fraud and prevention: lessons from the fire service august 24, 2015 1
TRANSCRIPT
1
Fraud and Prevention:Lessons from the Fire ServiceAugust 24, 2015
2
Today’s Discussion
By the numbers
Practical nextsteps
Lessons from the fire service
3
Today’s Discussion
Lessons from the fire service
Practical nextsteps
By the numbers
42012
2013
2014
2015
IRS
Aus.Img.Dept
US OfficeOf Personnel
Mgmt[2nd Breach]
US OfficeOf Personnel
Mgmt
CalifDept of
Child Svcs
FloridaDept of
Juv Justice
FloridaCourts
KissingerCables
MedicaidOffice of
The TexasAttorney General
WashingtonCourt System
South AfricanPolice
GreekGovernment
Government Data Breaches Since 2012:Selected losses of 30,000+ records
Source: informationisbeautiful.net.
5
“The South Carolina Department of Revenue data breach in 2012 exposed 3.6 million Social Security numbers to hackers.”
-Government Technology
6
“Names, birth dates, Social Security numbers, and other personally identifiable information belonging to about 850,000 job seekers in Oregon was exposed after hackers gained illegal access to a database containing information at the State Employment Department.”
-Information Week
7
“The personal data of an estimated 18 million current, former and prospective federal employees were affected by a cyber breach at the Office of Personnel Management.”
-CNN
8
“Medicaid Suffers Massive $33M in Fraud in at Least 4 US States.”
-Sputnik International
9
94M Government Records Since 2009
58 days between discovery and disclosure
$201 per record breached
$5.8M per breach
Sources: “Rapid7 Report: Data Breaches in the Government Sector.” Rapid7. September 6, 2012.
2014 Cost of Data Breach Study, Ponemon Institute, Navigant Breach Report, March 2014.
10
Small & Medium Sized States…
Large States…
~15Mper month
attacks
~10Mper day
attacks
Source: NASCIO. Conveyed at the 2015 NASBO Annual Conference.
11
Less than half of all data breaches are due to malicious attacks
44% 31% 25% maliciousattacks
humanerror
systemglitches
Source: 2014 Cost of Data Breach Study, Ponemon Institute, Navigant Breach Report, March 2014.
12
Today’s Discussion
Practical nextsteps
By the numbers
Lessons from the fire service
13
246530
every… a fire department responds to a fire
one structure fireis reported
one civilian fireinjury is reported
seconds
seconds
minutes
Source: National Fire Protection Agency
14
1980 Today
Source: Michael J. Kartner. Fire Loss in the United States.
734,000home fires
370,000home fires
5,200fire deaths
2,520fire deaths
15
Q: How was the fire service able to achieve over a 50% decrease in each of these
important areas?
16
AdequateFunding
ExecutiveSupport
ModernTechnology
Visibility &Influence
Governance &Authority
FireProfessionals
A: Through vigilant and deliberate action across the fire service.
17
AdequateFunding
ExecutiveSupport
ModernTechnology
Visibility &Influence
Governance &Authority
Fire SecurityProfessionals
States face a lack of [sic] as it relates to cybersecurity and fraud prevention…
Source: NASCIO State CIO Survey, 2014.
18
Today’s Discussion
By the numbers
Lessons from the fire service
Practical nextsteps
19
Have a plan – A call to action from the NGA
Establish a governance and authority structure
Conduct risk assessments and allocate resources accordingly
Implement continuous vulnerability assessments
Create a culture of risk awareness
20
Stop looking in the rear view mirror.
Continuous Diagnostics & Monitoring tools can help.
21
“Too little attention has been placed on continuous controls monitoring by chief
financial officers, internal auditors, and corporate risk
management and compliance leaders…
CCM solutions can increase operational efficiency for critical financial processes,
reduce fraud and improve financial governance
resulting in a substantial return on investment.”
22Techniques for detecting and preventing fraud.
Rules Based Analytics &
Known Patterns
Data Science & Predictive
Analytics
23
Address the talent crisis.
Hire the right professionals
Collaborate with HR and definecareer paths
Provide training and development for professionals
24
All four layers of controls must be monitored across processes.
25Establish a fraud prevention framework.
26
Questions?