Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to CCIAOR Cyber Security Forum
Similar to CCIAOR Cyber Security Forum (20)
More from CCIAOR
More from CCIAOR (9)
Recently uploaded
Recently uploaded (20)
CCIAOR Cyber Security Forum
- 1. GET PROTECTED: CCIAOR CYBERSECURITY FORUM PRESENTING SPONSOR
- 2. The Business of Cybercrime By 2019, the annual global cost of cybercrime is estimated to equal $2.1 Trillion. Source: Juniper Research
- 3. • Direct theft of funds through fraud/scams/extortion. • Loss of critical/sensitive/confidential data. • Business disruption or downtime. • System clean-up, data/program recovery. • Post-breach IT & business consultation fees. • Reputational damage to business. Cybercrime Financial Loss is Correlated With:
- 4. • 43% percent of all cyberattacks in 2015 were leveraged at small to midsized businesses (250 or less employees).* • Dangerous misconception: “I’m too small to bother with” or “It won’t happen here.” • Cybercriminals know that the small guys are less protected. It’s Not Just Big Businesses Effected * Source: Symantec 2016 Cybersecurity Report
- 5. • Smaller to mid-sized companies. • Busy professionals focused on clients making deals. • Multiple separate players during transactions: Buyer, seller, buyer’s agent, seller’s agent, escrow agent, lawyer, mortgage broker, banks. • Real estate purchase = large sums of money. Cybercriminals Love Real Estate
- 7. Supervisory Senior Resident Agent Kevin White & Special Agent Sarah De Lair
- 8. Federal Bureau of Investigation Economic Crimes- Areas of Focus CAPE COD & ISLANDS ASSOCIATION OF REALTORS 5/11/2017 SSRA KEVIN R . WHITE SA SARAH DE LAIR
- 9. Big Picture Financial Institutions Frauds Building Effective Relationships
- 10. Financial Institution Frauds BUSINESS EMAIL COMPROMISE WIRE FRAUD SCHEMES
- 11. Business Email Compromise Background ◦ Methods: Spoof Domain, Spoof Username, Reply To, Compromised Account ◦ Victims: Businesses, Governments and Individuals ◦ Targets: Money and PII/W2 Information Scope (10/2013-4/2016) ◦ 50 States / 95 Countries ◦ 80 Countries ◦ 23,800+ victims ◦ $3,300,000,000+ lost
- 12. BEC - Continued The FBI’s Approach ◦ Awareness ◦ Recovery ◦ Data Collection/Analysis ◦ Pursuit of Individuals/Crime Groups Recent examples How you can help Example 1 • Day 1: Victim wired $98K to HK • Day 2: @9:15AM: Victim contacted FBI • Day 2: @ 9:30AM: Complaint desk notified C-5 • Day 2: @ 10:30AM: FBI emailed FINCEN Rapid Response Team • Day 2: @ 3:30PM: HK account frozen • Day 7: Funds returned to victim in full Example • Victim identified compromised account (E-mail Spoofing) • Contacted banks where wires were sent • Hold Harmless Letter • Identify Account Holders
- 13. Wire Fraud Scheme – Condo Closing Focus on Facilitation Money Mules ◦ Structuring Transactions ◦ Quick Wire Transfers AML Policies ◦ Proactive vs Reactive How you can help Individual received victim’s funds via wire Within 24 hours: Individual conducted structured withdrawals Individual sent multiple international wires. No funds remained in account Buyer contacted a few days before closing with wire transfer instructions Account was recently opened. Two cashier’s checks were issued. Checks cashed at local check cashing facility
- 14. Building Effective Relationships Why is it good for the FBI? ◦ Helps us develop a more accurate Intel picture ◦ Encourages timely reporting ◦ Creates additional investigative options Why is it good for you? ◦ Be part of the Intel cycle ◦ To build trust ◦ Know how/where to report frauds ◦ The FBI can be a source of information for you
- 15. International Wires Over $50,000 Within 3 Days Contact Local FBI Office Ask Bank to Issue Swift Recall Internet Crime – File Report with ic3.gov
- 16. Domestic Wires Victim Contact Bank – Request Recall of Wire File Police Report Contact Local FBI Office Internet Crime – File Report with ic3.gov
- 17. FBI Points of Contact Lakeville RA ◦ Main Number - 508-947-0625 Supervisory Senior Resident Agent Kevin R. White ◦ Email – Kevin.White@ic.fbi.gov Special Agent Sarah De Lair ◦ Email – Sarah.DeLair@ic.fbi.gov Internet Crime Complaint Center ◦ Website – www.ic3.gov
- 19. TEN CRITICAL IT SECURITY PROTECTIONS EVERY BUSINESS MUST HAVE IN PLACE NOW To Avoid Cyber Attacks, Data Breach Lawsuits, Bank Fraud and Compliance Penalties
- 20. Who Is John Garner? • Established iMedia in 1998 to help business use technology profitably. • We ensure your technology keeps you productive, secure and current. • We manage the technology for over 70 businesses in southeastern Mass • Over 50 terabytes of data is protected for our clients. • Ransomware attacks cost victims more than $1 Billion in 2016. iMediaTechnology clients didn’t pay a penny.
- 21. I’m Nervous! Aren’tYou? • What if….? • Here’s why…. • Here’s what’s even SCARIER !
- 22. CyberThreats are something to be SCARED about
- 23. IfYou Are AVictim of A Cyber Attack, YouWill Be LabeledAs Stupid and Irresponsible
- 24. HowTo ProtectYourself AndYour Business With 10 Layers Of Security
- 25. Build a Moat Around Your Castle • Layered Protection
- 26. 1. WebContent Filtering - Block Malicious Sites 2. Email Spam Filters 3. AntiVirusWith Exploit Detection 4. FirewallWithThreat Detection 5. Patch Software,UseAn Update BrowserAnd Plug Ins 6. BackupOn Site AndToThe Cloud 7. InstallAnAdblocker. 8. Policy’s For Internet UsageAnd Passwords 9. EmployeeTraining 10. Uninstall Unused Browser Plug Ins, Especially JavaAnd Flash.
- 27. Content Filtering • Open DNS for home or business • Blocks inappropriate and malicious content • Stops phishing, malware and ransomware earlier
- 28. Spam Filtering • AppRiver • One spam filter is good • Two may be better • Catch a Phish or two
- 29. AntiVirus with exploit detection • Webroot • Block KnownThreats • Block InboundWebThreats • Protects against unknown virus threats
- 30. Firewall with Threat Detection Combines several security tools into one device. Layers of protection
- 31. • Windows • MS Office • Business Applications • Web Browsers • Adobe Reader • AV updates • Firewalls What to Patch?
- 32. Data Backup • Every 30 minutes • The entire computer (not just documents) • Keep a local copy • Test Restore • Backup your cloud data too!
- 33. Advertisement Blocker • Minimize Malvertising • Most ads aren’t downloaded
- 34. Internet Use and Password Policy forWork • An internet usage policy provides employees with rules and guidelines about the appropriate use of company equipment, network and Internet access. • A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.
- 35. Clean up your browser • Remove Java and Flash • Uninstall unused web browser plugin’s.
- 36. Security AwarenessTraining • Think BeforeYouClick! • Be Suspicious of unexpected emails from your spouse, children, and colleagues • KnowBe4 web based training with Phishing email tests
- 37. Bottom Line: Let's Get Serious About Protecting Yourself and Your Company Against Cybercrime!
- 38. Drew McCusker Senior Underwriter Executive and Management Liability Hanover Insurance Group
- 39. Cyber Security Insurance Drew McCusker Management Liability Underwriter Hanover Insurance 39
- 40. 40 Legal Disclaimer This presentation is advisory in nature and necessarily general in content. No liability is assumed by reason of the information provided. Whether or not or to what extent a particular loss is covered depends on the facts and circumstances of the loss and the terms and conditions of the policy as issued. The precise coverage afforded is subject to the terms and conditions of the policies as issued.
- 41. 41 MA Data Breach Law Title XV, Chapter 93H§ 3: “A person or agency that maintains or stores…data that includes personal information about a resident of the commonwealth, shall provide notice, as soon as practicable and without unreasonable delay, when such person or agency (1) knows or has reason to know of a breach of security or (2) when the person or agency knows or has reason to know that the personal information of such resident was acquired or used by an unauthorized person or used for an unauthorized purpose…”
- 42. 42 What is the most common data breach? Source: Ponemon Institute and IBM. 2016 Cost of Data Breach Study U.S. June 2016
- 43. 43 Cost of a Data Breach Direct Costs $76 Indirect Costs $145 Discovery Data Forensics Audit/Consulting Notification Call Center Identity Monitoring Identity Remediation Lawsuits Regulatory Fines Reputational Damage/Lost Business Source: Ponemon Institute and IBM. 2016 Cost of Data Breach Study: U.S., June 2016 Cost per Record $221 (2016) Customer Acquisition Time/Effort spent Loss of goodwill
- 44. 44 Where can you get coverage? Commercial Property? General Commercial Liability? Commercial Crime? Computer Crime? Professional Liability>
- 45. 45 Where can you get coverage? Unauthorized Record Access Cyber Fraud Denial of Service Cyber Extortion Cyber Vandalism ISO Property Policy Surety Assoc. Computer Crime Surety Assoc. Crime Policy Extortion & Kidnap Ransom Policy
- 46. 46 Cyber Insurance First Party Losses Loss of Private Data Notification costs, publicity costs, crisis management expenses Business Continuity Expense Extra expenses to continue operations, business income loss Cyber Extortion Ransom payment, other expenses Third Party Losses Customer Suits – Privacy Suits from customers alleging negligence in protecting information and other causes of action Customer Suits – Denial of Service Suits from customers alleging negligence in protecting the network against denial of service Regulation State law compliance, federal fines & penalties, PCI Assessments
- 47. 47 Best Practices • Information Security Policy • Incident Response Plan • Business Continuity Plan • Web Server Security • Mobile Device Security • Third Party Vendors • Written Contracts with indemnification clause • Make sure to audit and check their security rating
- 48. 48 Questions?
- 49. A SPECIAL THANK YOU TO PRESENTING SPONSOR
Editor's Notes
- Introduction as to who I am, my job and how this relates to the group I am talking about and what I am going to talk about. How the FBI prioritizes its threats - Impact - # victims, $ of loss, egregiousness (sympathetic victims, abuse of trust), scope of scheme (local, national, international), sophistication (organized crime group vs lone wolf) - Assessment of impact, driven based on our intelligence at the time. - FBI Intel function is dynamic – we can change priorities, resource allocation, level of focus based on Intel. Other areas of focus within economic crimes include: - Credit Card Frauds - ATM Skimming - Intellectual Property Rights - Insurance Fraud - Mortgage Fraud - Foreign lottery Schemes - Law Enforcement Impersonation At this point, they don’t rise to our “primary areas of focus”. But, that is part of the reason we are hear. And that is why Building Effective Relationships is so important. Because you can impact our intel picture.
- Company had a garbage collection contract with a City. Company collects the garbage and hauls it to a disposal facility. The company receives a spreadsheet from the disposal facility every 2 weeks detailing the tonnage deposited at the disposal facility. After a four year relationship, the company receives an e-mail from the disposal company with new account details. The e-mail had an accurate invoice spreadsheet attached and requested the payment be sent to a new bank account and routing number. The company sent the wire. The company received a confirmation number and e-mailed to head of accounting at the disposal company and received a thank you e-mail. After two weeks passed, the company received another invoice and was asked to send the payment to another account at a different bank. The company received an e-mail from what appeared to be the POC from the disposal company stating that the money from the previous transfer was refunded and they needed to wire the money to another bank account. The company checked and didn’t see a refund and sent a text message to the POC at the disposal company. The POC stated that he didn’t send any e-mails and was not aware of a refund. We have recovered over 3.5 million in funds for victims. We have been successful in pulling back funds multiple links down the chain. We have been successful in identifying additional victims from money mule account, then contacted those victims to make them aware of the fraud and prevent additional loss.
- Give example of recent complaint : -E-mail from real estate managers account stated that they always request funds two days before closing so we have enough time to confirm the availability of the funds in our account. Provided the name of the account to transfer funds, “MROD General Contracting LLC” which is a wing of their firm with the sole aim of closing transactions. Funds were subsequently wired into account. -IP addresses for e-mails came back to Nigeria Real estate Manager – believed that her e-mail was hacked and her email account has bene acting “funny” for a few days (Account Takeover) Money Mules – talk about BEC - In this example, this was a BEC victim. $100K - 20K was taken out in three different withdrawals - One $40K wire was sent to Hong Kong - One $40K wire was sent to Nigeria - We got the funds from the 2 wire back SARs- but also call Active monitoring Active holds on suspected money mule accounts If you suspect your customers are the victims of online romance schemes, work from home schemes or other financial schemes, confront them. Contact local law enforcement to do a wellness check. What are you doing to ensure money mules or those laundering funds are just opening accounts across the street when you close them down? Chexsystems? Tell us what you are seeing. Intel on ML schemes.
- I listed this first, because this is the biggest and most important focus we have at the moment. That is because it has a broad impact into everything we do. It impacts how we prioritize our threats, how we dedicate our resources, how we go about investigating our cases. It all starts with Intelligence. The FBI is an Intelligence based law enforcement organization. That means that intelligence drives our investigative process. Now, I am a criminal agent. I have been an agent for 11 years and I think it took 10 years for me to accept this fact. And it really was a simple comment from our Director that helped in click. He said that “Intelligence is simply information that helps us do our job.” Dir. Comey has a gift for making things sounds simple. So as the program coordinator for Financial Institution Fraud, I need Intel. I need information about the threat. Where do you think a good source of information might be? Ongoing cases, victim complaints… yes…. But also Industry. That is where you come in. Without Industry, we can’t get an accurate sight picture of our threat. If we can’t see clearly, we can’t possibly hope to address it adequately. This is something, I will admit, is something the FBI has not done well enough. We have not shared information that way we could or should, we have been too guarded with our information and too reliant on the willingness to organizations to accept the one sided relationship were we simply take and don’t give anything back in return. It is the case we can tell you everything, no. But you can’t either. You have BSA restrictions, we have Grand Jury, victim rights, operational security concerns. But, if we can trust each other. Really believe we are working on the same side to help victims and catch the bad guys, we will find (as I have done already) that we can share a lot more than we have. Example, everything I am going to talk about today is about active investigations. But it will be sanitized. This trust thing is pretty important. You need to trust that when you tell us things, we are going to act on it appropriately. That certain things will happen on the phone for lead value and certain things will go in formal records. You need to trust that you won’t lose control the second you call us and that will work with you. But that trust is built over time. That trust will help us/and you as it will encourage early reporting of crimes. There are a few banks that I think I have the perfect relationship. I think of the bank as the place that he works. And he thinks of the FBI as the place that I work. Not these two massive bureaucracies. We also talk informally just to flush things out. Not just to report crimes. I feel confident, that should something occur at his bank, he will call me. I am sure he is confident that if he calls me, I will answer the call…. And I will help. Receiving the call early is important. As investigators, a proactive investigation is preferred to a historical one. It allows us to use sources, use undercovers, catch people in the act. A historical one is interviews, document reviews, involves represented parties They take longer and are less successful. We can work with you on proactive case. I will touch on an example of this when I talk about account takeovers. One of the biggest complaint we here from industry, is “who do I call.” There are a lot of LEAs out there. It can be confusing. But that is where a relationship can help as well. Call me up and ask. The FBI also disseminates information. We do this through formal and information channels. We do PSA’s through our websites (Like IC3), we do intel products that can be distributed to various groups (like banks), and we can have conversations. I have come to the conclusion that to have a healthy successful Financial Institution Fraud Program, effective relationships with industry are a NEED, not a want. The threats I cover today and the cases of I will be talking about would not be possible without an effective relationship with industry.
- Welcome! Thank you for being with us today. I’m John Garner from iMedia Technology, and you’re joining our webinar “7 Critical security protections every business must have to avoid a cyber attack” Today’s webinar will take about 20-30 minutes. At the end we’ll do a few Q&A’s If you have a question, please enter it into the GoToWebinar Chat box.
- The past two years we’ve seen a huge shift in cyber crime activity, more than I’ve seen in my entire IT career. Day to day we manage the technology of 70 businesses. We’re focusing more and more of our efforts on security, along with keeping our clients business technology current and productive. We’re managing 50 terabytes of data, and as of yet I’m happy to report non of our clients have had to pay a single penny towards ransomeware. And that’s not by accident.
- I’m nervous. I’m not comfortable with public speaking. If you’ve ever done this, you know the feeling… what if I forget to smile, do I sound like I’m reading, am I interesting, will they like me? Of course I’m nervous. Here’s why I do it. To help my clients and to help you. If you’re good at what you do, its because you care, and your customers value you. So I tolerate being nervous. You know what makes me more than nervous? Even scared? Cyber crime.
- We just heard about how serious cyber crime is. And I want to help you avoid becoming a victim. If you’re a business owner, a broker, an independent agent and you or your firm become a cyber victim, you have an obligation to inform and protect your clients. And as I prepared for this webinar, I realized that we see headlines about cyber security breaches every day. The thing is, those headlines are for large companies with recognizable brand names. Only the big breaches make the headlines. The breaches that happen to small businesses by and large go unreported, and are a bit less news worthy. I want you to understand, that the same tactics used to breach large corporations, including the Democratic National Committee, are what I’m going to present to you today.
- Its unfair, isn’t it. If it were a burglary, hit and run, or mugging you’re a victim and people are sympathetic. If it cyber crime there will be no sympathy. Think of your emotions when you heard Target was hacked. Stupid, right? You will be investigated and questioned about what you did to prevent this from happening. You may be found liable facing fines and lawsuits. And Ignorance wont be a defense. .
- And like any business, you might start off as a small business owner, with goals of growth. Here’s how you make that transition.
- Think of spam as casting a broad net. You hope by covering a wide area you’ll get a few bites. Phishing is more targeted. An example might be targeting people with a Netflix account. Your goal is to trick them into providing their account credentials, credit card information, perhaps even their SSN. Spear Phishing is a very targeted attack. There are specific people that I want to attack, and I’ll use information very familiar with the target to engage with them. I’ll pose as a face book friend. I’ll send emails posing as their banker, accountant, or attorney. My email attacks will be very specific and very convincing. This is the technique reported to have been used by the Russian hackers on the DNC,
- Think of spam as casting a broad net. You hope by covering a wide area you’ll get a few bites. Phishing is more targeted. An example might be targeting people with a Netflix account. Your goal is to trick them into providing their account credentials, credit card information, perhaps even their SSN. Spear Phishing is a very targeted attack. There are specific people that I want to attack, and I’ll use information very familiar with the target to engage with them. I’ll pose as a face book friend. I’ll send emails posing as their banker, accountant, or attorney. My email attacks will be very specific and very convincing. This is the technique reported to have been used by the Russian hackers on the DNC,
- 77% of attacks are targeted towards small and medium enterprises. Criminals know the vast majority have not taken steps to protect their busiess. The next few slides we will take some time to address these 5 common attack points
- These are paid for advertisements tainted with infection code, or malware. A third party legitimate ad service is hired to place ads across the internet. The ads look very legitimate. However the pages the ads link to are a malicious site.
- Cyber criminals need an army of computers to help them with their business. The dropper is they way they go about building their army.
- Last fall there was a large internet outage and many companies had their websites go off line. It turned out an attack on the internet was performed by common security cameras and the like – the IoT
- Ransomware is when your data becomes encrypted and is held for a ransom payment. Encryption is the act of scrambling your data and making it unreadable. Encryption can only be reversed with a secret key. Once your data is encrypted, there is no way to decrypt the data without the key. When we have come across encrypted data, the only way we can help is to restore the data from a prior backup.