30
Cyber Crime & the Bottom Line William J. Kowalski Operations Director, Rehmann Corporate Investigative Services
Cyber Crime & the Bottom Line
William J. KowalskiOperations Director, Rehmann Corporate Investigative Services
How much is lost?
$6.5 million = Average total cost of a data breach in the US$205.94 million = Total cost of cyber crime in US 2015
© 2016 Rehmann
Ponemon Institute© Research Report – 2015 Cost of Data Breach Study: Global Analysis”http://www.statista.com/statistics/193436/average‐annual‐costs‐caused‐by‐cyber‐crime‐in‐the‐us/
Data is exploding
Source: spotfire.tibco.com
The way we interact is changing
Pafamilylaw.foxrothschild.com
With connectivity comes
Source: news.hitb.org
Cyber crime• Cyber warrior ‘mercenaries’ for hire
worldwide
• Cyber crime is a multi‐billion dollar underground economy
• Cyber crime is an industry of suppliers, distributors and manufacturers
© 2016 Rehmann
Five recent breaches
• Anthem – 80 million patient and employee records
• Ashley Madison – 37 million user records• OPM – 21.5 million employee records• Experian – 15 million personal data records• Premera Blue Cross – 11 million subscriber records
© 2016 Rehmann
Who are the attackers?
© 2016 Rehmann
Terrorists
Nation States
Hactivists
Corporations
Cybercriminals
Insiders/Employees
What do they want?• Money• Information• Chaos
© 2016 Rehmann
What is information used for?• Cyber Criminals sell personal identifying information or use it to:– Open false bank accounts– File false IRS returns– Open false credit cards– Steal from bank accounts– Hack into other accounts/businesses– …
© 2016 Rehmann
Small businesses a big target• Don’t believe they will be attacked• Weak cyber security • Poor employee training• Poor or no data breach response plan• No cyber insurance
© 2016 Rehmann
Many businesses fail after a hack
• Lost funds• Breach repair and recovery• Notification & compliance• Lost reputation• Lost clients• Litigation
© 2016 Rehmann
Source: www.greenskyproductions.co.uk
Real power: power grid attacked
http://hotair.com/archives/2016/01/05/hackers‐take‐down‐power‐grid‐in‐ukraine‐in‐a‐troubling‐sign‐of‐things‐to‐come/
© 2016 Rehmann
Health data: hottest new target• 1 in 3 Americans’ health care records compromised
• Health care hacks up 11,000 percent in 2015• Personal information used for fraud • Compromised identities used for medical care• Victims billed for services they did not have
http://www.nbcnews.com/news/us‐news/hacking‐health‐care‐records‐skyrockets‐n517686
© 2016 Rehmann
How do cyber criminals get in?
Ransomware Ransomware Phishing
Ransomware Spyware
Malware/ Spyware Keylogging Skimming
BOT
Social Engineering
Ransomware
Watering Hole
© 2016 Rehmann
Popular: ransomware
• Your data taken “hostage”• Ransom email• Today $300• Tomorrow more• If you don’t pay, they destroy your data
© 2016 Rehmann
Case study: ransomware attack• Washington based MedStar Health• Central database inaccessible• Ransom email demanding $19,000• Shut down computers at 10 hospitals, 250 outpatient centers
https://www.washingtonpost.com/local/medstar‐health‐turns‐away‐patients‐one‐day‐after‐cyberattack‐on‐its‐computers/2016/03/29/252626ae‐f5bc‐11e5‐a3ce‐f06b5ba21f33_story.html?wpmm=1&wpisrc=nl_wonk
© 2016 Rehmann
Case study: wire funds fraud• Hackers penetrated victim’s email• Monitored email• Victim received notice for funds transfer• Hackers sent account change notice that appeared to be from victim’s email
• Funds wired to hacker’s bank account
© 2016 Rehmann
Case study: data breach• Employee clicked on email• Computer malfunctioned• Internal IT staff ran virus scan• Computer returned to service• Employee information offered for sale on dark net site
© 2016 Rehmann
Weakest link: employees• Clicking on links in emails
• Sending work email to personal accounts
• Importing viruses through social media
• Using company data on insecure lines
• Not following corporate policies
• Not securing mobile devices
© 2016 Rehmann
Focus on employees• Email and security policy• Training• Consequences for violating policy• Social engineering tests• Background checks before & after hiring• De‐activate terminated employees
© 2016 Rehmann
Weakness: poor IT security • Poor access controls• Improper/weak authentication• Poor patch management• Improper device configuration• Lack of security audits• Weak enforcement of remote login policies
© 2016 Rehmann
Close the IT loopholes• Create & enforce digital security policies• Create & enforce strong password policy• Update & patch software every 30 days• Backup & encrypt data• Secure wireless devices• Perform access reviews
© 2016 Rehmann
Prepare for attack• Hire outside digital forensics firm
– Examine entire system– Locate vulnerabilities– Locate back door– Repair damage– Update security
• Prepare response plan to notify victims, pay for protection, anticipate litigation…
© 2016 Rehmann
Buy cyber insurance • Cyber insurance:
– Response– Resolution– Liability– Extortion threats– Security breach expenses– The cost to replace or restore electronic data– Public relations expenses
© 2016 Rehmann
On the horizon• More cyber insurance policies
• More cybercrime claims
• Disputes/investigations over liability
• Litigation by those whose identities are exposed
• More sophisticated social engineering by cybercriminals
• More sophisticated encryption, identity verification (biometrics)
© 2016 Rehmann
Who is Rehmann?• A Michigan corporation founded in 1941
• CPAs & Consultants, Wealth Advisors, Corporate Investigators
• Offices in Michigan, Ohio, Indiana and Florida
• Nearly 800 team members
• One of the top 35 accounting and consulting firms in the U.S.
• A member of Nexia International, a network of professionals in 100 countries who can provide top level support for Rehmann clients worldwide
© 2016 Rehmann
Background InvestigationsHelping you know who you’re hiring and prevent problem hires.
Digital ForensicsBreach responses, incident response plans, penetration testing, security analysis.
Fraud InvestigationsInvestigate, document and consult.
Fraud Risk AssessmentsAnalyze management structure, oversight, adherence to procedures to identify fraud risks.
Forensic AccountingWe follow the money trail and document fraudulent activities.
Rehmann Corporate Investigative ServicesTeam of professional investigators led by former FBI Special Agents
© 2016 Rehmann
Thank you -
For more information...
William Kowalski Director of OperationsRehmann Corporate Investigative [email protected]/cis
