Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Grant Thornton LLP. All rights reserved. Johnny Lee Managing Director Forensic, Investigative and Dispute Services Skip Westfall Managing Director, Forensic.

Published byRosamond Skinner Modified over 8 years ago

Similar presentations

Presentation on theme: "© Grant Thornton LLP. All rights reserved. Johnny Lee Managing Director Forensic, Investigative and Dispute Services Skip Westfall Managing Director, Forensic."— Presentation transcript:

1 © Grant Thornton LLP. All rights reserved. Johnny Lee Managing Director Forensic, Investigative and Dispute Services Skip Westfall Managing Director, Forensic Technology Services Practice Leader Heightened manufacturing Cyber Risks in a complex, interconnected world

2 2 © Grant Thornton LLP. All rights reserved. Cybersecurity in 2015 What's out there? –Cyber breaches Understanding cyber crime –Anatomy of a cyber attack –Protecting yourself and your company Preparedness is all – vigilance and response –Common barriers to adoption –Vigilance –Response Summary –Risk areas –Next steps © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

3 Data breaches 3 Ripped from the headlines Target Neiman Marcus eBaySony $61 million $4.1 millionTBD $171 million TJ Maxx $74.6 million Staples Sony P.F. Chang's Dairy Queen Honda © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

4 What's out there? 4 Cost of a data breach Source: http://bruns-pak.com © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

5 5 The anatomy of an attack © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

6 Common Fact Pattern 6 Fraud event Accessed accounting database After-hours VPN access Direct bank deposits Large online purchases Created fake company on LegalZoom © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

7 Vigilance 7 Protecting yourself, your company, and your customers © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

8 Common barriers to adoption Data Breaches 8 It will never happen to me Our network is secure We are not a big company We don't have any personal information, so we aren't a target We have never been attacked © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

9 9 © Grant Thornton LLP. All rights reserved. Major impediments to developing an enterprise- wide cybersecurity strategy SURVEY FINDING The most common impediment to developing an enterprise-wide cybersecurity strategy is a lack of understanding of the risks and potential impacts of a breach This common issue leaves valuable information exposed 29% Budget constraints 46% Lack of understanding of risks 9% Lack of consensus of strategy 11% Lack of perceived value

10 Vigilance 10 © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

11 11 Verify electronic requests Spear phishing Emails asking for passwords Phone calls asking to verify information Proper handling of PII Shred before putting in trash Do not email PII Do not give out PII over phone Personal mobile phones/electronic devices Beware of emails with trojans/malware Be careful with USB drives Verify apps and programs Protecting your organization Vigilance © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

12 12 Report suspicious activity –Law enforcement –Employer –Bank or financial institution Devices –Strong passwords –Keep device software up to date –Limit amount of data kept online Online profile –Learn to spot phishing emails –Be careful on social media –Monitor accounts Vigilance Summary © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

13 Incident Response 13 Responding to an incident © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd

14 Incident response dimensions © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 14 Incident / Breach Litigation Regulatory response

15 Offenders do not publicize their breaches –the longer the silence, the greater the value of the stolen data Following a breach: –Work with a third-party to gain situational awareness –Work with your organization's PR group to communicate the breach to the public Engage IRT team Recovery most likely will “spoil” evidence –Rebooting many systems “pops” log files –Some Trojans remove themselves by the booting process Investigation most likely will delay systems interruptions –A detailed forensic investigation may take days Post-attack procedures © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 15

16 Have Incident Response Team (IRT) trained and ready Vendor management program responsibility Constant vigilance IT audit procedures Table-top exercises Have warm standby systems Effective DR or BCP plan can allow for an investigation to proceed while recovery is effected Planning is Key... © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 16

17 Axiom © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 17 Treat every cyber breach as if it will end up in a criminal prosecution.

18 © 2015 Grant Thornton LLP. All rights reserved. What should companies be doing?

19 1.Compromised credentials 2.Phishing: most popular cyber weapon 3.Social media: don’t friend your enemies 4.Mobile devices: multiplying opportunities of attack –Leave it at home; lock it down; employ dynamic policies 5.Cloud computing: cloudy with a chance of infiltration –Understand the configuration; vendor due diligence 6.Software vulnerabilities: Underbelly of your IT environment –Anticipate and defend; define normal to identify abnormal –Phone home malware, RAM scraping, backdoor malware 7.Insider threats Seven risks areas for all businesses © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 19 www.forrester.com/Consumer+Security+Market+Trends+2009+To+2010+EvolvingThreats & Defenses

20 20 © Grant Thornton LLP. All rights reserved. Safeguard the organization against cyber threats 1.Map and classify data 2.Conduct a vulnerability assessment 3.Develop an incident response plan 4.Conduct a vendor assessment 5.Evaluate insurance coverage 6.Create a risk profile 7.Stay on top of compliance obligations 8.Set a cybersecurity risk management strategy Key actions:

21 Questions © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 21

22 22 © Grant Thornton LLP. All rights reserved. Thank you Skip Westfall Managing Director and Forensic Technology Services Practice Leader T 832.476.5000 E skip.westfall@us.gt.com © 2015 Grant Thornton LLP | All rights reserved | U.S. member firm of Grant Thornton International Ltd 22 Questions?

Download ppt "© Grant Thornton LLP. All rights reserved. Johnny Lee Managing Director Forensic, Investigative and Dispute Services Skip Westfall Managing Director, Forensic."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Rise in cyber attacks at US companies “This threat to our country’s economic and national security, and to companies’ bottom line, is real and it is growing.”

Rise in cyber attacks at US companies “This threat to our country’s economic and national security, and to companies’ bottom line, is real and it is growing.”
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.

OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.

Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.
General Awareness Training

General Awareness Training
InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.

InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Similar presentations

Ads by Google