consolidated slides from 11 8 18 fraud cyber crime
play

Consolidated Slides from 11-8-18 Fraud & Cyber-crime - PowerPoint PPT Presentation

Jul 19, 2023 •205 likes •1.11k views

Consolidated Slides from 11-8-18 Fraud & Cyber-crime Presentations FBI: Threat Analysis Slides Not Provided Internal Control Reviews Summary Report State Auditor: Detecting Fraud (no videos) Evolving Controls Summary of

  1. Consolidated Slides from 11-8-18 Fraud & Cyber-crime Presentations • FBI: Threat Analysis Slides Not Provided • Internal Control Reviews Summary Report • State Auditor: Detecting Fraud (no videos) • Evolving Controls • Summary of Risks & Tools 1

  2. Agenda • 8:30 Opening by Auditor Greg Kimsey • 8:35 FBI Cyber Threat Analysis • 9:30 Internal Control Reviews, 2018 • 9:40 Break • 9:55 State Auditor Office: Detect Fraud • 10:50 Evolving Controls • 11:20 IT Progress Report • 11:30 Summary of Risk and Tools • 11:40 Closing by Mark Gassaway 2

  3. Agenda • 8:30 Opening by Auditor Greg Kimsey • 8:35 FBI Cyber Threat Analysis • 9:30 Internal Control Reviews, 2018 • 9:40 Break • 9:55 State Auditor Office: Detect Fraud • 10:50 Evolving Controls • 11:20 IT Progress Report • 11:30 Summary of Risk and Tools • 11:40 Closing by Mark Gassaway 1

  4. Summary of 2018 Auditor’s Unscheduled Internal Control Reviews Trends, Issues and Recommendations Tom Nosack, Senior Management Analyst Clark County Auditor’s Office November 8, 2018 v.2

  5. 3

  6. Does it matter how it happened? 4

  7. A loss comes from a variety of sources • External Attack: Hacking, spoofing, phishing • Internal Attack: Theft, Fraud, Curiosity • Internal Error: Poor controls, carelessness, distraction, inadequate separation of duties 5

  8. Internal Controls • Effective internal controls are the best tool against most risks • You need to check your internal controls regularly to make sure they are effective. • Who can you call for help? 6

  9. Clark County Code • Section 2.14 “The auditor is authorized to examine any office, department, political subdivision or organization which receives appropriations from the board of county commissioners.” • Section 2.14.030(a): (The auditor) must “appraise the adequacy and completeness of internal controls” 7

  10. How much is at risk? Clark County holds about $38,000 to $40,000 in cash daily – but much more than this passes through the financial system 2017 pass through: over 455,700 transactions in excess of $245,000,000 Treasurer ($201m), CD ($36m) are $237m of $245m 8

  11. Bob, the amateur Fish Talker 9

  12. Bob, the Amateur Fish Talker Auditors want to talk to ME? 10

  13. Internal Controls Reviews: the ICR • The ICR is not an audit, but checking internal controls is part of an audit. • An ICR is a limited review of your group’s cash and general security operations. • The visit may be a cash count, a review of cash handling, security procedures or storage standards. 11

  14. What to Expect from a Visit • Auditors arrive and self-identify • Verify what is on hand for cash account • Reconcile the account to last statement • Observe receipting and cash handling • Discuss internal controls & issues • Written report in 3-5 days 12

  15. Recent ICR History 2017 2018 • 23 visits to: • 22 visits to: – Auditor – Community Development – Community Development – Community Services – Community Services – District Court – Clerk – General Services – District Court – Public Works – General Services – Prosecuting Attorney – Public Health – Sheriff’s Office – Public Works – Treasurer – Prosecuting Attorney – Superior Court – Sheriff’s Office – Treasurer 13

  16. 2018 Summary Results • 28 recommendations from 23 visits • Overall: – Policies and procedures need more attention – Management needs more active oversight – Decrease variance in daily account balances 14

  17. Progress on 2017 Problem Areas 2017 2018 • Security of valuables • Improved • Custodian list not accurate • Improved • No Change • Written procedures inaccurate • No Change • Too few management reviews • Needs • Cash handling variances Improvement 15

  18. Who did well in 2018? 16

  19. Who did well in 2018? • 23 visits to: – Community Development – Community Services – District Court – General Services – Public Works Two Tactical Detectives – Prosecuting Attorney Unit Funds – Sheriff’s Office – Treasurer Two Drug Task Force Funds 17

  20. A real Fish Talker… 18

  21. …doesn’t need a fishing pole 19

  22. Summary • We can help you with planning, deploying, and testing of internal controls • Visits are on a three year rotation, but… • Actual visits will vary based on risk A happy fish… 20

  23. …isn’t on the end of a line - Thank You! 21

  24. Cybersecurity risks: A local government perspective Aaron Munn, CISSP, ISRM, MSCE – IT Security Team Manager O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  25. Learning objectives  Role of Auditor’s Office in cybersecurity  Weapons and tactics used against local governments  Detecting and defending against cyberattacks 2 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  26. Part 1 State Auditor’s Office Role 3 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  27. State Auditor’s Office role in cybersecurity  Audit programs  Performance audits  Attestations  Accountability  Performance Center collaboration  Phase 1 : Develop a list of desired resources and determine if they already exist or need to be developed in-house  Phase 2 : Evaluate resources that already exist and communicate their availability  Phase 3 : Develop selected new resources, and post and communicate their availability 4 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  28. Cybersecurity risk assessment  How the Auditor’s Office does it  An “all-in” approach  Third-party assistance  Relationships between departments 5 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  29. Part 2 Weapons and tactics used against local governments 6 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  30. Hackmageddon statistics 7 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  31. Malicious actors 8 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  32. Ransomware Cause : System misconfiguration / possible phishing attack Risk : Public safety Possible cost : Reduced response times for first responders Value to thief : High payback if successful 9 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  33. Ransomware 10 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  34. Data breach Cause : Employee misuse Risk : Loss of confidential employee records Possible cost : 250,000 records x $75 = $18 million Value to thief : Access to confidential records 11 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  35. Data breach 12 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  36. Spear-phishing Cause : Successful phishing attack Risk : Targeting government accounts (usernames and passwords) Possible cost : Currently under investigation Value to thief : Easier than ransomware, access to address book and government network 13 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  37. Spear-phishing 14 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  38. Business email compromise Cause : No or ineffective internal controls Risk : Loss of funds (theft) Possible cost : Average loss for BEC victims is $130,000, according to FBI Value to thief : Simple, low overhead, quick return 15 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  39. Business email compromise 16 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  40. Phishing attack and data breach Cause : Successful phishing attack Risk : Data breach Cost : Commissioners approved paying $5,000 for the insurance deductible Value to thief: High return on investment 17 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  41. Phishing attack and data breach 18 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  42. Business email compromise Cause : Employee sent confidential information to fake City administration email account Risk : Data breach Possible cost : Fraud protection for hundreds of employees, reputational harm Value to thief: Multiple victims, high financial return 19 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  43. Business email compromise Manually run video # z1 now 20 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  44. Business email compromise Cause : Business email compromise Risk : Loss of funds Cost : $49,284 Value to thief: Low risk, quick result 21 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  45. Business email compromise 22 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  46. Business email compromise Cause : Employee clicked link in email Risk : Ransomware attack Cost : Almost $10,000 Value to thief: Low risk, quick result 23 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

  47. Business email compromise 24 O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Crime & IT Fraud Could your organisation survive if it lost $20,000? $50,000? Or $1

Cyber Crime & IT Fraud Could your organisation survive if it lost $20,000? $50,000? Or $1

Speaker: Stuart Hutcheon (Partner - StewartBrown) Cyber Crime & IT Fraud Could your organisation survive if it lost $20,000? $50,000? Or $1 million overnight? Overview History Categories of Cyber Crime Contents and Outline

320 views • 19 slides
Scams, Fraud and Cyber Crime PC Tom Lee See here the Take five to stop fraud video: YouTube More

Scams, Fraud and Cyber Crime PC Tom Lee See here the Take five to stop fraud video: YouTube More

Scams, Fraud and Cyber Crime PC Tom Lee See here the Take five to stop fraud video: YouTube More information on the Take five website. 1.0 million 3.4 million Cyber crime and Fraud 4.4 million All other crime 6.2 million 0 1000 2000

672 views • 53 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent & Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
WHY CRIME? Financial Fraud Action UK report Q4 2016 WHY CRIME? Financial Fraud Action UK

WHY CRIME? Financial Fraud Action UK report Q4 2016 WHY CRIME? Financial Fraud Action UK

WHY CRIME? Financial Fraud Action UK report Q4 2016 WHY CRIME? Financial Fraud Action UK report Q4 2017 WHY NOW? A steep learning curve ? I NEED CYBER @Many in our industry 3 EVERYONE HAS A FRAUD EXPOSURE OUR CLIENTS HAVE

633 views • 34 slides
Cyber Crime & Fraud What does it mean to you? Tom Lyes | Key Relationship Manager The

Cyber Crime & Fraud What does it mean to you? Tom Lyes | Key Relationship Manager The

Cyber Crime & Fraud What does it mean to you? Tom Lyes | Key Relationship Manager The Practical Vision Network Who we are Lawyer Checker Launched in 2013 223bn in property transactions exchanged every year Growing product portfolio

254 views • 21 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
CYBER FRAUD Presented by: JACK R. SUDOL, MBA Cyber Fraud FBI Announcement Between October

CYBER FRAUD Presented by: JACK R. SUDOL, MBA Cyber Fraud FBI Announcement Between October

CYBER FRAUD Presented by: JACK R. SUDOL, MBA Cyber Fraud FBI Announcement Between October 2013 and December 2016 the FBI reported 40,203 incidents of BEC/EAC totaling $5.3 Billion Dollars of Losses! The number of wire fraud scams

997 views • 20 slides
International Cyber Crime Logan Hendershot Outline CSI International Cyber Crime

International Cyber Crime Logan Hendershot Outline CSI International Cyber Crime

International Cyber Crime Logan Hendershot Outline CSI International Cyber Crime Challenges of Cyber Crime International Aspects Conclusion/My Opinion Cyber Crime Example Reported Directly to FBI Challenges of Cyber Crime

372 views • 10 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
Cyber Crime Candice Sutherland (Lady_Liabs) WHAT IS CYBER CRIME Any criminal activity that

Cyber Crime Candice Sutherland (Lady_Liabs) WHAT IS CYBER CRIME Any criminal activity that

Cyber Crime Candice Sutherland (Lady_Liabs) WHAT IS CYBER CRIME Any criminal activity that involves a computer or the Internet NORTON Advancements in the healthcare industry, many of which are driven by technology, have resulted in

405 views • 12 slides
The Work of the New Zealand Serious Fraud Office White Collar Crime and Serious Fraud Conference

The Work of the New Zealand Serious Fraud Office White Collar Crime and Serious Fraud Conference

The Work of the New Zealand Serious Fraud Office White Collar Crime and Serious Fraud Conference AUCKLAND 2 JULY 2010 WHAT IS THE SERIOUS FRAUD OFFICE? SFO: An Overview Mandate investigate and prosecute serious or complex fraud Part 1 -

421 views • 13 slides
What is a tax crime? England and Wales Fraud (s1 Fraud Act 2006) False Accounting

What is a tax crime? England and Wales Fraud (s1 Fraud Act 2006) False Accounting

Tax Crimes Times are changing? Comsure Breakfast Briefing 11 th June 2015 Pomme DOr Hotel Simon Thomas Advocate What is a tax crime? England and Wales Fraud (s1 Fraud Act 2006) False Accounting (s17 Theft Act 1968)

331 views • 20 slides
Cyber Safety How to Stay Connected & Protected Overview Cybe Cyber r Fr Fraud aud &

Cyber Safety How to Stay Connected & Protected Overview Cybe Cyber r Fr Fraud aud &

Cyber Safety How to Stay Connected & Protected Overview Cybe Cyber r Fr Fraud aud & Cybe & Cybercri rcrime me Online Fraud and Cyber Scams Quiz What percent of people dont use a passcode for their smartphone? A. 10% B.

611 views • 30 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Protecting your business from Cyber Crime Presented by Jennie Williams Cyber Protect Officer

Protecting your business from Cyber Crime Presented by Jennie Williams Cyber Protect Officer

Protecting your business from Cyber Crime Presented by Jennie Williams Cyber Protect Officer Jennie.williams_cyber@titan.pnn.police.uk www.titanrocu.org.uk TITAN-ROCU @titanrocu TITAN-ROCU Cyber Dependant Crime (Pure Cyber Crime) Cyber

749 views • 15 slides
Cyber payments fraud February 2020 Confidential For Discussion & General Information

Cyber payments fraud February 2020 Confidential For Discussion & General Information

Cyber payments fraud February 2020 Confidential For Discussion & General Information Purposes Only Online Payments fraud agenda New and evolving threats in the fraud landscape Critical strategies your organization needs for fraud

329 views • 18 slides
Co - opetition Barry Nalebuff Yale School of Management New Haven, CT 06520 Version 5/7/96

Co - opetition Barry Nalebuff Yale School of Management New Haven, CT 06520 Version 5/7/96

Co - opetition Barry Nalebuff Yale School of Management New Haven, CT 06520 Version 5/7/96 Business is War and Peace Cooperation in creating value Competition in dividing it up Not cycles of War, Peace, War ... Simultaneously War and

925 views • 60 slides
3Q19 Earnings Conference November 20, 2019 Legal Disclaimers Forward-Looking Statements This

3Q19 Earnings Conference November 20, 2019 Legal Disclaimers Forward-Looking Statements This

3Q19 Earnings Conference November 20, 2019 Legal Disclaimers Forward-Looking Statements This document contains forward-looking statements within the meaning of the safe harbor provisions of the United States Private Securities Litigation

541 views • 31 slides
Peptidomimetic inhibitors of ABC transporters Marie-Emmanuelle Million 1 , Ophlie Arnaud 2 ,

Peptidomimetic inhibitors of ABC transporters Marie-Emmanuelle Million 1 , Ophlie Arnaud 2 ,

Peptidomimetic inhibitors of ABC transporters Marie-Emmanuelle Million 1 , Ophlie Arnaud 2 , Graldine Agusti 3 ,Wal Zeinyeh 4 , Lucia Gonzalez-Lobato 2 , Ali Koubeissi 4 , Laurent Ettouati 4, *, Thierry Lomberget 4 , Joelle Paris 4 , Marc Le

523 views • 25 slides
International Symposium Alternative in vitro methods to characterize the role of Endocrine Active

International Symposium Alternative in vitro methods to characterize the role of Endocrine Active

International Symposium Alternative in vitro methods to characterize the role of Endocrine Active Substances (EASs) in human hormone- targeted tissues Rome, December 17, 2012 Human sperm (epi)genetic biomarkers to assess the impact of

298 views • 26 slides
Peninsula Clean Energy Board of Directors Retreat September 28, 2019 Agenda Call to order /

Peninsula Clean Energy Board of Directors Retreat September 28, 2019 Agenda Call to order /

Peninsula Clean Energy Board of Directors Retreat September 28, 2019 Agenda Call to order / Roll call Public Comment Action to set the agenda and approve consent items 2 Regular Agenda 7:30 8:00 Breakfast 8:00 8:15

1.2k views • 119 slides
Estimating Value at Risk Eric Marsden <eric.marsden@risk-engineering.org> Do you know how

Estimating Value at Risk Eric Marsden <eric.marsden@risk-engineering.org> Do you know how

Estimating Value at Risk Eric Marsden <eric.marsden@risk-engineering.org> Do you know how risky your bank is? 1 Understand measures of fjnancial risk, including Value at Risk 2 Understand the impact of correlated risks 3 Know how to use

542 views • 43 slides
Mechanisms and Algorithms Shuai Yuan, MediaGamma Ltd Weinan Zhang, UCL Jun Wang, UCL

Mechanisms and Algorithms Shuai Yuan, MediaGamma Ltd Weinan Zhang, UCL Jun Wang, UCL

ECIR16 Tutorial Real-Time Bidding based Display Advertising: Mechanisms and Algorithms Shuai Yuan, MediaGamma Ltd Weinan Zhang, UCL Jun Wang, UCL Shuai.yuan@mediagamma.com {w.zhang, j.wang}@cs.ucl.ac.uk Table of contents RTB system

1.31k views • 101 slides
$ Lesson Eight Saving and Investing 04/09 pay yourself first (a little can add up) example 1:

$ Lesson Eight Saving and Investing 04/09 pay yourself first (a little can add up) example 1:

Presentation Slides $ Lesson Eight Saving and Investing 04/09 pay yourself first (a little can add up) example 1: Save this each week At % Interest In 10 years youll have $7.00 5% $4,720 $14.00 5% $9,441 $21.00 5% $14,161 $28.00

438 views • 17 slides

More recommend