Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Sandy Boucher, Barry Kuang, Grant Thornton LLP
December 7, 2016
Cybersecurity –How to protectyourself and yourcompany?
Grant Thornton Canada
2© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
$597millionin revenue
over
2,700professionals
378 partners/principalsand
CanadiansnapshotReported combined 2015 statisticsfor Grant Thornton LLP andRaymond Chabot Grant Thornton,who together form Grant Thorntonin Canada, the Canadian memberfirms of Grant ThorntonInternational Ltd.
9 consecutive years (2008-2016)
143over
Canadianoffices
Three areas of focus for today
INTRODUCTION
3© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Update on current cybersecurity risks and trends
Overview of two recent data breach scenarios
Overview of what companies need to do to
Our latest research reveals that cyber attacksare taking a serious toll on business
CYBERSECURITY RISKS & TRENDS
4© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
The Grant Thornton International Business Report (IBR), a globalsurvey of 2,500 business leaders in 35 economies
Our latest research reveals that cyber attacksare taking a serious toll on business
CYBERSECURITY RISKS & TRENDS
5© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Nearly half of firms areputting themselves in the
firing line with nocomprehensive strategyto prevent digital crime.
Who and what is out there?
CYBERSECURITY RISKS & TRENDS
6© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
The whyFinancialIdeologicalRevenge
The whoCriminal enterpriseCyber insiderScript kiddiesHacktivistTerroristNation state
Criminal hackersNation state – defence &
commercial IP, any relevantintelligenceLarge syndicates – custom built
malware, targeted at significantenterprises. Seeking PII, financialand banking infoLower level groups/individualsfinancial gain, ransomwarefun/challenge
Employee Enabled Threats
CYBERSECURITY RISKS & TRENDS
7© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
The howSocial engineering
Clickbait: link or attachment
Drive by downloads
Watering hole attacks
Social networking attacks
Phishing
Spear phishing
Ransomware
CFO Fraud/whaling/BEC
Mobile malware
What are they After?
Financial gain
Personal Identifying Information
Financial/banking information
Intellectual property
Competitive intelligence
Clickbait
CYBERSECURITY RISKS & TRENDS
8© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
SymantecOperationShady RAT
CYBERSECURITY RISKS & TRENDS
9© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
SymantecOperation
Shady RAT
2006 – 2011
intrusionslasted from
1 – 28months
CYBERSECURITY RISKS & TRENDS
10© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Carbanak bank attack
CYBERSECURITY RISKS & TRENDS
11© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Sample AlphaBay (a dark web marketplace)
CYBERSECURITY RISKS & TRENDS
12© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Who and what is out there?
CYBERSECURITY RISKS & TRENDS
13© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Who and what is out there?
CYBERSECURITY RISKS & TRENDS
14© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
DyreMalware
CYBERSECURITY RISKS & TRENDS
15© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
DyreMalware
CYBERSECURITY RISKS & TRENDS
16© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Ransomware & other tools are cheap
CYBERSECURITY RISKS & TRENDS
17© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Ransomware & Extortion
18© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
CYBERSECURITY RISKS & TRENDS
Employee Response Rate to Cyber Attack byEmail
CYBERSECURITY RISKS & TRENDS
19© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
https://www.nomoreransom.org/
CYBERSECURITY RISKS & TRENDS
20© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Case Studies
DATA BREACH CASE STUDIES
21© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Ransomware Attack – 2016 Canada
DATA BREACH CASE STUDIES
22© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
1. Client server is hit by a ransomware employee clicked on anemail attachment
2. No AV system present
3. "Backup system" was on an external USB drive – attached at thetime of the attack and encrypted
4. Did not pay ransom before due date had to rebuild files frompaper documents
RansomwareAttack –2016 Canada
DATA BREACH CASE STUDIES
23© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Ransomware Attack – 2016 Canada
DATA BREACH CASE STUDIES
24© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
RansomwareAttack -Canada
DATA BREACH CASE STUDIES
25© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Ransomware Attack - Canada
DATA BREACH CASE STUDIES
26© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Ransomware Attack - Canada
DATA BREACH CASE STUDIES
27© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Ransomware Attack - Canada
DATA BREACH CASE STUDIES
28© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Ransomware Attack - Canada
DATA BREACH CASE STUDIES
29© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Server breach case - Canada
HOW TO PROTECT YOUR ORGANIZATION
30© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
1. Client server is hit by a ransomware. mention of earlier "bot net"problem that was fixed by their IT.
2. External IT support is a travel agent away on a 2 month trip
3. Available logs went back to 2015-10-8 (6 months before thediscovery)
4. The victim struggled to get rid of the problem by installingmultiple anti-virus solutions.
5. Breached by multiple IP addresses from around the world
6. Server was used to buy and sell online gaming equipment
Serverbreachcase-Canada
DATA BREACH CASE STUDIES
31© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Serverbreachcase-Canada
DATA BREACH CASE STUDIES
32© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Serverbreachcase-Canada
DATA BREACH CASE STUDIES
33© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Serverbreachcase-Canada
DATA BREACH CASE STUDIES
34© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Server breach case - Canada
HOW TO PROTECT YOUR ORGANIZATION
35© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
» System breached through remote desktop service, used by clientfor smaller office
» Router was not properly configured AND no proper firewall used
» Multiple hackers able to breach security with brute force attack
» Initial breach symptoms not properly understood by management
» Eventually lost all their data over their busiest time of the yearAND required a complete rebuild
» Unable to access any systems including payroll, email, clientmanagement software etc.
What we are seeing
HOW TO PROTECT YOUR ORGANIZATION
36© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
» Cyber awareness is very low for both management & employees
» 85% of cyber incidents we have dealt with have been ransomware
» 98% of victim organizations did not have commercial AVsoftware
» 99% of victim organizations did not have sufficient data backup
» 100% of victims used outsourced IT contractors
» 99% of infected computers were Windows based
» In more sophisticated hacks, time to discovery is months or longer
» Low level of knowledge on cyber insurance
What we are seeing
HOW TO PROTECT YOUR ORGANIZATION
37© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Network Perimeter Security
HOW TO PROTECT YOUR ORGANIZATION
38© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Traditional responses to cyber threats havebeen IT based and focused on what we canbuild to protect our systems and the datathey contain. Network Perimeter Security
Recently the focus has changed to a morecomprehensive approach – cyber threats are abusiness issue, not an IT issue.
Forward thinking organizations tend to view theproblem differently.
What is out there that we should worry about?
What information and data assets do we have thatneed protecting?
Where are the weaknesses in our system?
Where should we focus our resources tomaximize the impact?
Network Perimeter Security
HOW TO PROTECT YOUR ORGANIZATION
39© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Perimeter defence is obsolete
Defence in depth or layered defence
Awareness
Staff training – the human firewall
Adequate backups (offline & physical)
Risk assessment
Resilience
Cyber insurance
Cybersecurity Functions and Elements
HOW TO PROTECT YOUR ORGANIZATION
40© 2016 Grant Thornton LLP. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Governance Policies Risk assessmentand system
reviews
Data privacy Incident responseand
investigations
Digitaltechnology
security
Payment security Businessresilience
Third-partyassurance
Identity andaccess
management
Security trainingand professional
development
Number points
41© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
Managementawareness. what data &systems are vulnerable
Risk assessment – whatare your key digitalassets, vulnerabilities?
Train employees, cybersecurity awareness bestpractices
Ensure AV, firewalland backups areadequate
Assume a breach willhappen and planaccordingly
Have a cyber incidentresponse plan. Who, what,how, remediation,recovery, communication
Audit • Tax • Advisory© 2016 Grant Thornton Corporate Finance Inc. A Canadian Member of Grant Thornton International Ltd. All rights reserved.
www.grantthornton.ca
Sandy Boucher,Senior Investigator, GrantThornton LLPT +1 416 369 7027E [email protected]