A Forensic Accountant in Cyber Security

Transcription

1 A Forensic Accountant in Cyber Security Gertjan Groen, President ACFE Netherlands Chapter Fraud Awareness Week Event ACFE Belgium 14 November 2017, Brussels

2 Personal Background Started my career in auditing (1988, KPMG) Part of establishment and development of KPMG Forensic Accounting NL (1993) Self-employed ( ) Partner at BDO Forensics & Litigation Support NL ( ) Since June 2013 Board Member of ACFE The Netherlands Chapter. As of May 1, 2017 President As of October 1, 2017 Business Line Manager Forensics & Incident Response at Fox-IT, member of NCC Group

3 This is not. A presentation from a Cyber Crime specialist A presentation on Bits, Bites and techniques Instead, this is a presentation Of a forensic accountant with 25 years of experience in forensic accounting sharing his experience after (only) six weeks in cyber security About differences and similarities between fraud and cyber crime (or forensic accounting and cyber security) À titre personnel

4 My main search: where do Fraud and Cyber Crime meet? My hypotheses: there are a lot of similarities within the next 5 to 10 years fraud and cyber crime will come (more or less) together (and thus Forensic Accounting and Cyber Forensics) Next months to explore! Today I give my first reflections

5 Fox-IT Forensics & Incident Response in brief Part of Fox-IT Cyber Threat Management Approx. 25 FTE Services include: Incident Response (CERT) Forensics ediscovery Compromise Assessments Response Readiness Assessments

6 Fraud goes back to 300 b.c. whereas Cyber Crime only goes back to / 2017 Blue Box. Give away whistle used to make free phone calls First cyber crime conviction First largescale case of ransomware Introductionof World Wide Web First Macroviruses Melissa virus released. Most virulent computer infection to date Denial of Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran. Wannacry, Petya, NotPetya

7 Cyber actors not your typical fraudster: Intent Disgruntled employees Terrorists State actors Hacktivists Criminals Script kiddies Capability

8 Do you remember?

9 Many cyber attacks come back to human: the weakest link The typical person has 26 password protected accounts 60% of people reuse their password(s) 11% uses only 1 (!) password for all of his accounts (just imagine these people working at your organization.) How do people remember passwords: 39% writes them down on a piece of paper 10% keeps them in a file on their computer 7% keeps them in a file on Dropbox or similar People publish a lot of personal information on social media a valuable source for cyber criminals (e.g. CEO fraud)

10 Working in Cyber Security: time for me to have a look into the mirror!

11 A password isn t a password unless.so I changed basically all my private passwords (> 50)!

12 Social media? My score (and probably not complete ). What s your score?? If you think it s not a problem for you: your personal data can (also) be used to scam other people!

13 Cyber Crime threat landscape Cyber Crime is all around us and still growing. Are we sitting on a Volcano? Victimized organizations relatively naïve: try to resolve it themselves, often destroying evidence and/or increasing damage Internet of things! Malware is traded on the internet and easily accessible: cyber crime for everyone! Threat of terrorists and State actors is increasing Basically every organization can (and will) be a victim of cyber crime the main question is: are you prepared?

14 The Cyber incident: are you prepared? Do you have an incident response plan, including communication, retention of data, etc.? Do you have first incident handlers within your organization? Do you have a Cyber Emergency Response Team (CERT?) If not: do you have a retainer contract with an external CERT provider? Do you have a Cyber Insurance policy? Etc. In practice: majority of organizations are not prepared at all!

15 Some differences between Cyber Crime and Fraud Fraud is usually detected afterwards; Cyber Crime can be detected in a very early stage Fraud is often committed by insiders, Cyber Crime usually by outsiders The identity of the fraudster often can be determined, whereas the identity of a cyber criminal usually is difficult to determine. In Fraud Risk Management relatively limited attention for Threat Intell. In Cyber Risk Management increasing attention aim is to display vulnerabilities and predict potential attacks

16 Where Fraud and Cyber Crime (could) meet Cyber Crime more and more is a modus operandi of fraud (e.g. CEO-fraud and Man-in-the-Middle (MITM) attacks) Cyber forensics can support (traditional) fraud investigations and vice versa Like fraud awareness, cyber awareness usually only exists after an incident Cyber Security Framework looks like, sounds like. Fraud Risk Management

17 ACFE Netherlands Chapter Approx. 320 members, of which less than 10 members working in Cyber Security Members have background in private sector (banks, insurance companies, law firms, multinationals, accountancy & consultancy firms, etc.) and public sector (Police, Tax Authorities, Public Oversight, etc.) 4 events per year, open to all members and their guests Belgian Chapter members welcome! New website