With the increase in banking technology, criminals are now engaging in Corporate Account Takeover (CATO). According to the Conference of State Bank Supervisors, "Corporate Account Takeover is an evolving electronic crime typically involving the exploitation of businesses of all sizes, especially those with limited to no computer safeguards and minimal or no disbursement controls for use with their bank's online business banking system."
Protecting your corporation's online accounts safe starts with education. This slide show provides a foundation for incorporating a cyber security program to protect your corporate accounts. While this slide show helps establish best practices, it does not ensure that your online accounts are 100% secure from criminals.
The content in these slides are not exhaustive, but merely an outline to introduce small business owners to the dangers of cyber criminals and what steps the owners can take to begin protecting themselves and their money. Talk to your banks and ask them questions about the steps they take to keep your accounts safe. Ask them if they have an Electronic Banking Officer, or equivalent, who works with customers to keep them knowledgeable about today's banking technology.
Please feel free to contact me if you have any additional questions not covered in this slide.
2. CORPORATE ACCOUNT TAKEOVER (CATO)
• Preparing for CATO (What this presentation
covers)
– What is CATO?
– How does it work?
– Where do the attacks come from?
– How do you know if your computer is compromised?
– How should you respond?
– How do you protect yourself from cyber attacks?
3. CORPORATE ACCOUNT TAKEOVER (CATO)
• What is CATO?
– An evolving electronic crime
– Typically exploits businesses of all sizes
– Companies with limited to no computer safeguards
– Companies with minimal or no disbursement for
controls with online banking accounts
4. CORPORATE ACCOUNT TAKEOVER (CATO)
• How does it work?
– Criminals are after money
– Emails with infected links (phishing) or infected
websites
– Victim clicks on the infected website or a link in the
email
– Criminals will monitor infected computers for days,
weeks, and even months
5. CORPORATE ACCOUNT TAKEOVER (CATO)
• How does it work?
– Criminals watch victims log on to Online Banking
– When the time is right, the criminals hijack the
computer
• Most attacks occur before a holiday
• After hours
• After a token is used, hijack the session, and return a
message
6. CORPORATE ACCOUNT TAKEOVER (CATO)
• Where do the attacks come from?
– Top 3 Countries accounted for 71% of attacks
1. China – 43%
2. Indonesia – 15%
3. United States – 13%
– Rest of the world accounted for 29% of attacks
*Source: Daily Mail (http://www.dailymail.co.uk/sciencetech/article-2779734/China-internet-attack-capital-world-Almost-
HALF-hacks-viruses-originate-country.html)
7. CORPORATE ACCOUNT TAKEOVER (CATO)
*Source: Daily Mail (http://www.dailymail.co.uk/sciencetech/article-2779734/China-internet-attack-capital-world-
Almost-HALF-hacks-viruses-originate-country.html)
8. CORPORATE ACCOUNT TAKEOVER (CATO)
• Which industries are most targeted? Q1 2015
1. Gaming – 35%
2. Software and technology – 25%
3. Internet and telecom – 14%
4. Financial services – 8.4%
5. Media and entertainment – 7.5%
6. Education – 5%
7. Retail and consumer goods – 2.3%
8. Public sector – 2%
*Source: Akami Technologies. "The State of the Internet"
9. CORPORATE ACCOUNT TAKEOVER (CATO)
0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0%
Gaming
Software and Technology
Internet and Telecom
Financial Services
Media and Entertainment
Education
Retail and Consumer Goods
Public Sector
Percentage Attacks
Target Industries
Attacks
*Source: Akami Technologies. "The State of the Internet"
10. CORPORATE ACCOUNT TAKEOVER (CATO)
• What forms do attacks come in?
– Malware
– Phishing
– Malicious websites (this includes social networks)
– P2P Downloads
– Ads from popular websites
13. CORPORATE ACCOUNT TAKEOVER (CATO)
• How do you know if your computer is
compromised?
1. Inability to log into online banking (thieves could be blocking access
so that you would not see the theft until the criminal has control of
the money).
2. Sudden and dramatic loss of computer speed.
3. Changes in the way things appear on the screen.
4. Computer locks up so the user is unable to perform any functions.
5. Unexpected rebooting or restarting of computer.
14. CORPORATE ACCOUNT TAKEOVER (CATO)
• How do you know if your computer is
compromised?
6. Unexpected request for a one-time password (or token) in the
middle of an online session.
7. Unusual pop-up messages, especially a message in the middle of a
session that says the connection to the bank system is not working
(system unavailable, down for maintenance, etc.).
8. New or unexpected toolbars and/or icons.
9. Inability to shut down or restart the computer.
15. CORPORATE ACCOUNT TAKEOVER (CATO)
• How do you protect yourself from cyber attacks?
• Preparation and education are key
• Train your employees
• Secure computers and networks
• Limit administrative rights
• Enable spam filters
• Be careful on the Internet
16. CORPORATE ACCOUNT TAKEOVER (CATO)
• How do you protect yourself from cyber attacks?
• Allow security patches
– Adobe, Java, etc.
• Prevent pop-ups
• Do not open attachments from suspicious emails
• Reconcile accounts daily
• Note changes in computer performance
17. CORPORATE ACCOUNT TAKEOVER (CATO)
• How do you protect yourself from cyber attacks?
• Develop an incidence response plan
– Know who to involve
– Create a central point of contact or leadership team
» Must have authority to act
» Should be at the highest level in executive management (or
have full backing of executive management)
18. CORPORATE ACCOUNT TAKEOVER (CATO)
• How do you protect yourself from cyber attacks?
• Develop an incidence response plan (continued)
– Create a central point of contact or leadership team
» Have pre-established contacts for:
• financial institutions, law enforcement, third-party technical
support, and legal support
» Control physical access to computers and network components
» Log and report the sequence of events or incidents
» Preserve all evidence and maintain a chain-of-custody
19. CORPORATE ACCOUNT TAKEOVER (CATO)
• How do you protect yourself from cyber attacks?
• Trace evidence provides help to forensic teams
– Install a strong log-management program
• Prevention
– Firewalls
– Data-loss prevention systems
– Intrusion detection systems
– Access control lists
– Anti-virus and malware protection
20. CORPORATE ACCOUNT TAKEOVER (CATO)
• How should you respond?
– Immediate Steps to limit further unauthorized transactions
1. Initiate incidence response plan
2. Contact financial institution (FI) immediately
a) Have a prepared list of key FI employees to contact
3. Change password(s)
4. Disconnect computers used for Internet banking
5. Request temporary hold on all other transactions
6. Contact local law enforcement
a) Specifically the Cyber Crime units of local law enforcement
7. Contact state and federal agencies if necessary
21. CORPORATE ACCOUNT TAKEOVER (CATO)
• How should you respond?
– Secondary Steps
1. Contact your insurance carrier
2. Contact legal counsel
3. Hire a third-party forensic company
22. CORPORATE ACCOUNT TAKEOVER (CATO)
• Final thoughts
– Stay up to date with the latest best-practices
– Be cautious of emails from unknown senders,
pop-ups, etc.
– Invest in cyber security
– Ask questions