© Grant Thornton LLP. All rights reserved. Johnny Lee Managing Director Forensic, Investigative and Dispute Services Skip Westfall Managing Director, Forensic.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Springfield Technical Community College Security Awareness Training.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Rise in cyber attacks at US companies “This threat to our country’s economic and national security, and to companies’ bottom line, is real and it is growing.”
Critical Data Management Indiana University HR Summit April 24, 2014.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.
Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.
General Awareness Training
InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
POWERED BY: #NPPROTGC KEYNOTE Two Perspectives for Cybersecurity Best Practices Jane LeClair, Phd Chief Operating Officer National Cybersecurity Institute.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.
Presentation to Senior Management MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
A PM’s Guide to Surviving A Data Breach. Compliance: PCI QSA and PCI Gap Analysis FISMA HIPAA SSAE 16 GLBA, Red Flags Response Incident Response and Disaster.
Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
February 2, 2016 | Chicago NFA Cybersecurity Workshop.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:
2015 TCPA WASHINGTON SUMMIT | SEPT. 27TH-29TH | WASHINGTON DC The Anatomy of a Breach Phillip Naples, Pritchard & Jerden, Inc. Jeremy Henley, ID Experts.
HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health.
Lesson 10A: The Three D’s of Identify Theft
Law Firm Data Security: What In-house Counsel Need to Know
3 Do you monitor for unauthorized intrusion activity?
Cybersecurity - What’s Next? June 2017
Case Study - Target.
Team 1 – Incident Response
Data Minimization Framework
Information Security.
Responding to Intrusions
Data Compromises: A Tax Practitioners “Nightmare”
Cyber Protections: First Step, Risk Assessment
Forensics Week 11.
Chapter 3: IRS and FTC Data Security Rules
Cybersecurity Awareness
I have many checklists: how do I get started with cyber security?
Andy Hall – Cyber & Tech INSURANCE Specialist
Keeping your data, money & reputation safe
Cyber Risk & Cyber Insurance - Overview
Considerations for Cybersecurity and Data Security in Today’s World
Business Compromise and Cyber Threat
Cyber Security: What the Head & Board Need to Know
Microsoft Data Insights Summit
Anatomy of a Common Cyber Attack
Presentation transcript:

© Grant Thornton LLP. All rights reserved. Johnny Lee Managing Director Forensic, Investigative and Dispute Services Skip Westfall Managing Director, Forensic Technology Services Practice Leader Heightened manufacturing Cyber Risks in a complex, interconnected world

2 © Grant Thornton LLP. All rights reserved. Cybersecurity in 2015 What's out there? –Cyber breaches Understanding cyber crime –Anatomy of a cyber attack –Protecting yourself and your company Preparedness is all – vigilance and response –Common barriers to adoption –Vigilance –Response Summary –Risk areas –Next steps © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

Data breaches 3 Ripped from the headlines Target Neiman Marcus eBaySony $61 million $4.1 millionTBD $171 million TJ Maxx $74.6 million Staples Sony P.F. Chang's Dairy Queen Honda © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

What's out there? 4 Cost of a data breach Source: © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

5 The anatomy of an attack © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

Common Fact Pattern 6 Fraud event Accessed accounting database After-hours VPN access Direct bank deposits Large online purchases Created fake company on LegalZoom © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

Vigilance 7 Protecting yourself, your company, and your customers © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

Common barriers to adoption Data Breaches 8 It will never happen to me Our network is secure We are not a big company We don't have any personal information, so we aren't a target We have never been attacked © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

9 © Grant Thornton LLP. All rights reserved. Major impediments to developing an enterprise- wide cybersecurity strategy SURVEY FINDING The most common impediment to developing an enterprise-wide cybersecurity strategy is a lack of understanding of the risks and potential impacts of a breach This common issue leaves valuable information exposed 29% Budget constraints 46% Lack of understanding of risks 9% Lack of consensus of strategy 11% Lack of perceived value

Vigilance 10 © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

11 Verify electronic requests Spear phishing s asking for passwords Phone calls asking to verify information Proper handling of PII Shred before putting in trash Do not PII Do not give out PII over phone Personal mobile phones/electronic devices Beware of s with trojans/malware Be careful with USB drives Verify apps and programs Protecting your organization Vigilance © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

12 Report suspicious activity –Law enforcement –Employer –Bank or financial institution Devices –Strong passwords –Keep device software up to date –Limit amount of data kept online Online profile –Learn to spot phishing s –Be careful on social media –Monitor accounts Vigilance Summary © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

Incident Response 13 Responding to an incident © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

Incident response dimensions © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 14 Incident / Breach Litigation Regulatory response

Offenders do not publicize their breaches –the longer the silence, the greater the value of the stolen data Following a breach: –Work with a third-party to gain situational awareness –Work with your organization's PR group to communicate the breach to the public Engage IRT team Recovery most likely will “spoil” evidence –Rebooting many systems “pops” log files –Some Trojans remove themselves by the booting process Investigation most likely will delay systems interruptions –A detailed forensic investigation may take days Post-attack procedures © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 15

Have Incident Response Team (IRT) trained and ready Vendor management program responsibility Constant vigilance IT audit procedures Table-top exercises Have warm standby systems Effective DR or BCP plan can allow for an investigation to proceed while recovery is effected Planning is Key... © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 16

Axiom © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 17 Treat every cyber breach as if it will end up in a criminal prosecution.

© 2015 Grant Thornton LLP. All rights reserved. What should companies be doing?

1.Compromised credentials 2.Phishing: most popular cyber weapon 3.Social media: don’t friend your enemies 4.Mobile devices: multiplying opportunities of attack –Leave it at home; lock it down; employ dynamic policies 5.Cloud computing: cloudy with a chance of infiltration –Understand the configuration; vendor due diligence 6.Software vulnerabilities: Underbelly of your IT environment –Anticipate and defend; define normal to identify abnormal –Phone home malware, RAM scraping, backdoor malware 7.Insider threats Seven risks areas for all businesses © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 19 & Defenses

20 © Grant Thornton LLP. All rights reserved. Safeguard the organization against cyber threats 1.Map and classify data 2.Conduct a vulnerability assessment 3.Develop an incident response plan 4.Conduct a vendor assessment 5.Evaluate insurance coverage 6.Create a risk profile 7.Stay on top of compliance obligations 8.Set a cybersecurity risk management strategy Key actions:

Questions © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 21

22 © Grant Thornton LLP. All rights reserved. Thank you Skip Westfall Managing Director and Forensic Technology Services Practice Leader T E © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 22 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.