THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
|
|
- Raymond Cook
- 8 years ago
- Views:
Transcription
1 THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com
2 Overview The big picture: what does cybercrime look like today and how is it evolving? What are the principal cybercrime risks facing banks? Banking malware Other types of cybercrime directed at banks What can banks do to mitigate their cybercrime risks? What should banks do when an incident occurs? 2
3 The Big Picture Big-Picture Trends in the World of Hacking: Hacking is increasingly a business Development of hacker technology is well-funded and rapid Increasing focus on mobile platforms Robust underground market for hacker tools, services, and loot, and for handling financial transactions Less technical skill is required to pull off complex attacks Automation of hacking techniques has made it profitable to go after smaller targets who often have weaker security 3
4 The Big Picture A Few Sample Ads From the Underground: Source: Trend Micro, Russian Underground 101 : 4
5 The Big Picture 5
6 The Big Picture What are the principal sources of cybercrime threats? External threats Financially motivated hacker groups Hacktivists Economic espionage, often state-sponsored Cyberwarfare Internal threats Disgruntled or corrupt employees Departing employees Negligence 6
7 The Big Picture A Few Statistics From The 2013 Verizon Data Breach Report: 7
8 The Big Picture 2013 Verizon Data Breach Report: 75% of intrusions driven by financial motive 78% of initial intrusions rated as low difficulty 66% of intrusions took months or more to discover 2013 Ponemon Institute Cost of Data Breach Report for United States: $188 average cost per customer record breached $5.4 million average cost per breach Main causes of breach: Malicious attack 41% Employee negligence 33% System glitches 26% 8
9 Cybercrime Risks to Banks: An Overview Cybercrime specifically targeting banks: Malware compromising online banking platforms Debit card/atm fraud PCI data theft Compromises of loan verification systems Distributed Denial of Service attacks Cybercrime risks facing all businesses, including banks: Insider theft of money, data, and IP Data breach Compromise of business computers Also: Cybercrime as a credit risk 9
10 Banking Regulators and Cybercrime Comptroller of the Currency Thomas Curry, Sept 18, 2013: As important as it is to look back and deal with issues arising from the financial crisis, it is equally urgent that we look ahead and stay on top of emerging threats some of which have the potential to be as destructive of the financial system as the excesses of the mortgage and securitization markets. The particular issue I have in mind, and the one I want to spend the rest of my time on today, involves the operational risk posed by cyberattacks. FFIEC Supplemental Guidance on Authentication in an Internet Banking Environment (2011) SEC Guidance on disclosure obligations relating to cybersecurity risks and cyber incidents (2011) FFIEC Proposed Guidance on social media risk management (2013) 10
11 Banking Malware Typically installed through phishing attacks and visits to compromised web sites Connected to hackers through command and control servers, often hidden in compromised computers Pervasive 2012 Fire Eye study: on average, organizations experience a malware event once every three minutes Hundreds of banking malware variants, with many infecting millions of computers Common families of banking malware include Citadel, ZeuS, Spy Eye, Carberp, Gozi, Shylock, Gameover Increasingly targeting smaller businesses and smaller banks 11
12 Banking Malware What are common capabilities in banking malware? Fully control traffic to and from browser Collect login information and transmit to command and control server Take over or initiate on-line banking sessions without user s knowledge Identify highest value account and transfer fixed percentage or amount Alter designated recipient of authorized transfer Replace links and portions of pages served by browser with substitute content, including modifying account balances and transaction history displayed to user Automatically look up transferee account information in database of active mules Customized malware packages for different banks Evade detection by hiding location and activity on computer Search for and disable competing malware Block infected computers from visiting security sites Compromise multi-factor authentication 12
13 Banking Malware How do hackers compromise multi-factor authentication? Mobile phone malware intercepts texts sent to phones Software bypass of smartcard reader + PIN system Denial of Service attacks used as distractions Customer phones forwarded to hackers to thwart phone authentication 13
14 Banking Malware E One example: Eurograbber (2012) $37 million loss 30,000 customers 30+ European banks 14
15 Banking Malware E Distributed Denial of Service attacks as cover for malware schemes Prevent customers from accessing accounts Distract bank security resources OCC Guidance (12/2012) NCUA Guidance (02/2013) 15
16 Banking Malware E Who s left holding the bag after a banking malware attack? Losses in the hundreds of thousands, and even millions, are increasingly common from single attacks UCC (Art. 4A) protects banks from liability to business customers for fraudulently initiated transactions if: Bank and customer agree on a security procedure for verifying authenticity of transactions Bank s security procedure is commercially reasonable and Bank follows the security procedure What s commercially reasonable? Litigation increasing; courts just beginning to sort it out 16
17 Banking Malware E Patco v. People s United, 684 F.3d 197 (1 st Cir. 2012) Six unauthorized ACH withdrawals totaling $588,000 over week in 2009 Court: Bank s security system not commercially reasonable Relied on challenge questions (no multi-factor authentication) Questions asked for virtually all transactions Approach not tailored to customer needs Bank failed to monitor high-risk transactions Bank failed to notify customers when high-dollar, high-risk transaction pending Malware was a foreseeable risk 17
18 Banking Malware E Early lessons from banking malware litigation: Focus of legal analysis is almost entirely on the bank s conduct, not the customer s security precautions Customers lose when they turn down security measures offered by banks Banks can t rely on single approach to blocking fraudulent transactions Technology that was reasonable yesterday may not be reasonable tomorrow Some form of transaction monitoring and anomaly detection probably is inevitable 18
19 Other Cybercrime Directed at Banks E Hacking of payment card systems Gain access to pre-paid debit or credit card account information Alter withdrawal limits Coordinate withdrawal operations Often paired with DDoS and phone flooding attacks on banks Two recent public examples: 19
20 Other Cybercrime Directed at Banks E 20
21 Other Cybercrime Directed at Banks E 21
22 Other Cybercrime Directed at Banks E Hacking of bank computers used to initiate or authorize payments. Two recent public examples: 22
23 Other Banking Cybercrime Vulnerabilities E Knowledge-based authentication systems KBA systems used to score validity of credit applications Compromises of data brokers provide information needed to answer validation questions Large quantities of stolen personal data have been sold underground 23
24 Other Banking Cybercrime Vulnerabilities E Remote deposit capture applications: Deposit money order (remotely) Negotiate money order (in person) Withdraw funds from account 24
25 Other Banking Cybercrime Vulnerabilities E In addition, banks have all the same vulnerabilities as other businesses. Theft of proprietary information By employees By outsiders Data breaches not just PCI Customer data used for marketing purposes Employee data Computer compromises 25
26 Other Banking Cybercrime Vulnerabilities A note about extortion schemes: We have your data (or your network) give us your money.
27 Other Banking Cybercrime Vulnerabilities E Credit risk for borrowers Costs of cybercrime event can be disastrous, particularly for small and mid-sized businesses Is cyber risk assessment part of loan underwriting process? Are banks looking to see whether borrowers have appropriate cyber insurance policies? Merger & Acquisition due diligence increasingly encompasses cyber risk 27
28 Mitigating the Risk of Cybercrime The big-picture goals of reducing cyber risk: Make your computers and data harder to compromise Reduce the damage from a compromise by: Limiting the scope of a compromise by segregating sensitive data Reducing the time to detection To accomplish these goals, it is critical to: Identify someone in your organization with responsibility, authority, and resources to implement an effective security policy Regularly assess your security risks and the measures taken to meet them 28
29 Mitigating the Risk of Cybercrime Reducing the risk from banking malware Know your customer spot anomalous transactions Don t rely on off-the-shelf solutions without understanding, monitoring, and adjusting them Educate customers about their risks and your security offerings Educate employees about red flags indicating possible account compromise Monitor developments in malware and account takeover technology and tactics ACH Positive Pay 29
30 Mitigating the Risk of Cybercrime What can bank customers do to reduce risks from banking malware? Use a dedicated computer for banking, with limited access to non-banking sites and Avoid using a Windows computer Bookmark the bank s web site Use security tools offered by the bank, including multi-factor authentication ACH Positive Pay Require multiple authorizations for large wire transfers Be alert for signs of compromised authentication channels 30
31 Mitigating the Risk of Cybercrime E Simple steps banks can take to reduce the risk of a compromise of your data and systems: Encrypt data in motion and at rest Install software security patches regularly and promptly Train employees to avoid security threats Use robust passwords and change them; no default passwords Use multi-factor authentication for remote access by employees from outside the office, and for sensitive on-line accounts such as financial accounts and cloud storage of patient data Terminate dormant user accounts Use up-to-date virus scanning software Periodically audit compliance with data security rules 31
32 Mitigating the Risk of Cybercrime E Steps for reducing insider cybercrime and data breach risk: Create written employee conduct policies, including social media use policies Consider blocking the use of external storage devices and restricting internet sites that can be used to exfiltrate sensitive information Create tiered access to sensitive information not everyone needs access to everything Background checks for employees with access to sensitive information Employee exit procedures acknowledgement of post-employment obligations; termination of account access Dual controls for access to certain sensitive information and systems 32
33 Mitigating the Risk of Cybercrime E Reducing the risk of employee negligence: Good management of risks concerning malicious conduct will reduce risks associated with negligence Encryption Don t store data unnecessarily Data security policies and audits Employee training Audit compliance with data security rules 33
34 Mitigating the Risk of Cybercrime E Simple steps you can take to reduce the damage if (or when) a compromise occurs: Don t store data you don t need Know where your data is Create internal walls within your network to protect sensitive data Train employees to spot and report anomalies Monitor logs in your system to detect anomalies 34
35 Responding to a Cybercrime Incident E Responding to an incident legal and practical considerations: Develop an incident response plan Who is part of the response team inside and outside resources, counsel? When is the plan implemented? What actions need to be taken, and in what order? How will you take those actions? Do you know where your data is? Do you have adequate logging on your system? Train employees regarding the plan, and test the plan Review insurance coverage Review agreements with third parties who access your data 35
36 Responding to a Cybercrime Incident E When an incident happens: Preserve critical data quickly Know your in-house forensic capabilities before doing it yourself Conduct an internal investigation If you need law enforcement help with the investigation, reach out promptly Law enforcement involvement won t eliminate the need for an internal investigation, because what bank needs to know differs from what law enforcement needs to know If bank conducts its own investigation, it can choose not to waive privilege Grand jury secrecy rules limit what law enforcement is allowed to share with victims 36
37 THANK YOU strozfriedberg.com David Glockner
Attachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationOnline Account Takeover. Roger Nettie
Online Account Takeover Roger Nettie CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited CUNA Mutual Group 2013 Session Outline Types of attacks Movement of funds Consumer
More informationSupplement to Authentication in an Internet Banking Environment
Federal Financial Institutions Examination Council 3501 Fairfax Drive Room B7081a Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 562-6446 http://www.ffiec.gov Purpose Supplement to Authentication in
More informationFFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager
FFIEC Supplemental Guidance to Authentication in an Robert Farmer Senior Technology Compliance Manager 1 888 250 4400 Effective Date The FFIEC Supplement to Authentication in an was issued on June 28,
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool
ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary
More informationHere are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.
Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationRemarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before the 10 th Annual Community Bankers Symposium Chicago November 7, 2014 Good morning, it s a pleasure to be here today and to have this opportunity
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationDon t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
More informationFFIEC BUSINESS ACCOUNT GUIDANCE
FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit unions and business account holders to make online banking safer and more secure from account hijacking and unauthorized funds
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More information2015 CENTRI Data Breach Report:
INDUSTRY REPORT 2015 CENTRI Data Breach Report: An Analysis of Enterprise Data Breaches & How to Mitigate Their Impact P r o t e c t y o u r d a t a Introduction This industry report attempts to answer
More informationElectronic Fraud Awareness Advisory
Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved
More informationCybersecurity Governance Update on New FFIEC Requirements
Cybersecurity Governance Update on New FFIEC Requirements cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started in 1953 with a goal of total client service Today, Professional Services Firm
More informationPresented by: Mike Morris and Jim Rumph
Presented by: Mike Morris and Jim Rumph Introduction MICHAEL MORRIS, CISA Systems Partner JIM RUMPH, CISA Systems Manager Objectives To understand how layered security assists in securing your network
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationINDUSTRY OVERVIEW: FINANCIAL
ii IBM MSS INDUSTRY OVERVIEW: FINANCIAL RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: NOVEMBER 5, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW... 1 MAJOR FINANCIAL
More informationWhat Data? I m A Trucking Company!
What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationThe Evolution of Data Breaches
The Evolution of Data Breaches 2015 Data Privacy & Security Summit June 29, 2015 Mark Shelhart Incident Response & Forensics Retail Data Security recent victims The Largest Cyber Risks to your Organization
More informationPresented By: Corporate Security Information Security Treasury Management
Presented By: Corporate Security Information Security Treasury Management Is Your Business Prepared for a Cyber Incident? It s not a matter of if, it s a matter of when Cyber Attacks are on the Rise; Physical
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationCYBERSECURITY HOT TOPICS
1 CYBERSECURITY HOT TOPICS Secure Banking Solutions 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance CISSP, CISA, CRISC www.protectmybank.com
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationAccount-to-Account Transfer Services Risk
Account-to-Account Transfer Services Risk This white paper is part of the Risk Management White Paper Series, which CUNA Mutual Group provides exclusively to its Bond policyholders. TABLE OF CONTENTS Table
More informationCybersecurity Risks, Regulation, Remorse, and Ruin
Financial Planning Association of Michigan 2014 Fall Symposium Cybersecurity Risks, Regulation, Remorse, and Ruin Shane B. Hansen shansen@wnj.com (616) 752-2145 October 23, 2014 Copyright 2014 Warner Norcross
More informationBUSINESS ONLINE BANKING AGREEMENT
BUSINESS ONLINE BANKING AGREEMENT This Business Online Banking Agreement ("Agreement") establishes the terms and conditions for Business Online Banking Services ( Service(s) ) provided by Mechanics Bank
More informationACI Response to FFIEC Guidance
ACI Response to FFIEC Guidance Version 1 July 2011 Table of contents Introduction 3 FFIEC Supervisory Expectations 4 ACI Online Banking Fraud Management 8 Online Banking Fraud Detection and Prevention
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationCyber Risks and Insurance Solutions Malaysia, November 2013
Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare
More informationRemote Deposit Quick Start Guide
Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationSecurity & Compliance, Sikich LLP
Mark Shelhart, CFI, CISSP, QSA Security & Compliance, Sikich LLP 1. Credit card breaches 2. Disgruntled IT, bad leaver 3. Personal records breach 4. Vendor network connections (and contracts) 5. Everything
More informationby: Scott Baranowski Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy
Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy June 10, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT
More informationIT Security Risks & Trends
IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationInternet Banking Authentication Guidance is Out
Brace Yourself: Updated d FFIEC Internet Banking Authentication Guidance is Out October 13, 2011 Paul Rainbow, Manager David Dyk, Manager 1 The material appearing in this presentation is for informational
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationOnline security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.
Defeating cybercriminals Protecting online banking clients in a rapidly evolving online environment The threat As the pace of technological change accelerates, so does the resourcefulness and ingenuity
More informationCybersecurity and Privacy 2015: Presentation to Institute of International Bankers
Cybersecurity and Privacy 2015: Presentation to Institute of International Bankers Sue Ross Senior Counsel Norton Rose Fulbright US LLP October 27, 2015 Speaker Sue Ross Senior Counsel Norton Rose Fulbright
More informationRetail/Consumer Client. Internet Banking Awareness and Education Program
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
More informationUnderstanding It s Me 247 Security. A Guide for our Credit Union Clients and Owners
Understanding It s Me 247 Security A Guide for our Credit Union Clients and Owners October 2, 2014 It s Me 247 Security Review CU*Answers is committed to the protection of you and your members. CU*Answers
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationCybersecurity A Clear and Present Danger
Cybersecurity A Clear and Present Danger Thomas J. DeMayo, CISSP, CISA, CIPP, CEH, CHFI, MCSE Director IT Audit and Consulting Services TDeMayo@odpkf.com Objectives Gain an understanding of current cyber
More informationCYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015
CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 TODAY S PRESENTER Viviana Campanaro, CISSP Director, Security and
More informationTransaction Anomaly Protection Stopping Malware At The Door. White Paper
Transaction Anomaly Protection Stopping Malware At The Door White Paper Table of Contents Overview 3 Programmable Crime Logic Alter Web Application Flow & Content 3 Programmable Crime Logic Defeats Server-Side
More informationCombatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation
Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationOverall, which types of fraud has your organisation experienced in the past year?
1) Overall, which types of fraud has your organisation experienced in the past year? Insider fraud Corporate Account Takeover Consumer Account Takeover ATM/ABM (skimming, ram raid, etc.) Bill pay Cheque
More informationGet in the Groove with the Regulatory Jazz: Cyber Security and Vendor Management Examinations from the Regulators and Auditors Perspective
Get in the Groove with the Regulatory Jazz: Cyber Security and Vendor Management Examinations from the Regulators and Auditors Perspective Rory Guenther, CISA Senior Examiner, Operational Risk Specialist,
More informationA Privacy and Cybersecurity Primer for Nonprofits
A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 24, 2016 Presenters: Sean Hoar and Anna Watterson Privacy & Security Privacy The choices a consumer exercises re: who
More informationPanel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices
Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationProtecting your business from fraud
Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationCorporate Account Take Over (CATO) Guide
Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,
More informationPCI Compliance. Top 10 Questions & Answers
PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements
More information2012 Data Breach Investigations Report
2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information
More informationResidual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)
Organizational risks 1 Lock-in Risk of not being able to migrate easily from one provider to another 2 Loss of Governance Control and influence on the cloud providers, and conflicts between customer hardening
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationCyber-Crime Protection
Cyber-Crime Protection A program of cyber-crime prevention, data breach remedies and data risk liability insurance for houses of worship, camps, schools, denominational/association offices and senior living
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationACH AND WIRE FRAUD LOSSES
ACH AND WIRE FRAUD LOSSES Financial Institution Technology Funnel Matthew G. Brenner Date: September 26, 2013 Orlando, Florida www.lowndes-law.com What We Will Cover Why is this important? Who does this
More information{Governmental Client Training} June 20, 2016
{Governmental Client Training} June 20, 2016 2 Online Banking Controls & Fraud Considerations Dan Block, CPA Rumzei Abdallah, CPA Agenda 3 Online Banking Considerations What happened? 7 Controls Commonly
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationSecurity Assessment of briidge.net TM 2-Step verification for banking customers in a multichannel delivery environment that is FFIEC compliant
Security Assessment of briidge.net TM 2-Step verification for banking customers in a multichannel delivery environment that is FFIEC compliant Prepared for: By: Wesly Delva, SSCP, Information Security
More informationSmall Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
More informationInformation Technology. A Current Perspective on Risk Management
Information Technology A Current Perspective on Risk Management Topics Covered Information Security Program Common Examination Findings Existing and Emerging Risks ACH/Wire Fraud and Corporate Account
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationCybercrime and Regulatory Priorities for Cybersecurity
NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationDON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES
More informationQuestions You Should be Asking NOW to Protect Your Business!
Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationThings To Do After You ve Been Hacked
Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise
More informationDiscussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples The
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationCyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationPerspectives on Cybersecurity in Healthcare June 2015
SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright
More informationPwC Cybercrime US Center of Excellence
www.pwc.com Case studies Cybercrime US Center of Excellence Advisory - Forensics State sponsored network intrusion Act of economic espionage Client issue An international energy company headquartered in
More informationInternet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM
Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating
More informationTODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures
TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing
More informationIdentity Theft Prevention Program
-- Sample Policy -- Identity Theft Prevention Program Purpose To establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in connection with the opening of
More information