EFT SWIFT Breaches Highlight Growing Fraud
|
|
- Donald Blankenship
- 5 years ago
- Views:
Transcription
1 EFT SWIFT Breaches Highlight Growing Fraud HOW ARE THE BAD GUYS STEALING MONEY OUT FROM UNDER OUR NOSES? PRESENTED BY: TOTAL TRAINING SOLUTIONS AND JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Master s of Information Assurance, Dakota State University Mission: save the world! Phone: jon@protectmybank.com SBS Institute sbsinstitute@protectmybank.com
2 Dakota State Nationally Recognized National Security Agency Department of Homeland Security 4,000 universities in the country Only 100 named national centers in the past 10 years National Center of Excellence in Information Assurance 3 Our Experience PROCESS: Information Security Program design and roll out IT Risk Management Vendor Management Technology Selection Business Continuity/ Disaster Recovery Incident Response Information Security Consulting IT Audit ISP Audit Controls Audit Wire Transfer Audit ACH Audit Internet Banking Audit TECHNOLOGY: Penetration Testing Vulnerability Assessment System Configuration Assessment Acceptable Use Scanning PEOPLE: Social Engineering Awareness Programs ISO Training CATO Training 4 2
3 EFT banking s new normal electronic transfer of money from one account to another, either within a single financial institution or across multiple institutions, through computer based systems and without the direct intervention of institution staff Includes: ACH (automated payment, such as a direct deposit) Wire Transfer (Western Union of Federal Reserve) Digital Currency (BitCoin, virtual currency) EFTPOS Point of Sale transactions (debit/credit card) Mobile Payments (SMS banking; ApplePay) SWIFT (international messaging for payment orders) 5 Same Day ACH Most ACH payments are settled the next business day (some minor float) NACHA rule change enables same day ACH processing Includes a same day fee so that RDFI s can recover cost to implement 2 new Clearing windows 10:30AM ET (settlement at 1:00PM ET) 2:45PM ET (settlement at 5:00PM ET) Roll out in 3 phases beginning September
4 Digital Banking Trends More or less access to money digitally? $96,000 of sales are made on Amazon every minute $612,000 is spent online by consumers every minute in real time/ More or less in person member interaction? Greater or fewer brick and mortar locations? More or less employees? More or less investment into technology? 7 Banking Method Trends 4
5 Changes in the Paradigm Banking is quickly changing from a place you go to something you do everyday, stated Brett King, author of bestselling Bank 2.0 and Bank 3.0, as well as founder of mobile banking start up Movenbank 9 Today s Cyber Crime 10 5
6 Vendors, CATO, and Ransomware Financial Institution networks are pretty secure When is the last time you heard a community bank get HACKED? How are bad guys getting our information and money, then? Through our Vendors (Target) Breaches of our members (Commercial Account Takeover) Other random attacks (phishing s, ransomware) 11 Crime as a Service (CAAS) Growing Threat Built using Botnets Provide services such as: Conduct DDOS Conduct Phishing Anti Antivirus Services Keylogging and central reporting Call Centers 12 6
7 Define Your Perimeter Network Perimeter Security Third Parties Internet Financial Bank Institution Physical Customers Members 13 Capability Maturity Model 14 7
8 Corporate Account Takeover CATO is the #1 threat to financial institutions responsible for millions of dollars in losses frayed business relationships litigation affecting both financial institutions and commercial accounts. around 85% of cyber attacks are now targeting small businesses. White House Cybersecurity Coordinator 15 CATO Attack Vectors P2P or A2A transactions Cash Management Online Banking Bill Pay Online Banking ACH Batch File ACH or Wire Fraud Wire Phone Request Wire Request Wire Fax Request 16 8
9 How does CATO work? 17 Getting the Money banking fraud/cyber banking fraud graphic 18 9
10 Newest forms of CATO Business Compromise Internal BEC vs. Member BEC Payroll takeover Extortion 19 Notable Incidents May 2013 J.T. Alexander & Son Inc. $800,000 in ACH transactions ranging from 5 10K to 60 mules, company has 15 employees with average 30K payroll. April 2013 Chelan County Public Hospital $1M in ACH transactions from payroll account using 96 mules Identified by Brian Krebs December 2012 Efficient Services Escrow Group $1.5M in wires (December.4M and January 1.1M). Forced company to close. December 2012 Ascent Builders Inc. $900,000 in wires and ACH covered up by DDOS Identified by Brian Krebs February 2014 The Scoular Co. Omaha, NE $17.2M to China using BEC Fraud (aka CEO fraud or man in the ) August 2014 Ubiquiti Networks San Jose, CA $46.7M to Hong Kong and other overseas accounts FBI: $1.2B Lost to Business Scams (BEC) in last two years
11 Selling on the Dark Web 21 Online Card Sale 22 11
12 Exploits Sell Good and Bad a windows 0 day could be yours/ 23 How to mitigate CATO risk? KNOW YOUR RISK Know your members Who s the riskiest member? Layered Security Programs Offer commercially reasonable security Encourage dual authentication, out of band, separate workstations EDUCATION! Employee Member Insurance Better Contracts PLAN TO FAIL WELL 24 12
13 FFIEC Layered Security Programs Effective controls that may be incorporated in a layered security program include, but are not limited to: Fraud monitoring and detection Dual authorization Out Of Band transaction verification Positive pay Account activity controls or limits on value, volume, timeframes, and payment recipients IP reputation based blocking tools Polices and procedures for addressing potentially infected member devices Enhanced control over account maintenance Enhanced member education (also NCUA Letter 11 CU 09) 25 SWIFT & Bank of Bangladesh Bank of Bangladesh unknowingly breached for months Bad guys learned how SWIFT works through studying network traffic at BoB (malware) Planned an elaborate heist to steal $951M Only able to get away with $81M Transferred into accounts that had been opened in 2015 (and had money in them) LONG CON A printer error discovered the attack A misspelling caused a $20M wire to fail processing 26 13
14 27 How do CUs prevent EFT Fraud? NCUA FFIEC Joint Statement on Interbank Messaging and Wholesale Payments ent 2016 june ffiec cybersecurity.aspx 5 Major Takeaways: Know Your Risk Monitor Your Networks Patch Management Test Security Regularly Plan to Fail Well 28 14
15 Know Your Risk It all starts with your RISK ASSESSMENT. Your Risk Assessment should help you to make decisions! Those decisions should be documented in your Information Security Program. You then test your decisions People, Process, and Technology A good risk assessment take a lot of work. Explore tools that create standards to make your life easier and help you measure risk. 29 Types of Risk Targets: Organizational Risk Asset specific Risk Outcomes: Inherent Risk How risky is an asset BEFORE we apply mitigating controls? Residual Risk What is the remaining risk AFTER we ve implemented security controls? 30 15
16 IT Risk Assessment Components ASSET (PP) THREAT INHERENT RISK INHERENT RISK MITIGATING CONTROLS 31 Monitor Your Network 2 BIG Questions: 1. If someone was in your network, would you know it? 2. If someone was sending information out the backdoor of your network, would you be able to tell? Can you weed through the network noise (logs) and identify suspicious activity? What does your baseline network activity look like? How do you identify and monitor anomalies? 32 16
17 Patch Management Inventory all assets divide into software/firmware categories Insert yourself into the appropriate software/firmware update notifications usually lists. Create a patching schedule based on the lists activity MS is easy (second Tuesday of every month). Create an appropriate testing regimen based on the size and complexity of your environment try to ensure the windows from patch release to patching on production is as small a possible Automate the deployment of patches on each vendor system as much as possible software (patching vendors) firmware (NAS repository). Identify outliers of systems not getting patches or updates Remediating outliers so they can get patches reinstall, troubleshooting, etc Test Security Regularly Plan Assess your risk No, REALLY assess it Do Build your ISP Implement controls Check Test your people Test your process Test your technology Act Apply lessons learned Continuously improve! 34 17
18 Plan to Fail Well Make sure your Incident Response Procedures cover more than just member data breach Other new, internet related threats: Malware, Ransomware, DDoS, vendor breach Who will you have to notify in the event of an incident? Have you considered Digital Forensics? 35 Comprehensive Incident Response Don t just address: CU Incidents Third Party Incidents Member Incidents From the perspective of the CU. Build or ensure each layer has their own procedures: Member s IRP Third Party s IRP Commercial Accounts Third Party IT 36 18
19 CSBS Shift Your Thinking Conference of State Banking Supervisors: The persistent threat of internet attacks is a societal issue facing all industries, especially the financial services industry. Once largely considered an IT problem, the rise in frequency and sophistication of cyber attacks now requires a shift in thinking on the part of bank CEOs that management of a bank s cybersecurity risk is not simply an IT issue, but a CEO and Board of Directors issue
20 39 That s all she wrote Any questions, comments, or concerns? Automate your IT Risk Assessment TRAC! Also, for a much deeper dive on Cybersecurity specifically for financial institutions, check out our eleven (11) Cybersecurity Certification Programs! CB Security Manager (CBSM) CB Security Technical Professional (CBSTP) CB Security Executive (CBSE) CB Vendor Manager (CBVM) CB Ethical Hacker (CBEH) CB Incident Responder CCBIH) More Ask about our Learning Paths! Contact info: Jon Waldman Partner, Senior IS Consultant jon.waldman@protectmybank.com
21 Thank You for Attending! TTS CUWebinars.com Don t forget about our listing of OnDemand programs at CUWebinars.com! Upcoming CUWebinars August 5 th - ALERT! New Customer Due Diligence Rules: Part Two Consumers August 10 th - Best-Ever Compliance Checklist for Consumer Loans August 18 th - Critical Issues on Closing Accounts August 23 rd - Flood Insurance Review and Update August 25 th - 8 Keys to Teller Excellence August 25 th - Compliance Perspectives: A Monthly Update September 7 th - Commercial Loan Checklists 41 21
10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationInterpreting the FFIEC Cybersecurity Assessment Tool
Interpreting the FFIEC Cybersecurity Assessment Tool Wayne H. Trout, CISA, CRISC, CBCA, CBRA, CBRITP NCUA Supervisor, Critical Infrastructure and Cybersecurity What We ll Cover Cyber risk management Cybersecurity
More informationsecurity FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.
security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name. Security for Your Business Mitigating risk is a daily reality for business owners, but you don t have
More informationCyber Attack: Is Your Business at Risk?
15 July 2017 Cyber Attack: Is Your Business at Risk? Stanley Wong Regional Head of Financial Lines, Asia Pacific Agenda Some common misconceptions by SMEs around cyber protection Cyber Claims and Industry
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Palindrome Technologies 100 Village Court Suite 102 Hazlet, NJ 07730 www.palindrometech.com Peter Thermos President & CTO Tel: (732)
More informationCyber Security CATO Seminar Presented by: Jon Waldman CISA, CRISC
Cyber Security CATO Seminar Presented by: Jon Waldman CISA, CRISC Secure Banking Solutions 2015 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Phone: 605-380-8897 jon@protectmybank.com
More informationHow Cyber-Criminals Steal and Profit from your Data
How Cyber-Criminals Steal and Profit from your Data Presented by: Nick Podhradsky, SVP Operations SBS CyberSecurity www.sbscyber.com Consulting Network Security IT Audit Education 1 Agenda Why cybersecurity
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationChoosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist
Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Agenda Industry Background Cybersecurity Assessment Tools Cybersecurity Best Practices 2 Cybersecurity
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More information2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016
2016 Tri-State CF Partnership Webinar Series Cyber Crime Trends a State of the Union April 7, 2016 Presenter Mark Eich, Principal Information Security Services Group CliftonLarsonAllen 2014 CliftonLarsonAllen
More informationTackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud
Tackling Cybersecurity with Data Analytics Identifying and combatting cyber fraud San Antonio IIA iheartaudit Conference February 24, 2017 What We ll Cover + Current threat landscape + Common security
More informationCybersecurity Today Avoid Becoming a News Headline
Cybersecurity Today 2017 Avoid Becoming a News Headline Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationEmerging Issues: Cybersecurity. Directors College 2015
Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity
More informationCyber Insurance: What is your bank doing to manage risk? presented by
Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an
More informationNCUA IT Exam Focus. By Tom Schauer, Principal CliftonLarsonAllen
NCUA IT Exam Focus By Tom Schauer, Principal CliftonLarsonAllen My Background and Experience Computer Science Degree - Puget Sound Information Security Professional for 30 years Consultant: Ernst & Young,
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationCybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls
Cybersecurity Hospitality Finance and Technology Professionals June 27, 2017 Presented by: Harvey Johnson, CPA Partner Overview Define Cyber Security Importance of Cyber Security 2017 Cyber Trends 1 About
More informationWelcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time
TM Plan. Protect. Respond. Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time Registration is open for the April webinar:
More information2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along
2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management Today s Speakers Olivia Munro Senior Marketing Specialist Eze Castle Integration Bob Shaw Director, Technical Architecture Eze Castle
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More informationIT Audit and Risk Trends for Credit Union Internal Auditors. Blair Bautista, Director Bob Grill, Manager David Dyk, Manager
IT Audit and Risk Trends for Credit Union Internal Auditors Blair Bautista, Director Bob Grill, Manager David Dyk, Manager 1 AGENDA Internet Banking Authentication ATM Security and PIN Compliance Social
More informationFFIEC Guidance: Mobile Financial Services
FFIEC Guidance: Mobile Financial Services Written by: Jon Waldman, CISA, CRISC Partner and Senior Information Security Consultant Secure Banking Solutions, LLC FFIEC Updates IT Examination Handbook to
More informationHow NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity
How NSFOCUS Protected the G20 Summit Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity SPONSORED BY Rosefelt is responsible for developing NSFOCUS threat intelligence and web
More informationCyber Security and Data Protection: Huge Penalties, Nowhere to Hide
Q3 2016 Security Matters Forum Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide Alan Calder Founder & Executive Chair IT Governance Ltd July 2016 www.itgovernance.co.uk Introduction
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationCybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank
Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank NJ Bankers Association Annual Convention May 19, 2017 Presented by: Jeremy Burris, Principal, S.R. Snodgrass,
More informationYou ve Been Hacked Now What? Incident Response Tabletop Exercise
You ve Been Hacked Now What? Incident Response Tabletop Exercise Date or subtitle Jeff Olejnik, Director Cybersecurity Services 1 Agenda Incident Response Planning Mock Tabletop Exercise Exercise Tips
More informationMust Have Items for Your Cybersecurity or IT Budget in 2018
Must Have Items for Your Cybersecurity or IT Budget in 2018 CBAO Regional Meeting Dan Desko (Senior Manager, IT Risk Advisory) Matt Dunn (Senior Security Analyst, IT Risk Advisory) Who is Schneider Downs?
More informationASSESSMENT LAYERED SECURITY
FFIEC BUSINESS ACCOUNT GUIDANCE RISK & ASSESSMENT LAYERED SECURITY FOR ONLINE BUSINESS TRANSACTIONS New financial standards will assist banks and business account holders to make online banking safer and
More informationCLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies
Fraud Overview and Mitigation Strategies SUNTRUST TEAM: DOUG HICKMAN SENIOR VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS SPECIALTY PRACTICE JAMES BERNAL ASSISTANT VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationThe Cyber War on Small Business
The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber
More informationManaging IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services
Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our
More information50+ Incident Response Preparedness Checklist Items.
50+ Incident Response Preparedness Checklist Items Brought to you by: Written by: Buzz Hillestad, Senior Information Security Consultant at SBS, LLC 1 and Blake Coe, Vice President, Network Security at
More informationMonthly Cyber Threat Briefing
Monthly Cyber Threat Briefing January 2016 1 Presenters David Link, PM Risk and Vulnerability Assessments, NCATS Ed Cabrera: VP Cybersecurity Strategy, Trend Micro Jason Trost: VP Threat Research, ThreatStream
More informationCybersecurity and Nonprofit
Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit
More informationLecture Materials MANAGING SECURITY RISK IN BANKING
Lecture Materials MANAGING SECURITY RISK IN BANKING Kevin Streff Professor of Cybersecurity Dakota State University kevin.streff@dsu.edu 605-270-0790 & Founder SBS Cybersecurity, LLC Kevin.streff@sbscyber.com
More informationRecognizing Fraud Staying Safe 2018 Information/Cyber Security Training
Recognizing Fraud Staying Safe 2018 Information/Cyber Security Training Copyright Sage Data Security 2017-2018 All Rights Reserved Presented by: John H Rogers, CISSP Director of Advisory Services john.rogers@sagedatasecurity.com
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationBackground FAST FACTS
Background Terra Verde was founded in 2008 by cybersecurity, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance
More informationWeb Cash Fraud Prevention Best Practices
Web Cash Fraud Prevention Best Practices Tips on what you can do to prevent Online fraud. This document provides best practices to avoid or reduce exposure to fraud. You can use it to educate your Web
More informationJune 2 nd, 2016 Security Awareness
June 2 nd, 2016 Security Awareness Security is the degree of resistance to, or protection from, harm. if security breaks down, technology breaks down Protecting People, Property and Business Assets Goal
More informationMANAGING SECURITY RISK IN BANKING. Kevin F. Streff Managing Partner SBS CyberSecurity, LLC Madison, SD
MANAGING SECURITY RISK IN BANKING Kevin F. Streff Managing Partner SBS CyberSecurity, LLC Madison, SD kevin.streff@sbscyber.com 605-270-0790 August 8-10, 2018 IT Risk Assessment 2018 Graduate School of
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationThanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at
Thanks! Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at jim@stickleyonsecurity.com Don t forget to checkout Stickley on Security and learn about our
More informationCyber Fraud What can you do about it?
Cyber Fraud What can you do about it? Eric Wright Shareholder June 10, 2014 What is Cyber Fraud? NetLingo definition: Cyber fraud refers to any type of deliberate deception for unfair or unlawful gain
More informationJanuary 23, Online Banking Risk Management: A Multifaceted Approach for Commercial Customers
January 23, 2012 Online Banking Risk Management: A Multifaceted Approach for Commercial Customers Risk Management Rajiv Donde - CEO Laru Corporation Agenda Risk Premise FFIEC prescription for a layered
More informationNo IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP
No IT Audit Staff? How to Hack an IT Audit Presenters Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP Learning Objectives After this session, participants will be able to: Devise
More informationThe BUSINESS of Fraud. Don t let it put you out of business. AFFILIATE LOGO
The BUSINESS of Fraud. Don t let it put you out of business. Veenindra J. Singh, First Vice President, Treasury Management Consultant California Bank & Trust 300 Lakeside Drive, Suite 800 Oakland, Ca 94612
More informationCybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.
Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m. It is crucial that small financial firms take proper cybersecurity measures to protect their customers and their firm. During
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More information2014 CliftonLarsonAllen LLP Cyber Crime and Payment Fraud Trends Key Threats to All Businesses CliftonLarsonAllen LLP. CLAconnect.
Cyber Crime and Payment Fraud Trends Key Threats to All Businesses CLAconnect.com What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical
More informationRegulator s Perspective of Best Practices in Combatting Cybercrime Executive Fraud Forum October 30, 2013
Regulator s Perspective of Best Practices in Combatting Cybercrime Executive Fraud Forum October 30, 2013 Tony DaSilva, AAP, CISA Senior Examiner Federal Reserve Bank of Atlanta Disclaimer The views and
More informationCybersecurity Conference Presentation North Bay Business Journal. September 27, 2016
Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice
More informationThe Business Value of including Cybersecurity and Vendor Risk in ERM
The Business Value of including Cybersecurity and Vendor Risk in ERM Yo Delmar, Vice President, Customer Engagement, MetricStream RMA GCOR XI April 4 5, 2017 Hyatt Regency, Cambridge, MA Tuesday 2:30 pm
More informationTexas Department of Banking United States Secret Service January 25, 2012
Texas Department of Banking United States Secret Service January 25, 2012 Presented by: Texas Department of Banking Banking Commissioner Charles G. Cooper Deputy Commissioner Bob Bacon Chief IT Security
More informationHIPAA 2017 Compliancy Group, LLC
1 Meet Your Expert Charles Weiselberg Compliancy Group, LLC Director of Customer Service Chuck@compliancygroup.com ENDORSED PARTNER 2 Compliancy Group We simplify compliance so you can confidently focus
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationUnderstanding IT Audit and Risk Management
Understanding IT Audit and Risk Management Presentation overview Understanding different types of Assessments Risk Assessments IT Audits Security Assessments Key Areas of Focus Steps to Mitigation We need
More informationFraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014
Fraud Update: Why Fraudsters Love Wires and How to Stop Them Luis Rojas, Director, Product Management WesPay 2014 Competitive Pressures Drive Fraud and Operational Risk Availability Of Information Creates
More informationGetting over Ransomware - Plan your Strategy for more Advanced Threats
Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago
More informationToday s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches
Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches Chris Bucolo, PCIP, MBA Today s Speaker Chris Bucolo Sr. Manager, Sikich
More informationTurning the Tide: Fending off Cyber Threats
SESSION ID: SPO1-W05A Turning the Tide: Fending off Cyber Threats Authenticate / Protect / Respond Roy Murdoch SE Manager NEMEA Proofpoint Who s in the Actors Sights? Attacks Increasingly Target Individuals,
More informationCybersecurity and the Board of Directors
Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationCybersecurity Session IIA Conference 2018
www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that
More informationCyber (In)Security. What Business Leaders Need To Know. Roy Luebke Innovation and Growth Consultant. Presented by:
For audio difficulties please use conference number: 515-739-1030 Access: 385039# Cyber (In)Security What Business Leaders Need To Know Presented by: Roy Luebke Innovation and Growth Consultant July 12,
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationCYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL
CYBER THREATS: REAL ESTATE FRAUD ADVISORY COUNCIL RAHUL GUPTA SENIOR DEPUTY DISTRICT ATTORNEY ORANGE COUNTY DISTRICT ATTORNEYS OFFICE CELL: 714-345-7722 EMAIL: rahul.gupta@da.ocgov.com DAVE WHITE INVESTIGATOR
More informationSecurity Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment
Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment Ray Colado, Information Security Analyst Raise awareness around information security to help
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Peter Thermos President & CTO Tel: (732) 688-0413 peter.thermos@palindrometech.com Palindrome Technologies 100 Village Court Suite
More informationRANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise
RANSOMWARE PROTECTION A Best Practices Approach to Securing Your Enterprise TABLE OF CONTENTS Introduction...3 What is Ransomware?...4 Employee Education...5 Vulnerability Patch Management...6 System Backups...7
More informationCyber Security: It s all about TRUST
www.pwc.com/vn Cyber Security: It s all about TRUST 29 th March 2017 Robert Tran Cybersecurity leader, Vietnam Content s Digital IQ Survey 1 Current state of Cybersecurity in Vietnam 2 2 Our global team
More informationCYBERSECURITY IN THE POST ACUTE ARENA AGENDA
CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities
More informationCybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale
Cybersecurity for the SMB CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale The high-profile breaches of Fortune 100 companies are the ones that get the headlines, but small and midsized
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationDeMystifying Data Breaches and Information Security Compliance
May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationCybersecurity- A Regulatory Perspective. Robert J. Lipot, CRISC Senior Financial Institutions Examiner Department of Business Oversight
Cybersecurity- A Regulatory Perspective Robert J. Lipot, CRISC Senior Financial Institutions Examiner Department of Business Oversight 1 Cybersecurity Issues Executive Order 13636 Key Areas of Focus Cyber
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationScans everything Finds everything Blocks... Everything.
Invest in the company with Trident CMP, a service that... Scans everything Finds everything Blocks... Everything. Deployment case studies of Trident CMP, the breakthrough cyber security service. For information
More informationACHIEVING FIFTH GENERATION CYBER SECURITY
ACHIEVING FIFTH GENERATION CYBER SECURITY A Survey Research Report of IT and Security Professionals MARCH 2018 INTRODUCTION The pursuit of the highest level of cyber security is a top priority for IT and
More informationBackground FAST FACTS
Background Terra Verde was founded in 2008 by cyber security, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance
More informationHOSTED SECURITY SERVICES
HOSTED SECURITY SERVICES A PROVEN STRATEGY FOR PROTECTING CRITICAL IT INFRASTRUCTURE AND DEVICES Being always-on, always-connected might be good for business, but it creates an ideal climate for cybercriminal
More informationTop Ten IT Security Risks CHRISTOPHER S. ELLINGWOOD SENIOR MANAGER, IT ASSURANCE SERVICES
Top Ten IT Security Risks - 2017 CHRISTOPHER S. ELLINGWOOD SENIOR MANAGER, IT ASSURANCE SERVICES INTRODUCTION IT S ALL CONNECTED IN 2017. All of our Top 10 risks impact both us as consumers and as professionals
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationClick to edit Master title style. DIY vs. Managed SIEM
DIY vs. Managed SIEM Meet Paul Paul Caiazzo Principal, Chief Security Architect CISSP, CISA, CEH M.S. Information Security and Assurance 15+ years of experience in Information Security Connect with me:
More informationWhat can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco
What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationLegal Aspects of Cybersecurity
Legal Aspects of Cybersecurity John W. Mashni Taylor A. Gast (517) 371-8257 (517) 371-8238 jmashni@fosterswift.com tgast@fosterswift.com Alexander A. Ayar (248) 538-6326 AAyar@FosterSwift.com Risks Data
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationToo Little Too Late: Top Reasons Why You Got Hacked
TUESDAY MAY 23,2017 2:00-3:15 PM Too Little Too Late: Top Reasons Why You Got Hacked MODERATOR SPEAKERS John Gross Director of Financial Management, City of Long Beach, CA Chad Alvarado Supervisory Special
More information