a forensic accountant in cyber security - wordpress.com · 03-11-2017 · service (ddos) attacks...
TRANSCRIPT
![Page 1: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/1.jpg)
Gertjan Groen, President ACFE Netherlands ChapterFraud Awareness Week Event ACFE Belgium14 November 2017, Brussels
A Forensic Accountant in Cyber Security
![Page 2: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/2.jpg)
Personal Background
• Started my career in auditing (1988, KPMG)• Part of establishment and development of KPMG Forensic
Accounting NL (1993)• Self-employed (2007 – 2015)• Partner at BDO Forensics & Litigation Support NL (2015 – 2017)• Since June 2013 Board Member of ACFE The Netherlands
Chapter. As of May 1, 2017 President• As of October 1, 2017 Business Line Manager Forensics &
Incident Response at Fox-IT, member of NCC Group
![Page 3: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/3.jpg)
This is not….
• A presentation from a Cyber Crime specialist• A presentation on Bits, Bites and techniques
Instead, this is a presentation… • Of a forensic accountant with 25 years of experience in
forensic accounting sharing his experience after (only) six weeks in cyber security
• About differences and similarities between fraud and cyber crime (or forensic accounting and cyber security)
• À titre personnel
![Page 4: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/4.jpg)
My main search: where do Fraud and Cyber Crime meet?
• My hypotheses:
• there are a lot of similarities
• within the next 5 to 10 years fraud and cyber crime will come (more or less) together (and thus Forensic Accounting and Cyber Forensics)
• Next months to explore! Today I give my first reflections
![Page 5: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/5.jpg)
Fox-IT Forensics & Incident Response in brief
• Part of Fox-IT Cyber Threat Management• Approx. 25 FTE• Services include:
• Incident Response (CERT)
• Forensics
• eDiscovery
• Compromise Assessments
• Response Readiness Assessments
![Page 6: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/6.jpg)
Fraud goes back to 300 b.c.whereas Cyber Crime only goes back to
1971
1971 1981 1989 1994 1995 1999 2000 2000 2016/
2017‘Blue Box’.
Give away
whistle
used to
make free
phone calls
First cyber
crime
conviction
First large-
scale case
of ransom-
ware
Intro-
duction of
World
Wide Web
First
Macro-
viruses
Melissa virus
released.
Most
virulent
computer
infection to
date
Denial of
Service
(DDoS)
attacks
are
launched
Stuxnet.
Supposedly
developed to
sabotage the
nuclear
program of
Iran.
Wannacry,
Petya,
NotPetya
![Page 7: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/7.jpg)
Cyber actors not your typical fraudster:
Intent
Capability
Disgruntled employees
Terrorists
Hacktivists
Script kiddies
Criminals
State actors
![Page 8: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/8.jpg)
Do you remember?
![Page 9: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/9.jpg)
Many cyber attacks come back to human: the weakest link
• The typical person has 26 password protected accounts• 60% of people reuse their password(s)• 11% uses only 1 (!) password for all of his accounts (just
imagine these people working at your organization….)• How do people remember passwords:
• 39% writes them down on a piece of paper
• 10% keeps them in a file on their computer
• 7% keeps them in a file on Dropbox or similar
• People publish a lot of personal information on social media –a valuable source for cyber criminals (e.g. CEO fraud)
![Page 10: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/10.jpg)
Working in Cyber Security: time for me to have a look into the mirror!
![Page 11: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/11.jpg)
A password isn’t a password unless…
….so I changed basically all my private passwords (> 50)!
![Page 12: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/12.jpg)
Social media? My score (and probably not complete…).
What’s your score?? If you think it’s not a problem for you: your personal data can (also) be used to scam other people!
![Page 13: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/13.jpg)
Cyber Crime threat landscape
• Cyber Crime is all around us and still growing. Are we sitting on a Volcano?
• Victimized organizations relatively naïve: try to resolve it themselves, often destroying evidence and/or increasing damage
• Internet of things!• Malware is traded on the internet and easily accessible:
cyber crime for everyone!• Threat of terrorists and State actors is increasing• Basically every organization can (and will) be a victim of
cyber crime – the main question is: are you prepared?
![Page 14: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/14.jpg)
The Cyber incident: are you prepared?
• Do you have an incident response plan, including communication, retention of data, etc.?
• Do you have first incident handlers within your organization?• Do you have a Cyber Emergency Response Team (CERT?)• If not: do you have a retainer contract with an external CERT
provider?• Do you have a Cyber Insurance policy?• Etc.
In practice: majority of organizations are not prepared
at all!
![Page 15: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/15.jpg)
Some differences between Cyber Crime and Fraud
• Fraud is usually detected afterwards; Cyber Crime can be detected in a very early stage
• Fraud is often committed by insiders, Cyber Crime usually by outsiders
• The identity of the fraudster often can be determined, whereas the identity of a cyber criminal usually is difficult to determine.
• In Fraud Risk Management relatively limited attention for Threat Intell. In Cyber Risk Management increasing attention – aim is to display vulnerabilities and predict potential attacks
![Page 16: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/16.jpg)
Where Fraud and Cyber Crime (could) meet
• Cyber Crime more and more is a modus operandi of fraud (e.g. CEO-fraud and Man-in-the-Middle (MITM) attacks)
• Cyber forensics can support (traditional) fraud investigations and vice versa
• Like fraud awareness, cyber awareness usually only exists after an incident
• Cyber Security Framework looks like, sounds like …. Fraud Risk Management
![Page 17: A Forensic Accountant in Cyber Security - WordPress.com · 03-11-2017 · Service (DDoS) attacks are launched Stuxnet. Supposedly developed to sabotage the nuclear program of Iran](https://reader031.vdocuments.net/reader031/viewer/2022022600/5b3de5987f8b9a9a098c125e/html5/thumbnails/17.jpg)
ACFE Netherlands Chapter
• Approx. 320 members, of which less than 10 members
working in Cyber Security
• Members have background in private sector (banks,
insurance companies, law firms, multinationals, accountancy
& consultancy firms, etc.) and public sector (Police, Tax
Authorities, Public Oversight, etc.)
• 4 events per year, open to all members and their guests –
Belgian Chapter members welcome!
• New website www.acfe.nl