consolidated slides from 11 8 18 fraud cyber crime
play

Consolidated Slides from 11-8-18 Fraud & Cyber-crime - PowerPoint PPT Presentation

Jul 19, 2023 •205 likes •1.11k views

Consolidated Slides from 11-8-18 Fraud & Cyber-crime Presentations FBI: Threat Analysis Slides Not Provided Internal Control Reviews Summary Report State Auditor: Detecting Fraud (no videos) Evolving Controls Summary of

  1. Consolidated Slides from 11-8-18 Fraud & Cyber-crime Presentations • FBI: Threat Analysis Slides Not Provided • Internal Control Reviews Summary Report • State Auditor: Detecting Fraud (no videos) • Evolving Controls • Summary of Risks & Tools 1

  2. Agenda • 8:30 Opening by Auditor Greg Kimsey • 8:35 FBI Cyber Threat Analysis • 9:30 Internal Control Reviews, 2018 • 9:40 Break • 9:55 State Auditor Office: Detect Fraud • 10:50 Evolving Controls • 11:20 IT Progress Report • 11:30 Summary of Risk and Tools • 11:40 Closing by Mark Gassaway 2

  3. Agenda • 8:30 Opening by Auditor Greg Kimsey • 8:35 FBI Cyber Threat Analysis • 9:30 Internal Control Reviews, 2018 • 9:40 Break • 9:55 State Auditor Office: Detect Fraud • 10:50 Evolving Controls • 11:20 IT Progress Report • 11:30 Summary of Risk and Tools • 11:40 Closing by Mark Gassaway 1

  4. Summary of 2018 Auditor’s Unscheduled Internal Control Reviews Trends, Issues and Recommendations Tom Nosack, Senior Management Analyst Clark County Auditor’s Office November 8, 2018 v.2

  5. 3

  6. Does it matter how it happened? 4

  7. A loss comes from a variety of sources • External Attack: Hacking, spoofing, phishing • Internal Attack: Theft, Fraud, Curiosity • Internal Error: Poor controls, carelessness, distraction, inadequate separation of duties 5

  8. Internal Controls • Effective internal controls are the best tool against most risks • You need to check your internal controls regularly to make sure they are effective. • Who can you call for help? 6

  9. Clark County Code • Section 2.14 “The auditor is authorized to examine any office, department, political subdivision or organization which receives appropriations from the board of county commissioners.” • Section 2.14.030(a): (The auditor) must “appraise the adequacy and completeness of internal controls” 7

  10. How much is at risk? Clark County holds about $38,000 to $40,000 in cash daily – but much more than this passes through the financial system 2017 pass through: over 455,700 transactions in excess of $245,000,000 Treasurer ($201m), CD ($36m) are $237m of $245m 8

  11. Bob, the amateur Fish Talker 9

  12. Bob, the Amateur Fish Talker Auditors want to talk to ME? 10

  13. Internal Controls Reviews: the ICR • The ICR is not an audit, but checking internal controls is part of an audit. • An ICR is a limited review of your group’s cash and general security operations. • The visit may be a cash count, a review of cash handling, security procedures or storage standards. 11

  14. What to Expect from a Visit • Auditors arrive and self-identify • Verify what is on hand for cash account • Reconcile the account to last statement • Observe receipting and cash handling • Discuss internal controls & issues • Written report in 3-5 days 12

  15. Recent ICR History 2017 2018 • 23 visits to: • 22 visits to: – Auditor – Community Development – Community Development – Community Services – Community Services – District Court – Clerk – General Services – District Court – Public Works – General Services – Prosecuting Attorney – Public Health – Sheriff’s Office – Public Works – Treasurer – Prosecuting Attorney – Superior Court – Sheriff’s Office – Treasurer 13

  16. 2018 Summary Results • 28 recommendations from 23 visits • Overall: – Policies and procedures need more attention – Management needs more active oversight – Decrease variance in daily account balances 14

  17. Progress on 2017 Problem Areas 2017 2018 • Security of valuables • Improved • Custodian list not accurate • Improved • No Change • Written procedures inaccurate • No Change • Too few management reviews • Needs • Cash handling variances Improvement 15

  18. Who did well in 2018? 16

  19. Who did well in 2018? • 23 visits to: – Community Development – Community Services – District Court – General Services – Public Works Two Tactical Detectives – Prosecuting Attorney Unit Funds – Sheriff’s Office – Treasurer Two Drug Task Force Funds 17

  20. A real Fish Talker… 18

  21. …doesn’t need a fishing pole 19

  22. Summary • We can help you with planning, deploying, and testing of internal controls • Visits are on a three year rotation, but… • Actual visits will vary based on risk A happy fish… 20

  23. …isn’t on the end of a line - Thank You! 21

  24. Cybersecurity risks: A local government perspective Aaron Munn, CISSP, ISRM, MSCE – IT Security Team Manager O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  25. Learning objectives  Role of Auditor’s Office in cybersecurity  Weapons and tactics used against local governments  Detecting and defending against cyberattacks 2 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  26. Part 1 State Auditor’s Office Role 3 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  27. State Auditor’s Office role in cybersecurity  Audit programs  Performance audits  Attestations  Accountability  Performance Center collaboration  Phase 1 : Develop a list of desired resources and determine if they already exist or need to be developed in-house  Phase 2 : Evaluate resources that already exist and communicate their availability  Phase 3 : Develop selected new resources, and post and communicate their availability 4 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  28. Cybersecurity risk assessment  How the Auditor’s Office does it  An “all-in” approach  Third-party assistance  Relationships between departments 5 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  29. Part 2 Weapons and tactics used against local governments 6 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  30. Hackmageddon statistics 7 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  31. Malicious actors 8 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  32. Ransomware Cause : System misconfiguration / possible phishing attack Risk : Public safety Possible cost : Reduced response times for first responders Value to thief : High payback if successful 9 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  33. Ransomware 10 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  34. Data breach Cause : Employee misuse Risk : Loss of confidential employee records Possible cost : 250,000 records x $75 = $18 million Value to thief : Access to confidential records 11 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  35. Data breach 12 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  36. Spear-phishing Cause : Successful phishing attack Risk : Targeting government accounts (usernames and passwords) Possible cost : Currently under investigation Value to thief : Easier than ransomware, access to address book and government network 13 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  37. Spear-phishing 14 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  38. Business email compromise Cause : No or ineffective internal controls Risk : Loss of funds (theft) Possible cost : Average loss for BEC victims is $130,000, according to FBI Value to thief : Simple, low overhead, quick return 15 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  39. Business email compromise 16 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  40. Phishing attack and data breach Cause : Successful phishing attack Risk : Data breach Cost : Commissioners approved paying $5,000 for the insurance deductible Value to thief: High return on investment 17 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  41. Phishing attack and data breach 18 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  42. Business email compromise Cause : Employee sent confidential information to fake City administration email account Risk : Data breach Possible cost : Fraud protection for hundreds of employees, reputational harm Value to thief: Multiple victims, high financial return 19 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  43. Business email compromise Manually run video # z1 now 20 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  44. Business email compromise Cause : Business email compromise Risk : Loss of funds Cost : $49,284 Value to thief: Low risk, quick result 21 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  45. Business email compromise 22 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  46. Business email compromise Cause : Employee clicked link in email Risk : Ransomware attack Cost : Almost $10,000 Value to thief: Low risk, quick result 23 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  47. Business email compromise 24 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

Recommend

Cyber Crime & IT Fraud Could your organisation survive if it lost $20,000? $50,000? Or $1

Cyber Crime & IT Fraud Could your organisation survive if it lost $20,000? $50,000? Or $1

Speaker: Stuart Hutcheon (Partner - StewartBrown) Cyber Crime & IT Fraud Could your organisation survive if it lost $20,000? $50,000? Or $1 million overnight? Overview History Categories of Cyber Crime Contents and Outline

320 views • 19 slides
Scams, Fraud and Cyber Crime PC Tom Lee See here the Take five to stop fraud video: YouTube More

Scams, Fraud and Cyber Crime PC Tom Lee See here the Take five to stop fraud video: YouTube More

Scams, Fraud and Cyber Crime PC Tom Lee See here the Take five to stop fraud video: YouTube More information on the Take five website. 1.0 million 3.4 million Cyber crime and Fraud 4.4 million All other crime 6.2 million 0 1000 2000

672 views • 53 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent & Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
WHY CRIME? Financial Fraud Action UK report Q4 2016 WHY CRIME? Financial Fraud Action UK

WHY CRIME? Financial Fraud Action UK report Q4 2016 WHY CRIME? Financial Fraud Action UK

WHY CRIME? Financial Fraud Action UK report Q4 2016 WHY CRIME? Financial Fraud Action UK report Q4 2017 WHY NOW? A steep learning curve ? I NEED CYBER @Many in our industry 3 EVERYONE HAS A FRAUD EXPOSURE OUR CLIENTS HAVE

633 views • 34 slides
Cyber Crime & Fraud What does it mean to you? Tom Lyes | Key Relationship Manager The

Cyber Crime & Fraud What does it mean to you? Tom Lyes | Key Relationship Manager The

Cyber Crime & Fraud What does it mean to you? Tom Lyes | Key Relationship Manager The Practical Vision Network Who we are Lawyer Checker Launched in 2013 223bn in property transactions exchanged every year Growing product portfolio

254 views • 21 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
CYBER FRAUD Presented by: JACK R. SUDOL, MBA Cyber Fraud FBI Announcement Between October

CYBER FRAUD Presented by: JACK R. SUDOL, MBA Cyber Fraud FBI Announcement Between October

CYBER FRAUD Presented by: JACK R. SUDOL, MBA Cyber Fraud FBI Announcement Between October 2013 and December 2016 the FBI reported 40,203 incidents of BEC/EAC totaling $5.3 Billion Dollars of Losses! The number of wire fraud scams

997 views • 20 slides
International Cyber Crime Logan Hendershot Outline CSI International Cyber Crime

International Cyber Crime Logan Hendershot Outline CSI International Cyber Crime

International Cyber Crime Logan Hendershot Outline CSI International Cyber Crime Challenges of Cyber Crime International Aspects Conclusion/My Opinion Cyber Crime Example Reported Directly to FBI Challenges of Cyber Crime

372 views • 10 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
Cyber Crime Candice Sutherland (Lady_Liabs) WHAT IS CYBER CRIME Any criminal activity that

Cyber Crime Candice Sutherland (Lady_Liabs) WHAT IS CYBER CRIME Any criminal activity that

Cyber Crime Candice Sutherland (Lady_Liabs) WHAT IS CYBER CRIME Any criminal activity that involves a computer or the Internet NORTON Advancements in the healthcare industry, many of which are driven by technology, have resulted in

405 views • 12 slides
The Work of the New Zealand Serious Fraud Office White Collar Crime and Serious Fraud Conference

The Work of the New Zealand Serious Fraud Office White Collar Crime and Serious Fraud Conference

The Work of the New Zealand Serious Fraud Office White Collar Crime and Serious Fraud Conference AUCKLAND 2 JULY 2010 WHAT IS THE SERIOUS FRAUD OFFICE? SFO: An Overview Mandate investigate and prosecute serious or complex fraud Part 1 -

421 views • 13 slides
What is a tax crime? England and Wales Fraud (s1 Fraud Act 2006) False Accounting

What is a tax crime? England and Wales Fraud (s1 Fraud Act 2006) False Accounting

Tax Crimes Times are changing? Comsure Breakfast Briefing 11 th June 2015 Pomme DOr Hotel Simon Thomas Advocate What is a tax crime? England and Wales Fraud (s1 Fraud Act 2006) False Accounting (s17 Theft Act 1968)

331 views • 20 slides
Cyber Safety How to Stay Connected & Protected Overview Cybe Cyber r Fr Fraud aud &

Cyber Safety How to Stay Connected & Protected Overview Cybe Cyber r Fr Fraud aud &

Cyber Safety How to Stay Connected & Protected Overview Cybe Cyber r Fr Fraud aud & Cybe & Cybercri rcrime me Online Fraud and Cyber Scams Quiz What percent of people dont use a passcode for their smartphone? A. 10% B.

611 views • 30 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Protecting your business from Cyber Crime Presented by Jennie Williams Cyber Protect Officer

Protecting your business from Cyber Crime Presented by Jennie Williams Cyber Protect Officer

Protecting your business from Cyber Crime Presented by Jennie Williams Cyber Protect Officer Jennie.williams_cyber@titan.pnn.police.uk www.titanrocu.org.uk TITAN-ROCU @titanrocu TITAN-ROCU Cyber Dependant Crime (Pure Cyber Crime) Cyber

749 views • 15 slides
Cyber payments fraud February 2020 Confidential For Discussion & General Information

Cyber payments fraud February 2020 Confidential For Discussion & General Information

Cyber payments fraud February 2020 Confidential For Discussion & General Information Purposes Only Online Payments fraud agenda New and evolving threats in the fraud landscape Critical strategies your organization needs for fraud

329 views • 18 slides
Fraud and the Internet Sandra Peaston Deputy Head of Financial Crime and Strategic Intelligence

Fraud and the Internet Sandra Peaston Deputy Head of Financial Crime and Strategic Intelligence

Fraud and the Internet Sandra Peaston Deputy Head of Financial Crime and Strategic Intelligence 10 th February 2015 This evenings presentation What is Cifas The Identity Fraud Problem Reeling you in how phishing works Fraud in

243 views • 23 slides
Prioritising the Fight Against Fraud: A Strategic Approach The Association of Certified Fraud

Prioritising the Fight Against Fraud: A Strategic Approach The Association of Certified Fraud

Prioritising the Fight Against Fraud: A Strategic Approach The Association of Certified Fraud Examiners (ACFE) is an international, professional organization dedicated to fighting fraud and white-collar crime . As fraud becomes increasingly more

373 views • 24 slides
Cyber Fraud Trends - Authentication Ralph Thomas - iDefense Malcode Intelligence

Cyber Fraud Trends - Authentication Ralph Thomas - iDefense Malcode Intelligence

20 th Annual FIRST Conference Cyber Fraud Trends - Authentication Ralph Thomas - iDefense Malcode Intelligence rthomas@idefense.com, +1.571.723.1978 June, 2008 Cyber Fraud Disruptors Anti-virus Windows Vista Firewall Stopped

321 views • 16 slides
Financial crime prevention A brief overview of mortgage fraud and how you can help to prevent

Financial crime prevention A brief overview of mortgage fraud and how you can help to prevent

Financial crime prevention A brief overview of mortgage fraud and how you can help to prevent it. This information is for use by FCA authorised intermediaries only and must not be distributed to potential borrowers. What is mortgage fraud?

243 views • 5 slides
90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO HUMAN ERROR ERROR CYBER AWARE CYBER AWARE NEXT-GEN SECURITY AWARENESS TRAINING Cyber Crime Is Now A Cyber Crime Is Now A Business Opportunity

550 views • 25 slides
Operation Signature Protecting the vulnerable from Fraud Sarah Cohen Crime Prevention Advisor

Operation Signature Protecting the vulnerable from Fraud Sarah Cohen Crime Prevention Advisor

Operation Signature Protecting the vulnerable from Fraud Sarah Cohen Crime Prevention Advisor How it all began Tom Beckett from West Sussex sent over 100,000 to Scammers Scam the Secret Crime Click on this link to play a short

324 views • 14 slides
Fighting Cyber Crime Introduction Regional Cyber Protect Officer for SEROCU To engage with, and

Fighting Cyber Crime Introduction Regional Cyber Protect Officer for SEROCU To engage with, and

Fighting Cyber Crime Introduction Regional Cyber Protect Officer for SEROCU To engage with, and develop relationships with companies and organisations within the region to promote cyber security and the role of the SEROCU CCU. The Regional

217 views • 18 slides
Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation

Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation

Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation Baltimore Division Overview Cyber Threat Overview Cyber-enabled Fraud Types of Cyber-enabled Fraud Business Email Compromise

796 views • 47 slides

More recommend