a forensic accountant in cyber security - wordpress.com · 03-11-2017 · service (ddos) attacks...
TRANSCRIPT
Gertjan Groen, President ACFE Netherlands ChapterFraud Awareness Week Event ACFE Belgium14 November 2017, Brussels
A Forensic Accountant in Cyber Security
Personal Background
• Started my career in auditing (1988, KPMG)• Part of establishment and development of KPMG Forensic
Accounting NL (1993)• Self-employed (2007 – 2015)• Partner at BDO Forensics & Litigation Support NL (2015 – 2017)• Since June 2013 Board Member of ACFE The Netherlands
Chapter. As of May 1, 2017 President• As of October 1, 2017 Business Line Manager Forensics &
Incident Response at Fox-IT, member of NCC Group
This is not….
• A presentation from a Cyber Crime specialist• A presentation on Bits, Bites and techniques
Instead, this is a presentation… • Of a forensic accountant with 25 years of experience in
forensic accounting sharing his experience after (only) six weeks in cyber security
• About differences and similarities between fraud and cyber crime (or forensic accounting and cyber security)
• À titre personnel
My main search: where do Fraud and Cyber Crime meet?
• My hypotheses:
• there are a lot of similarities
• within the next 5 to 10 years fraud and cyber crime will come (more or less) together (and thus Forensic Accounting and Cyber Forensics)
• Next months to explore! Today I give my first reflections
Fox-IT Forensics & Incident Response in brief
• Part of Fox-IT Cyber Threat Management• Approx. 25 FTE• Services include:
• Incident Response (CERT)
• Forensics
• eDiscovery
• Compromise Assessments
• Response Readiness Assessments
Fraud goes back to 300 b.c.whereas Cyber Crime only goes back to
1971
1971 1981 1989 1994 1995 1999 2000 2000 2016/
2017‘Blue Box’.
Give away
whistle
used to
make free
phone calls
First cyber
crime
conviction
First large-
scale case
of ransom-
ware
Intro-
duction of
World
Wide Web
First
Macro-
viruses
Melissa virus
released.
Most
virulent
computer
infection to
date
Denial of
Service
(DDoS)
attacks
are
launched
Stuxnet.
Supposedly
developed to
sabotage the
nuclear
program of
Iran.
Wannacry,
Petya,
NotPetya
Cyber actors not your typical fraudster:
Intent
Capability
Disgruntled employees
Terrorists
Hacktivists
Script kiddies
Criminals
State actors
Do you remember?
Many cyber attacks come back to human: the weakest link
• The typical person has 26 password protected accounts• 60% of people reuse their password(s)• 11% uses only 1 (!) password for all of his accounts (just
imagine these people working at your organization….)• How do people remember passwords:
• 39% writes them down on a piece of paper
• 10% keeps them in a file on their computer
• 7% keeps them in a file on Dropbox or similar
• People publish a lot of personal information on social media –a valuable source for cyber criminals (e.g. CEO fraud)
Working in Cyber Security: time for me to have a look into the mirror!
A password isn’t a password unless…
….so I changed basically all my private passwords (> 50)!
Social media? My score (and probably not complete…).
What’s your score?? If you think it’s not a problem for you: your personal data can (also) be used to scam other people!
Cyber Crime threat landscape
• Cyber Crime is all around us and still growing. Are we sitting on a Volcano?
• Victimized organizations relatively naïve: try to resolve it themselves, often destroying evidence and/or increasing damage
• Internet of things!• Malware is traded on the internet and easily accessible:
cyber crime for everyone!• Threat of terrorists and State actors is increasing• Basically every organization can (and will) be a victim of
cyber crime – the main question is: are you prepared?
The Cyber incident: are you prepared?
• Do you have an incident response plan, including communication, retention of data, etc.?
• Do you have first incident handlers within your organization?• Do you have a Cyber Emergency Response Team (CERT?)• If not: do you have a retainer contract with an external CERT
provider?• Do you have a Cyber Insurance policy?• Etc.
In practice: majority of organizations are not prepared
at all!
Some differences between Cyber Crime and Fraud
• Fraud is usually detected afterwards; Cyber Crime can be detected in a very early stage
• Fraud is often committed by insiders, Cyber Crime usually by outsiders
• The identity of the fraudster often can be determined, whereas the identity of a cyber criminal usually is difficult to determine.
• In Fraud Risk Management relatively limited attention for Threat Intell. In Cyber Risk Management increasing attention – aim is to display vulnerabilities and predict potential attacks
Where Fraud and Cyber Crime (could) meet
• Cyber Crime more and more is a modus operandi of fraud (e.g. CEO-fraud and Man-in-the-Middle (MITM) attacks)
• Cyber forensics can support (traditional) fraud investigations and vice versa
• Like fraud awareness, cyber awareness usually only exists after an incident
• Cyber Security Framework looks like, sounds like …. Fraud Risk Management
ACFE Netherlands Chapter
• Approx. 320 members, of which less than 10 members
working in Cyber Security
• Members have background in private sector (banks,
insurance companies, law firms, multinationals, accountancy
& consultancy firms, etc.) and public sector (Police, Tax
Authorities, Public Oversight, etc.)
• 4 events per year, open to all members and their guests –
Belgian Chapter members welcome!
• New website www.acfe.nl