worksmart 2015 closing remarks
TRANSCRIPT
Social Hour with MARCUM
Christopher J. LapradeExecutive Vice PresidentADNET Technologies, LLC
MARCUM LLPSocial Hour Brought to you by:
3
Heather B. Bearfield, CISA, CISM, CRISC
Principal, Marcum LLP – Assurance Services
Heather B. Bearfield is a Principal in the Firm’s Boston office and serves as the National Technology Assurance Services Practice Group Leader. She is also a member of its National Alternative Investment, Healthcare and Financial Services Industry Groups. Ms. Bearfield has extensive experience with SOC engagements, internal and external audits, application reviews, internal and external vulnerability assessments, wireless assessments and penetration testing.
Ms. Bearfield has comprehensive experience in multiple aspects of Risk Management across business operations including regulatory compliance. She executes compliance engagements according to various regulations including SOX, MA 201 CMR 17.00 (Data Security), HIPAA Privacy, HIPAA Security, Meaningful Use, Dodd Frank, SOC1, 2, 3 and FISMA. She identifies process and control weaknesses, analyzes complex systems and works with clients to streamline operations within time and resource constraints. Also she is responsible for conducting global and nationwide IT Risk Assessments and IT Control Assessments in numerous vertical markets inclusive of manufacturing, banks, financial services, colocation hosting facilities and application service providers.
Ms. Bearfield 's main focus has been around data security and CyberSecurity. Engagements include vulnerability assessments, penetration testing, controls testing and social engineering.
Ms. Bearfield manages Sarbanes- Oxley engagements and control assessments of corporate IT functions to ensure appropriate controls, accurate reporting, and thorough disaster recovery and business continuity plans and testing. She recommends and assists in the implementation of best practices to increase efficiency and effectiveness.
Professional & Civic AffiliationsInformation Systems Auditing and Control Association (ISACA)Massachusetts Society of Certified Public Accountants (MSCPA)Designations & AccreditationsCertified Information Systems AuditorCertified Information Systems ManagerCertified in Risk Information Systems Controls
Articles, Seminars & PresentationsNeglect Physical Threat in Cyberattacks, The Wall Street Journal: August 2013CIO Summit: Insider Threat: March 2013Transition from SAS 70 to SSAE 16, IT Controls and Security: June 2012Sarbanes-Oxley: How to Assess IT Controls: March 2012 SSAE 16 and ISAE 3402: Preparing for New Service Company Control Standards: April 2011Data Breaches: Protecting Critical Information, Association of Ski Defense Attorneys: March 2010
[email protected] 617.226.0420
Cyber Security, Insider Threat & Social Media
Presented by:Heather Bearfield
May 14, 2015
The Latest News on Cybercrime - 2015
Security researchers claim new Windows security weakness
Computer security researchers said they have uncovered a new variation on an old weakness in Microsoft Corp's Windows operating system that could theoretically allow hackers to steal login credentials from hundreds of millions of PCs.
U.S. targets overseas cyber attackers with sanctions programPresident Barack Obama launched a sanctions program on Wednesday to target individuals and groups outside the United States that use cyber attacks to threaten U.S. foreign policy, national security or economic stability.
Names, date of birth, Social Security numbers, and income data were stolen. Millions of dollars in damage was done and affected over 80 million customers. The data stolen left people vulnerable to identity theft.
Anthem Medical Data Breach
Significant Accounts in the Financial Statements
BalanceSheet
IncomeStateme
nt
CashFlow
Notes OtherDisclosur
es
Business Processes/Classes of Transactions
Process A Process B Process C
Financial Applications
Application A Application B Application C
IT Infrastructure Services
Database
Operating System
Network/Physical
IT General Controls• Program Development• Program Changes• Access to programs and data• Computer operations
Application Controls
• Accuracy• Completeness• Validity• Authorization• Segregation of duties / Restricted Access
The Big Picture
The Most Recent Top Data Breaches
So What’s There to Worry About?
91% of security professionals reported mobile device loss.
77% reported more attacks from 2013-2014.
72% believe the biggest skill gap in security professionals is their ability to understand the business.
68% believe Malware attacks exploited their enterprise.
66% believe Phishing has exploited their enterprise.
The Hacker EconomyWhat is Your Information Worth?
$980-$4,900: Trojan program to steal online account information
$490: Credit Card with PIN
$78-$294: Billing Data, Account Info, Address, SSN, DOB
$147: Drivers License
$147: Birth Certificate
$98: Social Security Card
$25: Credit Card Number with Exp Date and Security Code
$6: PayPal Account Logon and Password
* Source Trend Micro
The Impact Medical Identity Theft
Financial Impact
In 2013 medical identity theft costs are estimated at 12.3 billion dollars
In the Ponemon Institute survey, 56% of victims who were subject to medical identity theft lost trust in their healthcare provider
More than half of consumers that are subject to medical identity theft will not go back to a provider if they knew their provider could not safeguard their medical records
Medical Impact
Surveyed consumers affected by medical identity theft experienced:o Misdiagnosis (15%)o Mistreatment (13%)o Delay in treatment (14%)o Incorrect prescription (11%)
Social Networks in Plain English
Facebook – Social Network Twitter – Share “Tweets” 140 character messages Linkedin – Professional Network Pinterest – Photo Sharing Google Plus – Social Network Tumblr – Microblog Instagram – Photo and Video Sharing Vine – Share “Vines” Up to 6 second videos Meetup – Facilitates in person gatherings YouTube – Video Sharing
The Current State of Cybercrime 2014An Inside Look at the Changing Threat Landscape
Researchers at security vendor RSA have identified trends expected in 2014-2015.o Mobile threats are becoming more sophisticated and pervasive. o Bitcoin’s growing popularity is making it a target for theft and new fraud currencies
may emerge to force cybercrime further underground.o Malware attacks are becoming more sophisticated and more common.o Mobile devices will be used as a convenient way to add additional authentication for
users.
The Threat is Closer Than You Think…
http://www.privacyrights.org/ar/ChronDataBreaches.htm
How Does This Happen?
It’s not just Technology, but Security Policy, it’s Implementation and Confirmation
Human Error! Lost data tapes, unencrypted systems…. New Vulnerability every day
*Its not just software and user based systems anymore but the infrastructure that supports networks*
Exploits are developed to expose a vulnerability within hours! Two years ago it was 3 months!
Resources required by a potential hacker?o Web sites distribute these exploits within days with no coding skills requiredo Wireless accesso Internal access and weak controlso Data transmission and the ability to remove data…
• Storage device…..IPOD, Thumb Drive!
Hacking Made Easy
http://www.packetstormsecurity.org/
http://www.iwar.org.uk/news-archive/
http://www.rainbowcrack-online.com/
http://metasploit.com/
http://nepenthes.mwcollect.org/download
http://www.networksolutions.com/whois/index.jsp
What Are Our Clients Worried About?
Data Integrityo Intellectual Property Protection
Regulatory Compliance Brand Protection
o Public Perceptiono Media Awareness
Customer Protection Legal Liability
How Marcum Combats E-Security Threats Policy
o Policy Development • Best Practices…Internal & External
o IT Risk Assessment & Audito Regulatory Complianceo Security Assessmentso Business Continuity-DR
Designo Security Operations & Architecture Designo Authentication & Access Design
Testingo Wireless Assessmentso Attack Simulations
• Vulnerability Assessments• Penetration Testing• Patch & Device Configuration Vulnerabilities• Incident Response• SSAE 16/SAS 70 & SYS Trust
Report & Remediation E-Discovery
Selected Practices That Contribute to Compliance
About Marcum LLP
Marcum LLP is one of the largest independent public accounting and advisory services firms in the United States. Ranked #15 nationally, Marcum LLP offers the resources of 1,300 professionals, including over 160 partners, in 23 offices throughout the U.S., Grand Cayman and China. Headquartered in New York City, the Firm’s presence runs deep, with full-service offices strategically located in major business markets.
Established in 1951, Marcum is a leader with an outstanding reputation at the national and regional levels. Marcum is ranked as one of the largest firms in the New York metropolitan area (Crain’s New York Business), the New England region (Boston Business Journal) and the Southeast (South Florida Business Journal).
Marcum offers an extensive range of professional services and a high degree of specialization. In addition to traditional accounting, assurance and tax, including domestic and international tax planning and preparation, the Firm’s professional services include mergers and acquisition planning, family office services, forensic accounting, business valuation and litigation support. The Firm has developed several niche practice areas serving private equity partnerships; hedge funds; SEC registrants; real estate; government, public and not-for-profit sectors; manufacturing; construction; healthcare; and bankruptcies and receiverships; as well as a China specialty practice.
Marcum professionals combine practical knowledge with years of experience to provide a level of understanding and service that is unique among professional service firms. The Firm takes a team approach to every engagement, ensuring the highest degree of technical knowledge, experience and understanding of current issues and regulatory matters. In addition, as a founding member of The Leading Edge Alliance, a worldwide group of large, independent accounting practices, the Firm’s professionals have added access to a wide range of industry and service specialization.
Marcum is a member of the Marcum Group, an organization providing a comprehensive range of professional services spanning accounting and advisory, technology solutions, wealth management, and executive and professional recruiting. The Marcum Group companies include Marcum LLP; Marcum Technology LLC; Marcum Search LLC; Marcum Financial Services LLC; Marcum Bernstein & Pinchuk LLP; and MarcumBuchanan Associates LLC. For more information, visit www.marcumllp.com.
ADNET proudly partners with Marcum LLP.
@MarcumLLP
@Marcum-LLP
@MarcumLLP
www.marcumllp.com
WorkSmart 2015Closing Remarks
Christopher J. LapradeExecutive Vice PresidentADNET Technologies, LLC
SONITROLWorkSmart Premium Sponsor
ICE BREAKER WINNERS…
COME GRAB YOUR PRIZE!
Event Evaluations• We Use Your Feedback!
Raffle DrawingAmazon $25 Gift Card
Raffle DrawingGoogle Chromecast
Raffle DrawingApple TV
Raffle Drawing
Apple Watch Sporto 42mm Space Gray Aluminum Case
with Black Sports Band
Upcoming ADNET Events How Management Perceives IT Seminar
o Thursday, October 15th, 2015 15th Annual Chili Cook-Off Client Appreciation Event & 6th Annual Food Drive
o Thursday, November 12th, 2015
Name Badges• Please leave at the
registration table
Thank You!
Closing Remarks
Thank You For Coming!
Stay for a while…
MARCUM LLPSocial Hour Brought to you by: