© Hitachi Systems Security Inc. 2018. All rights reserved.

Cyber Fraud & Social Engineering

CAACM 12th Conference and AGMJune 29, 2018

Presented by Fadi Albatal, Chief Strategy Officer

1© Hitachi Systems Security Inc. 2018. All rights reserved.

What is Fraud

The origin of the word fraud comes from the Latin fraus or fraudis “Harm Done to Someone”

Wrongful or criminal deception intended to result in financial or personal gain.

2© Hitachi Systems Security Inc. 2018. All rights reserved.

A History of fraud

– In 300 B.C., when a Greek merchant name Hegestratos took out a large insurance policy known as bottomry. Basically, the merchant borrows money and agrees to pay it back with interest when the cargo, in this case corn, is delivered. If the loan is not paid back, the lender can acquire the boat and its cargo.

– Hegestratos planned to sink his empty boat, keep the loan and sell the corn. It didn't work out, and he drowned trying to escape his crew passengers when they caught him in the act.

First recorded fraud case

3© Hitachi Systems Security Inc. 2018. All rights reserved.

A History of fraud – Snapshot

Selling the Roman Empire

The French Revolution

Mr. Ponzi Madoff SWIFT

4© Hitachi Systems Security Inc. 2018. All rights reserved.

In the News: Cyber Fraud

5© Hitachi Systems Security Inc. 2018. All rights reserved.

In the News: Cyber Fraud

Source: Cyber Risk for the Financial Sector(International Monetary Fund, 2018)

6© Hitachi Systems Security Inc. 2018. All rights reserved.

Statistics

Data records lost or stolen since 2013 (as of June 26, 2018):

Data records are lost or stolen at the following frequency:

Every Second

56 Records

Every Minute

3,374 Records

Every Hour

202,464 Records

Every Day

4,859,125 Records

Source: https://breachlevelindex.com/

7© Hitachi Systems Security Inc. 2018. All rights reserved.

Statistics (ct’d)

The World Economic Forum (WEF) 2018 Global Risks Report includes cybersecurity threats as one of its four key areas. It predicts that cyberattacks will constitute the third largest global threat in 2018. (Source: WEF)

Cybercriminals continue to use social engineering as a means to carry out attacks (Source: ISACA)

43% of all documented breaches involved social engineering attacks! (Source: Verizon 2017 Data Breach Investigations Report)

Every 40 seconds a business falls victim to a ransomware attack. (Source: Forbes)

The 5 most cyber-attacked industries in 2015 — healthcare, manufacturing, financial services, government, and transportation — are the same in 2017 and predicted to remain so for 2018. (Source: Forbes)

8© Hitachi Systems Security Inc. 2018. All rights reserved.

Social Engineering = The #1 Cyber Threat

9© Hitachi Systems Security Inc. 2018. All rights reserved.

What is Social Engineering?

Social engineering is essentially the

art of gaining access to buildings,

systems or data by exploiting

human psychology, rather than by

breaking in or using technical

hacking techniques.

For example, instead of trying to find

a software vulnerability, a social

engineer might call an employee and

pose as an IT support person, trying

to trick the employee into divulging

his password.

(Source: What is Social Engineering? CSO Online, 2017) © Hitachi Systems Security Inc. 2018. All rights reserved.

10© Hitachi Systems Security Inc. 2018. All rights reserved.

Why Social Engineering?

11© Hitachi Systems Security Inc. 2018. All rights reserved.

Social Engineering for the Masses

When Big Data and AI Become a Weapon

12© Hitachi Systems Security Inc. 2018. All rights reserved.

The New Face of Social Engineering…

13© Hitachi Systems Security Inc. 2018. All rights reserved.

• In March 2018, Facebook came under

intensifying scrutiny by lawmakers and

regulators after news reports in March

that a political consulting firm,

Cambridge Analytica, misused the

private information of tens of millions

of Facebook users.

The Flipside of Social Engineering: U.S. Elections

• U.S. Senator Ted Cruz's presidential campaign relied on

Cambridge Analytica for over $5.8 million in “psychographic

targeting” services, according to federal records. Ted Cruz

is now known as “the guy who gave Cambridge Analytica

all that Facebook data”

• Both Cruz and his chief rival for the Republican presidential

nomination, Donald Trump, used the firm throughout the

campaign to target voters they believed might be

sympathetic to their causes.

14© Hitachi Systems Security Inc. 2018. All rights reserved.

The Flipside of Social Engineering: Brexit Vote

15© Hitachi Systems Security Inc. 2018. All rights reserved.

Cambridge Analytica & AI: An Unignorable Lesson

• Data is becoming the new valuable commodity in the business world

• Artificial Intelligence (AI) is increasingly adopted by organizations to remain competitive and offer better products and services

• The more data you give an AI platform the better it performs

• The Cambridge Analytica scandal has shown that publicly available data can be easily used to influence people’s decisions

“As this wonderful technology evolves, responsible AI needs to partner with responsible CIOs—those who understand the appropriate importance of data security and the nuance between AI products and AI solutions.”

Cambridge Analytica & AI – The Unignorable Lesson for CIOs, 2018

16© Hitachi Systems Security Inc. 2018. All rights reserved.

Fraud in The Smart City and IoT Era

SMART CITY ≠ SAFE CITY

≠

IoT SECURITY THREAT MAP

NEW THREAT

EXAMPLES

NEW INTERFACE

VULNERABILITIES

NOISY IoT SECURITY ENVIRONMENT

BUILDINGS

ENERGY

HEALTHCARE LIFE &

SCIENCEINDUSTRIAL

TRANSPORTATION

RETAIL

SECURITY / PUBLICSAFETY

IT & NETWORKS

CONTROL SYSTEMS

BIG DATA

USERS

SYSTEM

OPERATORS

PLATFORMS

NETWORKS

EDGE DEVICES

SCADA etc

EMBEDEDSYSTEMS

LOCALWIRELESS

OPERATING SYSTEMS

INTEGRATIONIN SEMICONDUCTORS/IP

SATELLITE

FIXED CELLULAR

LPWANDATA

BASES

APIs SQL

BAN & PAN

AUTHENTICATION

AUTHORISATION

APPLICATION HIJACKING

PHYSICAL INTRUSION (DPA etc.)

IoT INTER-SECTOR INTERACTIONS

PLAINTEXT

DOS

CONSUMER

& HOME

ITTYPICAL M2MAPPLICATION

19© Hitachi Systems Security Inc. 2018. All rights reserved.

Practical

Advise

20© Hitachi Systems Security Inc. 2018. All rights reserved.

Tips to Fight Against Fraud

Comprehensive security Policy

Educate your People

Be Aware

Enforce Policies

Training Program

Test your effectiveness

Monitor and Adjust

21© Hitachi Systems Security Inc. 2018. All rights reserved.

2

Questions?