1 / 39

Presented in Montreal CAUBO

Cyberspace Frauds Paradise for criminals. Presented in Montreal CAUBO. Cyberspace Frauds Paradise for criminals.

agrata
Download Presentation

Presented in Montreal CAUBO

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyberspace Frauds Paradise for criminals Presented in Montreal CAUBO CAUBO

  2. Cyberspace Frauds Paradise for criminals With new means of communication and information exchange that are multiplying around the globe , electronic fraud are more than a real treat , It is the new way for criminals to get what they what at no risk. This session will explore the impact of there means and ways used to exploit you with full confidence. CAUBO

  3. Sylvain Viau TP, CD, pm, CISA, BSI Président de l’Association de Sécurité de l’information du Montréal Métropolitain (ASIMM). President of the Association of Security in Information for the Montreal Metropolitan (ASIMM) Conseillé en sécurité de l’information depuis plus de 8 ans, Sylvain Viau est spécialisé dans le développement et la pratique de la continuité des affaires. Il est aussi reconnu pour son expertise dans l’évaluation de conformité en sécurité de l’information pour les grandes entreprise, banques canadiennes et agences gouvernementales. Il a aussi servi dans la Force Régulière et œuvre présentement avec la Réserve Primaire de l'Armée Canadienne pour un total de plus de 27 ans en génie de télécommunication, Guerre Électronique, sécurité physique et de l’information. Security consultant for more than 8 years, Sylvain Viau is specialized in the development of business continuity practices. He is also well recognized for it’s expertise in security conformity by multi-national corporations, canadian banks and government agencies. He also served in the Regular Forces and still active in the Primary Reserve with 27 years of combine service in telecommunication engineering, Electronic Warfare, information and physical security. Courriel / e-mail : sviau@asimm.orgCellulaire / mobile : (514) 704-8400 CAUBO

  4. CAUBO

  5. Découvertes 9 avril 2006 • - Le cyberespace : à vos risques et périls -Ce futur imaginé il y a 20 ans dans les laboratoires de quelques visionnaires est aujourd’hui à la portée de tous les doigts. À la vitesse de la lumière, en faisant fi des distances, anonyme, un réseau de connexions unique dans l’histoire de l’humanité fait maintenant office de continent virtuel. Dans le cybermonde, il y a un milliard d’ordinateurs, dont les conversations en mode numérique sont devenues l’espace de jeu et d’affaires de la planète entière. Passeport pour se rendre dans le cyberespace : un simple ordinateur. C’est la clé d’entrée dans un territoire virtuel impossible à délimiter, dans lequel se paient les factures, se mobilisent les ONG, se communiquent les dernières nouvelles de la famille, s’ébauchent des banques de données médicales universelles et se complètent les rapports d’impôts, avec en prime, le numéro d’assurance sociale, clé de voûte de l’identité légale des citoyens. Dans le cyberespace circulent, chaque jour, 60 milliards de courriels et un trillion de dollars; on y trouve, en consultation libre, l'équivalent de 400 milliards de livres. Mais si les avantages offerts par le cyberespace sont fabuleux, les périls y sont aussi de plus en plus nombreux. Et ils commencent à la maison. Journaliste: Mario Masson Réalisatrice: Jeannita Richard CAUBO

  6. Topics For Discussion • What is Fraud? • Types of Fraud • Who Commits Fraud? • Why People Commit Fraud • Who Detects Fraud? CAUBO

  7. Statistics 2004 • 53% frauds in the US are linked to the Internet (388,603) • 250,000 US & 120,000 UK customers filed identity theft complaints. • 70% of Europeans & 50% of Americans are not confident in the security of their personal finance. • 94% of surveyed people are outweighing online transaction benefits. CAUBO

  8. Statistics 2005 (Top Ten) Type % Complaints Av Lost • Auctions 44 $ 999 • General Merchandise 30 $ 4,386 • Nigerian Money Offers 7 $11,370 • Fake Checks 5 $ 4,733 • Phishing 4 $ 298 • Lotteries 3 $ 3,953 • Adult Services 2 $ 277 • Work-at-home 1 $ 726 • Computer Eqpt. 1 $ 608 • Sweepstakes 1 $ 2,351 CAUBO

  9. What is Fraud? CAUBO

  10. What is Fraud? • MORT • Misrepresentation • Of a material fact • Relied upon by someone • To his/her detriment CAUBO

  11. The Fraud ingredients Intentions et motifs Monétaire Reconnaissance Vengeance Pression Rationalisation Opportunité ou cible Victime ou complice Interne Externe passage Processus Technologie Individu CAUBO

  12. Who Commits Fraud? PEOPLE LIKE YOU AND I AND THOSE THAT WORK AROUND US US Most perpetrators are first-time offenders who would not commit other crimes. CAUBO

  13. Cybercrime Fraud profile • Intelligent, patient, focus • Good possition • 75% men's, 25% Women's • Good Citizens • Stable worker • Without previous convictions CAUBO

  14. Good Words • Pierre Boutroux (6 December 1880 - 15 August 1922) was a French mathematician and historian of science. • "Logic is invincible because in order to combat logic it is necessary to use logic." • Albert Einstein (March 14, 1879 – April 18, 1955) was a German-born theoretical physicist widely regarded as the greatest scientist of the 20th century. • "The secret to creativity is knowing how to hide your sources.«  • "The only source of knowledge is experience" • "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." CAUBO

  15. Recent Headlines • “Fraud cost $2 million, school district says” The News & Observer (Raleigh, North Carolina), April 23, 2005 • The district says some workers got kickbacks from a supplier after bus parts were ordered and paid for but never delivered. Five school system employees have resigned. • “State report cites massive waste in schools program” Philadelphia Inquirer, April 22, 2005 • New Jersey's $8.6 billion school-construction program is riddled with questionable spending and management practices that may have wasted tens of millions of dollars, the state inspector general reported yesterday. • “Audit slams school firm Operator of failed charter system misused millions in state funds, report says” Sacramento Bee, April 15, 2005 • A rogue charter school operator appears to have bilked the state out of at least $23 million, using school funds for fat salaries, lavish events at Disneyland, luxury cars and Jet Skis… • “Fraud alleged in E-rate investigation” AP, February 10, 2005 • Federal prosecutors are investigating fraud allegations in E-rate technology grants that were given to Atlanta Public Schools…reports that school officials had misspent $73 million in E-rate and local money. Much of the money was spent on overpriced and unnecessary equipment and services. CAUBO

  16. CAUBO

  17. CAUBO

  18. Fraude d’information – Information Fraud CAUBO

  19. SAQ en 2005 • 173 enquêtes • 11 remerciés • 37 en attentes de véridiques • Statistique CPE • US • Perte fraudes et voles = 6% (660G) du produit brute • SAQ cela peut représenter 162M CAUBO

  20. Avez- vous une histoire à partager? • Do you have a story to share? CAUBO

  21. Criminals means • Credible organization • Systems and infrastructures • Abuse of power • Transactional systems • Performance failure • Cloning of personal information • Identity substitution • Identity theft CAUBO

  22. Targeted elements and technologies CAUBO

  23. targets • Security • Physical and personnel • Network (All) • Applications • Operating Systems (OS) • Data Bases • Internet- Intranet • Tools software used in the monitoring, reports, intrusion detection and preventive measures • Encryptions ( Channels, data, networks, passwords) CAUBO

  24. Countermeasures CAUBO

  25. CAUBO

  26. CAUBO

  27. Physical & Environment System/Platform Network/Logical Application/Service Human/Policy Synergistic Security Each control is 80% effective Risk Reduction Data Systems Assets 99.97% 99.84% 99.2% 80% 96% 0 Source: TruSecure CAUBO

  28. PDCA approach Plan Establish the ISMS CIA Act Do Implement & Operate Maintain & Improve Check Monitor & Review ISMS: Information Security Management Systems CAUBO

  29. A Multiplicity of Risk and Restrictions EU Data Protection Competition HIPAA Project management Terrorism Businesspartners Physical security Humanresources Privacy PIPEDA Sarbanes - Oxley Relationships Business continuity IT Security Investment Outsourcing Liability GLBA Industry regulation Informationsecurity Operational risk Marketvolatility Financial management Credit risk Compliance Intellectualproperty Reputation CAUBO

  30. Who Detects Fraud? CAUBO

  31. Who Detects Fraud? • External Auditors and CPAs? • Third Parties (i.e., regulators, vendors)? • Internal or External Counsel? • Internal Audit? • You CAUBO

  32. Who Detects Fraud? • Most Fraud is detected internally: ‘’An ounce of prevention is worth a pound of cure’’ • Investing in resources that improve internal controls will pay significant dividends in problems and costs that are avoided. CAUBO

  33. Your Role • Remember: • Fraud does not start with dishonesty • It starts with pressure • It starts small • It grows over time • There is no way out CAUBO

  34. Delta University (Montréal) 30-31 Octobre 1 novembre 2006 CAUBO

  35. Questions CAUBO

  36. Follow the road… CAUBO

  37. CAUBO

  38. CAUBO

  39. Forrester April 12 • Though online teens (ages 13 to 18) are slightly less likely than online adults to be victimized by phishing — 15% of online teens have received a fraudulent message, compared with 22% of adults — they are not blind to this malicious practice. Nearly two-thirds (62%) of online teens have heard the term "phishing," though only 55% are aware of its meaning, and 14% more know the practice but not the term. Most online teens view themselves as the first line of defense against online fraud, and many are willing to alter some online behaviors to increase protection of their personal information. CAUBO

More Related