stephen Baseby Associate Policy & Technical Director ACT

19 Cybersecurity Threats and Responses Steve Baseby Associate Policy & Technical Director Stephen Baseby Associate Policy & Technical Director The Association of Corporate Treasurers D +44 (0) W E

20 Payments and Data Protection Risk: financial and reputational Reliance on internet banking portals and high volume BACS files created from customer and supplier databases Also PCI DSS where taking card payments Often an activity in the open plan office

21 Payments Internet banking: Three tier: input, authorise once; authorise twice Sufficient to cover leave, ill health, and to ensure no two people monopolise authorisation Cyber Weaknesses: The point of identifying the authoriser Limit computers that can be used Feedback: don t leave access open unless in use

22 Customer/Supplier Data How do you verify creating an account? Do you record customer/supplier calls if so, who has access to them and the bank account data they contain? How do you verify changing data? Common fraud remains changing bank account details of a supplier: how controlled; what evidence is accepted?

23 The Data Transfer Who/what manages BACS payment files as they pass to the bank? Could you switch to file transfer to reduce human intervention? Do payment authorisers have the knowledge and authority to question payments?

24 Card Payments PCI DSS is coming to you look it up and understand it Now concentrating on very high volume corporates your time will come Don t hold the card data embed specialist card acquirers into your web sites Take care at the call centre: don t record the card data

25 Some Basics Passwords & physical security People recruitment procedures, CPD & training, release procedures Software / hardware etc keep up to date, especially updates, malware protection & internet restrictions Procedures generally design with cyber security in mind, keep up to date, ensure followed Data security personal, commercial, financial

26 The Open Plan Office Inspect equipment for any unusual devices Question who has physical access Pass card access to floor? The low paid cleaner from an agency in the evening! Don t leave access devices open Turn off computers when leaving them

27 The panel Chair James Lockyer Development Director, ACT Speakers Alasdair Macfarlane, Head of Customer Security, RBS Stephen Baseby, Associate Policy & Technical Director, ACT

28 The panel Chair James Lockyer Development Director, ACT Speakers Alasdair Macfarlane, Head of Customer Security, RBS Stephen Baseby, Associate Policy & Technical Director, ACT

29 Chair s closing remarks James Lockyer Development Director ACT

30 FORTHCOMING EVENTS ACT video webinar: Don t fear the repo 16 June BST ACT Middle East Annual Dinner June 2015 Dubai ACT Asia Conference September 2015 Hong Kong ACT Annual Dinner November 2015 London ACT Middle East Annual Conference November 2015 Dubai treasurers.org/events

31 Thank you for listening. Please take a few moments to provide your feedback by selecting the icon. Sponsored by

Cyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group

Cyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group Cyber Security Breakout Session Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group December 2014 Disclaimer: The material in this presentation

More information

Cybersecurity Awareness. Part 1

Cybersecurity Awareness. Part 1 Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

The Cancer Running Through IT Cybercrime and Information Security

The Cancer Running Through IT Cybercrime and Information Security WHITE PAPER The Cancer Running Through IT Prepared by: Richard Brown, Senior Service Management Consultant Steve Ingall, Head of Consultancy 60 Lombard Street London EC3V 9EA T: +44 (0)207 464 8883 E:

More information

SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE

SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to

More information

Connect Smart for Business SME TOOLKIT

Connect Smart for Business SME TOOLKIT Protect yourself online Connect Smart for Business SME TOOLKIT WELCOME To the Connect Smart for Business: SME Toolkit The innovation of small and medium sized enterprises (SMEs) is a major factor in New

More information

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014 A Small Business Approach to Big Business Cyber Security Brent Bettis, CISSP 23 September, 2014 1 First, a Video http://www.youtube.com/watch?v=cj8wakqwlna 2 3 Agenda Threat Landscape Strategic Initiatives

More information

Promoting a cyber security culture and demand compliance with minimum security standards;

Promoting a cyber security culture and demand compliance with minimum security standards; Input by Dr. S.C. Cwele Minister of State Security, Republic of South Africa Cyber Security Meeting, Johannesburg 27 March 2014 I would like to thank the Wits School of Governance for inviting us to contribute

More information

Welcome to this ACT webinar

Welcome to this ACT webinar Welcome to this ACT webinar Know your third party compliance 22 October 2015 12.30-13.15 BST Sponsored by Introduction Stephen Baseby Associate Policy & Technical Director ACT Interactive widgets Please

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Detection, analysis, and understanding of threat

More information

FRAUD GUIDANCE. Helping you protect your business

FRAUD GUIDANCE. Helping you protect your business FRAUD GUIDANCE Helping you protect your business This guide gives you the information you need to help protect your business against this growing threat. We show you how and where fraud can take place

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Smart Ideas for. Keeping Data Safe. From Hackers 0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000

More information

FRAUD GUIDANCE. Helping you protect your business

FRAUD GUIDANCE. Helping you protect your business FRAUD GUIDANCE Helping you protect your business This guide gives you the information you need to help protect your business against this growing threat. We show you how and where fraud can take place

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

Cyber Security Strategy

Cyber Security Strategy NEW ZEALAND S Cyber Security Strategy 2015 A secure, resilient and prosperous online New Zealand Ministerial Foreword The internet and technology have become a fundamental element in our lives. We use

More information

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 CHIEF INFORMATION OFFICER October 1, 2015 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF

More information

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO E MARITIME SAFETY COMMITTEE 95th session Agenda item 4 MSC 95/4/1 5 March 2015 Original: ENGLISH MEASURES TO ENHANCE MARITIME SECURITY Industry guidelines on cyber security on board ships Submitted by

More information

Level 3 Cambridge Technical in IT 05839/ 05840/ 05841/ 05842 Unit 3 Cyber security. Date Morning/Afternoon Time Allowed: 1 hour

Level 3 Cambridge Technical in IT 05839/ 05840/ 05841/ 05842 Unit 3 Cyber security. Date Morning/Afternoon Time Allowed: 1 hour SAMPLE ASSESSMENT MATERIAL Level 3 Cambridge Technical in IT 05839/ 05840/ 05841/ 05842 Unit 3 Cyber security Date Morning/Afternoon Time Allowed: 1 hour You must have: The Insert (clean copy case study)

More information

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

Unit 3 Cyber security

Unit 3 Cyber security 2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

Cyber Security for audit committees

Cyber Security for audit committees AUDIT COMMITTEE INSTITUTE Cyber Security for audit committees An introduction kpmg.com/globalaci 2 Audit Committee Institute An introduction to cyber security for audit committees Audit committees have

More information

Vulnerability Assessment & Compliance

Vulnerability Assessment & Compliance www.pwc.com Vulnerability Assessment & Compliance August 3 rd, 2011 Building trust through Information security* Citizen-Centric egovernment state Consultantion workshop Agenda VAPT What and Why Threats

More information

Identifying Cyber Risks and How they Impact Your Business

Identifying Cyber Risks and How they Impact Your Business 10 December, 2014 Identifying Cyber Risks and How they Impact Your Business David Bateman, Partner, K&L Gates, Seattle Sasi-Kanth Mallela, Special Counsel, K&L Gates, London Copyright 2013 by K&L Gates

More information

Fraud Trends. HSBCnet Online Security Controls PUBLIC

Fraud Trends. HSBCnet Online Security Controls PUBLIC Fraud Trends HSBCnet Online Security Controls العربیة 文 En français En Español 繁 體 中 文 简 体 中 Contents Types of Fraud Malware Attacks Business E-mail Compromise Voice Phishing ( Vishing ) Short Message

More information

Institute of Internal Auditors Cyber Security. Birmingham Event 15 th May 2014 Jason Alexander

Institute of Internal Auditors Cyber Security. Birmingham Event 15 th May 2014 Jason Alexander Institute of Internal Auditors Cyber Security Birmingham Event 15 th May 2014 Jason Alexander Introduction Boards growing concern with Cyber Risk Cyber risk is not new, but incidents have increased in

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning

More information

Who s Doing the Hacking?

Who s Doing the Hacking? Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from

More information

Fighting Cyber Crime in the Telecommunications Industry. Sachi Chakrabarty

Fighting Cyber Crime in the Telecommunications Industry. Sachi Chakrabarty Fighting Cyber Crime in the Telecommunications Industry Sachi Chakrabarty Agenda Cyber Crime What s all the fuss about CyberCrime? DoS Attacks Telco Solutions Cybercrime? Cybercrime Definition All criminal

More information

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa SECURING THE DIGITAL DIVIDE: COMBATING CYBERCRIME Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa INTRODUCTION q Given modern

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

Protect yourself online

Protect yourself online Protect yourself online Advice from Nottinghamshire Police s Pre Crime Unit Get daily updates: www.nottinghamshire.police.uk www.twitter.com/nottspolice www.facebook.com/nottspolice www.youtube.com/nottinghampolice

More information

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to

More information

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Whitepaper on AuthShield Two Factor Authentication with ERP Applications Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password

More information

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference Christopher T. Van Marter Senior Deputy Prosecuting Attorney Chief White Collar Crime Unit Department of the Prosecuting Attorney

More information

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1 Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:

More information

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days) Course introduction It is vital to ensure that your business is protected against the threats of fraud and cyber crime and that operational risk processes are in place. This three-day course provides an

More information

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,

More information

Managing Cyber Risk through Insurance

Managing Cyber Risk through Insurance Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes

More information

ACE European Risk Briefing 2012

ACE European Risk Briefing 2012 #5 ACE European Risk Briefing 2012 IT and cyber risk respondent profiles The research was carried out between 13 April and 3 May 2012. The sample comprised 606 European risk managers, CROs, CFOs, COOs

More information

WHAT ARE THE BIGGEST THREATS TO BUSINESS DATA SECURITY?

WHAT ARE THE BIGGEST THREATS TO BUSINESS DATA SECURITY? WHAT ARE THE BIGGEST THREATS TO BUSINESS DATA SECURITY? Contents Introduction... 3 Primary Sources of Security Threats... 3 Instant Messaging... 3 Email... 4 Optical and Flash Media... 4 Social Media...

More information

Information Security Summit 2005

Information Security Summit 2005 Information Security Summit 2005 Forensically Sound Information Security Management in a Risk Compliance Era Keynote Opening Address by Mr. Howard C Dickson Government Chief Information Officer Government

More information

Emerging risks for internet users

Emerging risks for internet users Sabeena Oberoi Assistant Secretary, Cyber Security and Asia Pacific Branch Department of Broadband, Communications and the Digital Economy Government s role - DBCDE The new Australian Government Cyber

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

Protecting your business from some of the current fraud threats

Protecting your business from some of the current fraud threats Protecting your business from some of the current fraud threats This literature provides guidance on fraud prevention and is provided for information purposes only. Where noted the guidance provided has

More information

NHS Information Governance:

NHS Information Governance: NHS Information Governance: Information Risk Management Guidance: Blogging and social networking Department of Health Informatics Directorate December 2009 1 Amendment History Version Date Amendment History

More information

IRIS Report Commercial Espionage: The Threat from Chinese Cyber Attacks Executive Summary

IRIS Report Commercial Espionage: The Threat from Chinese Cyber Attacks Executive Summary IRIS Report Commercial Espionage: The Threat from Chinese Cyber Attacks Executive Summary Copyright Invictis Information Security Ltd. All rights reserved. Invictis Risk Intelligence Service Report Commercial

More information

Deception scams drive increase in financial fraud

Deception scams drive increase in financial fraud ADDRESS 2 Thomas More Square London E1W 1YN WEBSITE www.financialfraudaction.org.uk DIRECT LINE 020 3217 8436 NEWS RELEASE EMAIL press@ukcards-ffauk.org.uk Deception scams drive increase in financial fraud

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS

IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS Contents Introduction... 2 Key figures... 3 Methodology... 4 Concerns and priorities of IT managers: data comes first...

More information

Helping you to protect yourself against fraud and financial crime

Helping you to protect yourself against fraud and financial crime Helping you to protect yourself against fraud and financial crime first direct takes fraud & other financial crimes very seriously. Even though we have market-leading fraud detection systems, we want you

More information

Policing Together. A quick guide for businesses to Information Security and Cyber Crime

Policing Together. A quick guide for businesses to Information Security and Cyber Crime Policing Together A quick guide for businesses to Information Security and Cyber Crime This leaflet has been produced by the Surrey and Sussex Cyber Crime Unit Who is this leaflet for? This leaflet will

More information

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks July 2014 Cyber Threat Intelligence and Incident Coordination Center: Protecting

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting

More information

The cyber threat against Denmark

The cyber threat against Denmark The cyber threat against Denmark This assessment describes the cyber threats facing Danish public authorities and private companies. The assessment has been prepared by the Threat Assessment Branch under

More information

Promoting Network Security (A Service Provider Perspective)

Promoting Network Security (A Service Provider Perspective) Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security

More information

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU Cybersecurity Global status update Dr. Hamadoun I. Touré Secretary-General, ITU Cybercrime takes a toll on the global economy - Online fraud, identity theft, and lost intellectual property; - On governments,

More information

Cyber Security & Digital Privacy What Family Offices Need to Know

Cyber Security & Digital Privacy What Family Offices Need to Know Cyber Security & Digital Privacy What Family Offices Need to Know Who s at risk? Executive Summary Protecting servers and filtering malicious emails rarely stay on the agenda for long in a small business

More information

Information Security Field Guide to Identifying Phishing and Scams

Information Security Field Guide to Identifying Phishing and Scams Information Security Field Guide to Identifying Phishing and Scams 010001010100101010001010011010101010101010101 01000101010011010010100101001010 1 Contents Introduction Phishing Spear Phishing Scams Reporting

More information

Are your people playing an effective role in your cyber resilience?

Are your people playing an effective role in your cyber resilience? Are your people playing an effective role in your cyber resilience? 01 Cyber attacks are now business as usual for organizations around the world. Organizations have typically trusted in technology to

More information

Legislative Council Panel on Information Technology and Broadcasting. Information Security

Legislative Council Panel on Information Technology and Broadcasting. Information Security For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest

More information

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat. Defeating cybercriminals Protecting online banking clients in a rapidly evolving online environment The threat As the pace of technological change accelerates, so does the resourcefulness and ingenuity

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber

More information

Achieving Information Security

Achieving Information Security Achieving Information Security Beyond penetration testing and frameworks ISACA Athens Conference 25 November, 2014. All good information security presentations start with a Bruce Schneier quote - Not Bruce

More information

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office Identity Theft CHRISTOS TOPAKAS Head of Group IT Security and Control Office Agenda Identity Theft Threats and Techniques Identity Theft Definition and Facts Identity Theft & Financial Institutions Prevention

More information

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

SENIORS ONLINE SECURITY

SENIORS ONLINE SECURITY SENIORS ONLINE SECURITY Seniors Online Security Five Distinct Areas Computer security Identity crime Social networking Fraudulent emails Internet banking 1 Computer security 2 There are several ways that

More information

NEW ZEALAND S CYBER SECURITY STRATEGY

NEW ZEALAND S CYBER SECURITY STRATEGY Appendix 1 NEW ZEALAND S CYBER SECURITY STRATEGY June 2011 New Zealand Government 7 June 2011 ISBN: 978-0-478-38200-6 www.med.govt.nz/cyberstrategy MED11 Foreword from the Minister The Internet and digital

More information

Presentation Objectives

Presentation Objectives Gerry Cochran, IT Specialist Jennifer Van Tassel, Associate Examiner Office of the State Comptroller Thomas P. DiNapoli State & Local Government Accountability Andrew A. SanFilippo Executive Deputy Comptroller

More information

7 th Annual Information Security Summit The Executive Forum. Information Security Management Overview

7 th Annual Information Security Summit The Executive Forum. Information Security Management Overview 7 th Annual Information Security Summit The Executive Forum Information Security Management Overview June 4, 2015 Copyright 2015. Citadel Information Group. All Rights Reserved. 2 Establishing Leadership.

More information

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY Mark Villinski @markvillinski Why do we have to educate employees about cybersecurity? 2014 Corporate Threats Survey 94% of business s suffered one

More information

Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry

Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry Templar Executives NIAS 2007 DHR 2008 IAMM 2008 1 st CSS 2009 2 nd CSS 2011 Advising Government & Industry

More information

Cyber Security. A professional qualification awarded in association with University of Manchester Business School

Cyber Security. A professional qualification awarded in association with University of Manchester Business School ICA Advanced Certificate in Cyber Security A professional qualification awarded in association with University of Manchester Business School An Introduction to the ICA Advanced Certificate In Cyber Security

More information

Cyber Crime ACC Crime

Cyber Crime ACC Crime AGENDA ITEM 10 STRATEGIC POLICING AND CRIME BOARD 3 rd December 2013 Cyber Crime ACC Crime PURPOSE OF REPORT 1. The purpose of this report is to provide members of the Strategic Police and Crime Board

More information

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private

More information

New challenges in Data privacy.

New challenges in Data privacy. New challenges in Data privacy. Zdravko Stoychev, CISM CRISC Information Security Officer Alpha Bank Bulgaria branch South East European Regional Forum on Cybersecurity and Cybercrime, 2013 11-13 Nov 2013

More information

CYBERCRIME AND THE HEALTHCARE INDUSTRY

CYBERCRIME AND THE HEALTHCARE INDUSTRY CYBERCRIME AND THE HEALTHCARE INDUSTRY Access to data and information is fast becoming a target of scrutiny and risk. Healthcare professionals are in a tight spot. As administrative technologies like electronic

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

Your Personal Information: Protecting it from Exploitation

Your Personal Information: Protecting it from Exploitation Your Personal Information: Protecting it from Exploitation Data breaches involving personal information result in a broad range of risks to individuals and organizations. This includes identity theft,

More information

Retail/Consumer Client. Internet Banking Awareness and Education Program

Retail/Consumer Client. Internet Banking Awareness and Education Program Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

Cybersecurity: Is Your Company Prepared?

Cybersecurity: Is Your Company Prepared? Treasury and Trade Solutions April 29, 2015 Cybersecurity: Is Your Company Prepared? Sabine Mcintosh Managing Director Global Head of TTS Digital Security and Account Services sabine.mcintosh@citi.com

More information

Protecting your business against External Fraud

Protecting your business against External Fraud Monthly ebrief August 2012 Protecting your business against External Fraud Welcome to another edition of our monthly ebriefs, brought to you by Aquila Advisory, the boutique forensic accounting company.

More information

Ed McMurray, CISA, CISSP, CTGA CoNetrix

Ed McMurray, CISA, CISSP, CTGA CoNetrix Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats

More information

SPEAR PHISHING UNDERSTANDING THE THREAT

SPEAR PHISHING UNDERSTANDING THE THREAT SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business

More information

Instant Messaging and Security

Instant Messaging and Security Strategic Guide Instant Messaging and Security Businesses recognise that instant messaging can help to improve employee productivity, but are often reluctant to sanction its use due to concerns about security.

More information

GlobalSign Malware Monitoring

GlobalSign Malware Monitoring GLOBALSIGN WHITE PAPER GlobalSign Malware Monitoring Protecting your website from distributing hidden malware GLOBALSIGN WHITE PAPER www.globalsign.com CONTENTS Introduction... 2 Malware Monitoring...

More information

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

Perspectives on Cybersecurity in Healthcare June 2015

Perspectives on Cybersecurity in Healthcare June 2015 SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright

More information