Cyber Fraud & Social Engineering - caacm · A History of fraud –In 300 B.C., when a Greek...
Transcript of Cyber Fraud & Social Engineering - caacm · A History of fraud –In 300 B.C., when a Greek...
© Hitachi Systems Security Inc. 2018. All rights reserved.
Cyber Fraud & Social Engineering
CAACM 12th Conference and AGMJune 29, 2018
Presented by Fadi Albatal, Chief Strategy Officer
1© Hitachi Systems Security Inc. 2018. All rights reserved.
What is Fraud
The origin of the word fraud comes from the Latin fraus or fraudis “Harm Done to Someone”
Wrongful or criminal deception intended to result in financial or personal gain.
2© Hitachi Systems Security Inc. 2018. All rights reserved.
A History of fraud
– In 300 B.C., when a Greek merchant name Hegestratos took out a large insurance policy known as bottomry. Basically, the merchant borrows money and agrees to pay it back with interest when the cargo, in this case corn, is delivered. If the loan is not paid back, the lender can acquire the boat and its cargo.
– Hegestratos planned to sink his empty boat, keep the loan and sell the corn. It didn't work out, and he drowned trying to escape his crew passengers when they caught him in the act.
First recorded fraud case
3© Hitachi Systems Security Inc. 2018. All rights reserved.
A History of fraud – Snapshot
Selling the Roman Empire
The French Revolution
Mr. Ponzi Madoff SWIFT
5© Hitachi Systems Security Inc. 2018. All rights reserved.
In the News: Cyber Fraud
Source: Cyber Risk for the Financial Sector(International Monetary Fund, 2018)
6© Hitachi Systems Security Inc. 2018. All rights reserved.
Statistics
Data records lost or stolen since 2013 (as of June 26, 2018):
Data records are lost or stolen at the following frequency:
Every Second
56 Records
Every Minute
3,374 Records
Every Hour
202,464 Records
Every Day
4,859,125 Records
Source: https://breachlevelindex.com/
7© Hitachi Systems Security Inc. 2018. All rights reserved.
Statistics (ct’d)
The World Economic Forum (WEF) 2018 Global Risks Report includes cybersecurity threats as one of its four key areas. It predicts that cyberattacks will constitute the third largest global threat in 2018. (Source: WEF)
Cybercriminals continue to use social engineering as a means to carry out attacks (Source: ISACA)
43% of all documented breaches involved social engineering attacks! (Source: Verizon 2017 Data Breach Investigations Report)
Every 40 seconds a business falls victim to a ransomware attack. (Source: Forbes)
The 5 most cyber-attacked industries in 2015 — healthcare, manufacturing, financial services, government, and transportation — are the same in 2017 and predicted to remain so for 2018. (Source: Forbes)
8© Hitachi Systems Security Inc. 2018. All rights reserved.
Social Engineering = The #1 Cyber Threat
9© Hitachi Systems Security Inc. 2018. All rights reserved.
What is Social Engineering?
Social engineering is essentially the
art of gaining access to buildings,
systems or data by exploiting
human psychology, rather than by
breaking in or using technical
hacking techniques.
For example, instead of trying to find
a software vulnerability, a social
engineer might call an employee and
pose as an IT support person, trying
to trick the employee into divulging
his password.
(Source: What is Social Engineering? CSO Online, 2017) © Hitachi Systems Security Inc. 2018. All rights reserved.
11© Hitachi Systems Security Inc. 2018. All rights reserved.
Social Engineering for the Masses
When Big Data and AI Become a Weapon
13© Hitachi Systems Security Inc. 2018. All rights reserved.
• In March 2018, Facebook came under
intensifying scrutiny by lawmakers and
regulators after news reports in March
that a political consulting firm,
Cambridge Analytica, misused the
private information of tens of millions
of Facebook users.
The Flipside of Social Engineering: U.S. Elections
• U.S. Senator Ted Cruz's presidential campaign relied on
Cambridge Analytica for over $5.8 million in “psychographic
targeting” services, according to federal records. Ted Cruz
is now known as “the guy who gave Cambridge Analytica
all that Facebook data”
• Both Cruz and his chief rival for the Republican presidential
nomination, Donald Trump, used the firm throughout the
campaign to target voters they believed might be
sympathetic to their causes.
14© Hitachi Systems Security Inc. 2018. All rights reserved.
The Flipside of Social Engineering: Brexit Vote
15© Hitachi Systems Security Inc. 2018. All rights reserved.
Cambridge Analytica & AI: An Unignorable Lesson
• Data is becoming the new valuable commodity in the business world
• Artificial Intelligence (AI) is increasingly adopted by organizations to remain competitive and offer better products and services
• The more data you give an AI platform the better it performs
• The Cambridge Analytica scandal has shown that publicly available data can be easily used to influence people’s decisions
“As this wonderful technology evolves, responsible AI needs to partner with responsible CIOs—those who understand the appropriate importance of data security and the nuance between AI products and AI solutions.”
Cambridge Analytica & AI – The Unignorable Lesson for CIOs, 2018
IoT SECURITY THREAT MAP
NEW THREAT
EXAMPLES
NEW INTERFACE
VULNERABILITIES
NOISY IoT SECURITY ENVIRONMENT
BUILDINGS
ENERGY
HEALTHCARE LIFE &
SCIENCEINDUSTRIAL
TRANSPORTATION
RETAIL
SECURITY / PUBLICSAFETY
IT & NETWORKS
CONTROL SYSTEMS
BIG DATA
USERS
SYSTEM
OPERATORS
PLATFORMS
NETWORKS
EDGE DEVICES
SCADA etc
EMBEDEDSYSTEMS
LOCALWIRELESS
OPERATING SYSTEMS
INTEGRATIONIN SEMICONDUCTORS/IP
SATELLITE
FIXED CELLULAR
LPWANDATA
BASES
APIs SQL
BAN & PAN
AUTHENTICATION
AUTHORISATION
APPLICATION HIJACKING
PHYSICAL INTRUSION (DPA etc.)
IoT INTER-SECTOR INTERACTIONS
PLAINTEXT
DOS
CONSUMER
& HOME
ITTYPICAL M2MAPPLICATION
20© Hitachi Systems Security Inc. 2018. All rights reserved.
Tips to Fight Against Fraud
Comprehensive security Policy
Educate your People
Be Aware
Enforce Policies
Training Program
Test your effectiveness
Monitor and Adjust