Download Document

Risk Management
BUILD WALLS, I WILL GET AROUND THEM
Abraham Lincoln
THE ENEMY WITHIN
• “At what point then is the approach of danger
to be expected? I answer, if it ever reach us, it
must spring up amongst us. It cannot come
from abroad. If destruction be our lot, we
must ourselves be its author and finisher.”
THE ENEMY WITHOUT
• “If I had eight hours to chop down a tree, I’d
spend six hour sharpening my ax.”
Family of hackers
HACKER?
CRACKER?
BLACK HAT?
SCRIPT
KIDDIE?
INSIDER?
Our own survey 2013 - regulatory
GOOD REASONS TO ORGANISE
• 2/3 + reported greater scrutiny from regulators in 2012
• 20% had faced an issue which led to a regulatory or
internal investigation in the last twelve months.
• 1/3 anticipate will face greater risk in 2013
• 80% engaged a technology vendor to help identify
instances of malfeasance and, in the event of an
investigation, to allow them to efficiently retrieve and sift
through data quickly and cost-effectively
CHINA
Greater China Risk Environment
•
•
•
•
•
•
Traditionally, security risk in China is rated as “low”
At a macro level, much of China is rated as a “medium” risk
The medium operational and political risk environment is impacting on the security
environment within China
Aspects of the security environment therefore pose challenges to business
Three significant operational issues that are having a direct impact on security:
• labour and commercial disputes during restructure
• information security and protection of intellectual property
• integrity risks that attract security risks
These concerns appear alongside the on-going need to improve physical security, supply chain
integrity and business resilience
China Corporate Restructuring –risks
•Government
1.
Bureaucratic/regulatory delays
and complications
2.
Government retaliation
3.
Inconsistent government support
4.
Intellectual property theft
•Labour
5.
Legal and procedural difficulties
6.
Unrest and protests
7.
Industrial action
8.
Denial of access
Extreme
Major
4
6
2
9
Moderate
3
8
5
1
7
11
10
Minor
Insignif.
•Direct threats
9.
Illegal detention
10. Coercive bargaining
11. Physical intimidation and threats
Rare
Unlikely
credible
Likely
Almost
certain
ENEMY WITHIN
Internal investigations - group
1 Going covert
2 Who to trust
3 Where IT is in on it
4 Going overt
5 Business continuity
Internal investigations - individual
1 Going covert
2 Data privacy
3 Using opportunity
4 Joining the dots
5 Business continuity
Pro-active Measures
• Broad Measures
– Strategic Audit and review
– Anti-corruption training and
compliance
– Due Diligence (on partners,
agents, suppliers etc)
– Compliance lines and
whistleblowing
– Risk assessment
– Practical guidance on
detecting ABC red flags and
resisting bribery
– Endorsements by the
board/leadership from the top
Electronic evidence Measures
• Email usage policies
• Social networking usage
policies
• Data archiving and destruction
policies
• Litigation hold measures
• Data identification and
mapping
Vulnerabilities
Examples of
keywords
suggesting
fraud???
How to get the
evidence
suggesting
motivations?
Lexical analysis
PRESSURE KEYWORDS
Meet the deadline, make sales quota, under the gun, problem, committing,
creative, concern, not sure, spread, revise
OPPORTUNITY KEYWORDS
Override, write off, recognise revenue, correct, appropriate, reserve, misconduct,
departing, discount, difficult, fail, critical
RATIONALISATION
It’s ok, sounds reasonable, I deserve, therefore, find out, get back, find it, figure
out, catch, doesn’t make sense
RED – worked from experience
GREEN – second level
Slack space – slack habits
THE 3 GOOD “C”S – Care, control and chain of custody
THE 3 BAD “C”S – People are candid, casual and careless from time to time
Chain of custody – signed documentation that the evidence moved / changed hands
Digital currency / IP Addresses / Deleted data / USB history – tell-tale signs
15
ENEMY WITHOUT
Four horsemen of the social apocalypse
•
SOCIAL ENGINEERING – Ability to manipulate a person to give
you personal and sensitive information
•
FRAUD SCHEMES – using social media to advertise fraud
schemes and investment vehicles. Either used as schemes that
seem legitimate used to trap and entice potential investors.
Another possibility is the use of a fraud scheme to offload
counterfeit or stolen goods.
•
PHISING SCHEMES – social media used to gather IDs and
passwords to commit identity theft. Send fraudulent links across
followers / friends of an account with the hope they will click on
the links and be prompted to enter passwords
•
DATA MINING – companies using vast amount of information
which is sold either for advertising or market research purposes.
Social media
• Smaller companies more likely than large to have policy
• 71% of mining, oil and gas industry employers prohibit any
use of social media
• 70% of recruiters and hiring managers use social media to
review online information about potential hires.
• Cisco produced a report stating that 64% of college
students would ask about social media usage in a job
interview
• 59% of companies in the media industry encourage the use
of social media
• 53% have a formal policy on social media, of which 65% in
retail, 62% manufacturing, 59% biz support, 31% real
estate, 29% construction, 36% wholesale trade
Social networking
•
•
•
•
•
•
•
•
•
•
Destroy productivity
Loss of confidential data
Misuse of personal data and privacy concerns
Damage to brand or reputation
Casual manner of use
Once disclosed hard to prevent dissemination
Employees become publishers
Burden of preservation for regulatory / legal purposes
Spoliation of evidence once created
Kill or control?
China
Sina Weibo
Launched 14 Aug 2009
56.5% OF Microblogging market
300M registered users
Similar penetration to Twitter in the US
100M msg / day
English version to be further
developed (subject to CN law)
China
Sina 86% of blogging time in China
Tencent may be catching up – stats
unreliable
Verification for “known person” user
(similar to Twitter)
Top 100 users have 485M followers
5,000 companies use
2,700 media organisations use
Blocking of blacklisted terms (manual
and automatic)
Hide and follow
Jan 5, 2012
Sina launch hide and
follow function
No longer show up as a
follower, following
secretly
Cyber-stalking issue
Sensitive words list
Twitter proxy use
(Several Regulations on Microblog Development and Administration Enacted by the
Beijing Government exist)
Who is talking to who
LEFT
Top ten fans of one
persons Weibo blog
in any given week
RIGHT
Potential fans who
commented and
republished this
blogger’s posts (some
may be Zombies)
Also by geography
“Real name” policy
March 16, 2012
Sina, Sohu, Netease, Tencent
Register name which
corresponds to government ID
card
March 19, 2012
Rumoured “fake number
generator” issues
Information stored in the identity database for biometric ID cards documents information such as
work history, educational background, religion, ethnicity, police record, medical insurance status,
landlord's phone number and personal reproductive history.
Unstoppable storm
围脖
Scarf
around
neck
(or
noose?)
People problems
•
•
•
•
•
•
•
•
•
•
You + your top guys
Your travellers
Your help desk
Sub-cons / distributors
Social engineering
Social media
IT updates
Aggressive reuse policy
Lack of corporate education
Move away from Blackberry
(preference)
• Data storage / Cloud
Vulnerabilities
•
•
•
•
•
•
•
•
•
•
USB
Wifi
A security specialist recently said, “Interested
in credit card theft? There’s an app for that.”
Bluetooth
VPN
Mobile device
Windows update / other user-installed updates
Locally stored data
Passwords (brute force attack)
Identity theft / keylogging
Spear phishing / whaling