Social Hour with MARCUM

Christopher J. LapradeExecutive Vice PresidentADNET Technologies, LLC

MARCUM LLPSocial Hour Brought to you by:

3

Heather B. Bearfield, CISA, CISM, CRISC

Principal, Marcum LLP – Assurance Services

Heather B. Bearfield is a Principal in the Firm’s Boston office and serves as the National Technology Assurance Services Practice Group Leader. She is also a member of its National Alternative Investment, Healthcare and Financial Services Industry Groups. Ms. Bearfield has extensive experience with SOC engagements, internal and external audits, application reviews, internal and external vulnerability assessments, wireless assessments and penetration testing.

Ms. Bearfield has comprehensive experience in multiple aspects of Risk Management across business operations including regulatory compliance. She executes compliance engagements according to various regulations including SOX, MA 201 CMR 17.00 (Data Security), HIPAA Privacy, HIPAA Security, Meaningful Use, Dodd Frank, SOC1, 2, 3 and FISMA. She identifies process and control weaknesses, analyzes complex systems and works with clients to streamline operations within time and resource constraints. Also she is responsible for conducting global and nationwide IT Risk Assessments and IT Control Assessments in numerous vertical markets inclusive of manufacturing, banks, financial services, colocation hosting facilities and application service providers.

Ms. Bearfield 's main focus has been around data security and CyberSecurity. Engagements include vulnerability assessments, penetration testing, controls testing and social engineering.

Ms. Bearfield manages Sarbanes- Oxley engagements and control assessments of corporate IT functions to ensure appropriate controls, accurate reporting, and thorough disaster recovery and business continuity plans and testing. She recommends and assists in the implementation of best practices to increase efficiency and effectiveness.

Professional & Civic AffiliationsInformation Systems Auditing and Control Association (ISACA)Massachusetts Society of Certified Public Accountants (MSCPA)Designations & AccreditationsCertified Information Systems AuditorCertified Information Systems ManagerCertified in Risk Information Systems Controls

Articles, Seminars & PresentationsNeglect Physical Threat in Cyberattacks, The Wall Street Journal: August 2013CIO Summit: Insider Threat: March 2013Transition from SAS 70 to SSAE 16, IT Controls and Security: June 2012Sarbanes-Oxley: How to Assess IT Controls: March 2012 SSAE 16 and ISAE 3402: Preparing for New Service Company Control Standards: April 2011Data Breaches: Protecting Critical Information, Association of Ski Defense Attorneys: March 2010

heather.bearfield@marcumllp.comPhone 617.226.0420

Cyber Security, Insider Threat & Social Media

Presented by:Heather Bearfield

May 14, 2015

The Latest News on Cybercrime - 2015

Security researchers claim new Windows security weakness

Computer security researchers said they have uncovered a new variation on an old weakness in Microsoft Corp's Windows operating system that could theoretically allow hackers to steal login credentials from hundreds of millions of PCs.

U.S. targets overseas cyber attackers with sanctions programPresident Barack Obama launched a sanctions program on Wednesday to target individuals and groups outside the United States that use cyber attacks to threaten U.S. foreign policy, national security or economic stability.

Names, date of birth, Social Security numbers, and income data were stolen. Millions of dollars in damage was done and affected over 80 million customers. The data stolen left people vulnerable to identity theft.

Anthem Medical Data Breach

Significant Accounts in the Financial Statements

BalanceSheet

IncomeStateme

nt

CashFlow

Notes OtherDisclosur

es

Business Processes/Classes of Transactions

Process A Process B Process C

Financial Applications

Application A Application B Application C

IT Infrastructure Services

Database

Operating System

Network/Physical

IT General Controls• Program Development• Program Changes• Access to programs and data• Computer operations

Application Controls

• Accuracy• Completeness• Validity• Authorization• Segregation of duties / Restricted Access

The Big Picture

The Most Recent Top Data Breaches

So What’s There to Worry About?

91% of security professionals reported mobile device loss.

77% reported more attacks from 2013-2014.

72% believe the biggest skill gap in security professionals is their ability to understand the business.

68% believe Malware attacks exploited their enterprise.

66% believe Phishing has exploited their enterprise.

The Hacker EconomyWhat is Your Information Worth?

$980-$4,900: Trojan program to steal online account information

$490: Credit Card with PIN

$78-$294: Billing Data, Account Info, Address, SSN, DOB

$147: Drivers License

$147: Birth Certificate

$98: Social Security Card

$25: Credit Card Number with Exp Date and Security Code

$6: PayPal Account Logon and Password

* Source Trend Micro

The Impact Medical Identity Theft

Financial Impact

In 2013 medical identity theft costs are estimated at 12.3 billion dollars

In the Ponemon Institute survey, 56% of victims who were subject to medical identity theft lost trust in their healthcare provider

More than half of consumers that are subject to medical identity theft will not go back to a provider if they knew their provider could not safeguard their medical records

Medical Impact

Surveyed consumers affected by medical identity theft experienced:o Misdiagnosis (15%)o Mistreatment (13%)o Delay in treatment (14%)o Incorrect prescription (11%)

Social Networks in Plain English

Facebook – Social Network Twitter – Share “Tweets” 140 character messages Linkedin – Professional Network Pinterest – Photo Sharing Google Plus – Social Network Tumblr – Microblog Instagram – Photo and Video Sharing Vine – Share “Vines” Up to 6 second videos Meetup – Facilitates in person gatherings YouTube – Video Sharing

The Current State of Cybercrime 2014An Inside Look at the Changing Threat Landscape

Researchers at security vendor RSA have identified trends expected in 2014-2015.o Mobile threats are becoming more sophisticated and pervasive. o Bitcoin’s growing popularity is making it a target for theft and new fraud currencies

may emerge to force cybercrime further underground.o Malware attacks are becoming more sophisticated and more common.o Mobile devices will be used as a convenient way to add additional authentication for

users.

The Threat is Closer Than You Think…

http://www.privacyrights.org/ar/ChronDataBreaches.htm

How Does This Happen?

It’s not just Technology, but Security Policy, it’s Implementation and Confirmation

Human Error! Lost data tapes, unencrypted systems…. New Vulnerability every day

*Its not just software and user based systems anymore but the infrastructure that supports networks*

Exploits are developed to expose a vulnerability within hours! Two years ago it was 3 months!

Resources required by a potential hacker?o Web sites distribute these exploits within days with no coding skills requiredo Wireless accesso Internal access and weak controlso Data transmission and the ability to remove data…

• Storage device…..IPOD, Thumb Drive!

Hacking Made Easy

http://www.packetstormsecurity.org/

http://www.iwar.org.uk/news-archive/

http://www.rainbowcrack-online.com/

http://metasploit.com/

http://nepenthes.mwcollect.org/download

http://www.networksolutions.com/whois/index.jsp

What Are Our Clients Worried About?

Data Integrityo Intellectual Property Protection

Regulatory Compliance Brand Protection

o Public Perceptiono Media Awareness

Customer Protection Legal Liability

How Marcum Combats E-Security Threats Policy

o Policy Development • Best Practices…Internal & External

o IT Risk Assessment & Audito Regulatory Complianceo Security Assessmentso Business Continuity-DR

Designo Security Operations & Architecture Designo Authentication & Access Design

Testingo Wireless Assessmentso Attack Simulations

• Vulnerability Assessments• Penetration Testing• Patch & Device Configuration Vulnerabilities• Incident Response• SSAE 16/SAS 70 & SYS Trust

Report & Remediation E-Discovery

Selected Practices That Contribute to Compliance

About Marcum LLP

Marcum LLP is one of the largest independent public accounting and advisory services firms in the United States. Ranked #15 nationally, Marcum LLP offers the resources of 1,300 professionals, including over 160 partners, in 23 offices throughout the U.S., Grand Cayman and China. Headquartered in New York City, the Firm’s presence runs deep, with full-service offices strategically located in major business markets.

Established in 1951, Marcum is a leader with an outstanding reputation at the national and regional levels. Marcum is ranked as one of the largest firms in the New York metropolitan area (Crain’s New York Business), the New England region (Boston Business Journal) and the Southeast (South Florida Business Journal).

Marcum offers an extensive range of professional services and a high degree of specialization. In addition to traditional accounting, assurance and tax, including domestic and international tax planning and preparation, the Firm’s professional services include mergers and acquisition planning, family office services, forensic accounting, business valuation and litigation support. The Firm has developed several niche practice areas serving private equity partnerships; hedge funds; SEC registrants; real estate; government, public and not-for-profit sectors; manufacturing; construction; healthcare; and bankruptcies and receiverships; as well as a China specialty practice.

Marcum professionals combine practical knowledge with years of experience to provide a level of understanding and service that is unique among professional service firms. The Firm takes a team approach to every engagement, ensuring the highest degree of technical knowledge, experience and understanding of current issues and regulatory matters. In addition, as a founding member of The Leading Edge Alliance, a worldwide group of large, independent accounting practices, the Firm’s professionals have added access to a wide range of industry and service specialization.

Marcum is a member of the Marcum Group, an organization providing a comprehensive range of professional services spanning accounting and advisory, technology solutions, wealth management, and executive and professional recruiting. The Marcum Group companies include Marcum LLP; Marcum Technology LLC; Marcum Search LLC; Marcum Financial Services LLC; Marcum Bernstein & Pinchuk LLP; and MarcumBuchanan Associates LLC. For more information, visit www.marcumllp.com.

ADNET proudly partners with Marcum LLP.

@MarcumLLP

@Marcum-LLP

@MarcumLLP

www.marcumllp.com

WorkSmart 2015Closing Remarks

Christopher J. LapradeExecutive Vice PresidentADNET Technologies, LLC

SONITROLWorkSmart Premium Sponsor

ICE BREAKER WINNERS…

COME GRAB YOUR PRIZE!

Event Evaluations• We Use Your Feedback!

Raffle DrawingAmazon $25 Gift Card

Raffle DrawingGoogle Chromecast

Raffle DrawingApple TV

Raffle Drawing

Apple Watch Sporto 42mm Space Gray Aluminum Case

with Black Sports Band

Upcoming ADNET Events How Management Perceives IT Seminar

o Thursday, October 15th, 2015 15th Annual Chili Cook-Off Client Appreciation Event & 6th Annual Food Drive

o Thursday, November 12th, 2015

Name Badges• Please leave at the

registration table

Thank You!

Closing Remarks

Thank You For Coming!

Stay for a while…

MARCUM LLPSocial Hour Brought to you by: