RECENT THREATSAs new more advanced technology finds its way to the market place law makers need to keep up.
CYBER-CRIME DEFINED (1) Crimes in which the computer is the target of the criminal activity; (2) Crimes in which the computer is a tool used to commit the crime, and; (3) Crimes in which the use of the computer is an incidental aspect of the commission of the crime.
2003 SURVEYS(1). Asset misappropriation reported from 60% of participants (PWC)(2). Theft of proprietary information cost $70 Million (CSI/FBI)(3). Denial of services cost $66 Million (CSI/FBI)(4). Financial fraud cost $10 Million (CSI/FBI)
CYBER-CRIMES 2003 & 2004(1) Virus 82% 35 All credits to 2003 PWC(2) Insider abuse 80% 30(3) Laptop 59% 25(4) Unauthorized insider 45% 20(5) Denial of service 42% 15 NOW(6) System penetration 36% 10 FUTURE(7) Theft of proprietary info 21% 5(8) Sabotage 21% 0 Espionage Laundering Cyber Crime Misappropiation Corruption & Misappropriation Product Piracy Industrial(9) Financial fraud 15% Money Bribery Financial Asset(10) Telecom fraud 10% All credits to 2003 2003 CSI/FBI % 0F 490 RESPONDENTS
INTERNATIONAL HEADLINES Enron - Enron Treasurer gets 5 years - Arthur Anderson charged for obstruction of justice - Canadian CIBC to pay 80 Million in fines - Three Merrill Lynch Executives indicted WorldCom - Inflated annual profits- Improperly accounting of 3.9 Billion expenses - Accumulated 30 Billion in bad debt- Largest Corporate bankruptcy in US history
INTERNATIONAL HEADLINES - Florida man faces charges of identity theft - Feds charge 3 in massive credit fraud schemeCouncil of Europe- Business is the prime target of Cyber-Crime- However, public authorities and even private citizens are vulnerable too!
2003 CANADIAN HEADLINES - March 2003 B.C. warns of identity theft- Sept 2003 Student buys BMO computers for resale on eBay, but discover client data on the hard-drives- Sept 2003 Revenue Canada losses 120,000 Canadians private information
2003 RCMP/CSIS REPORT - 1999 RCMP report states that Cyber-Crime’s #1 concern is Identity Theft - 2003 Two new positions added to Maritime Tech-Crime Unit- 2003 CSIS report states that payment card fraud- 2003 CSIS report sates that organized crime is involved- 2003 one new position added to Maritime region
2004 CANADIAN HEADLINES - Canada, USA, Australia crack down on web site fraud- Music Industry hunts Canadian pirates- Ontario asks consumers to get smart about identity theft
E-COMMERCE IN CANADA2000• 6.9% of households purchased goods over the Internet with or without online payment• 3.3 Million purchases were made at a value of 417 Million Dollars• On average each household made 4 purchases at an average total value of $517.00• 60% was spent in Canada while 40% was spent outside of Canada2001• While purchases increased 73% to 7.2 Billion doubling importance from 0.2% to 0.4% of total operating revenue• The proportion of businesses purchasing over the Internet increased to 18%• Business-to-Business exceeded Business-to-Customer by a 4 to 1 ratio• In 2000 63% businesses used the Internet accounting for 90% of online economic activityAll credits to Statistics Canada
NB ECONOMICS - OCT 2003 - NBs economy has grow to 2.6% as of Oct 16th, 2003 & will hit 3.0% in 2004 - NB Exports to the US are in excess of $10 Billion annually - 1 in 5 Americans are victims of ID Theft thats 5.4 Million Americans All credits to RBC
ONLINE SHOPPING MEN VS WOMENAll credits to The Conference Board.
CONSUMER CONFIDENCE eBusiness 2000 $657 Billion 2004 $6.8 Trillion 2003 $18.5 Billion during holidays aloneAll credits to The Conference Board.
THE PRIVACY FACTS European Union demanded adequate data protection for trade purposes e-Commerce has been suffering because of low consumer protection Technology has out paced law Consumers need to have control over their private information in the market place and until now had no laws to support their rights
PRIVACY LEGISLATION Canadian Privacy Act 1984 Australia Privacy Act 1988 European Union Directive 95/46 EC 1995 USA Children’s Online Privacy Protection Act. 1998 United Kingdom Data Protection Act 1998 Canada, Bill C-6; Personal Information Protection and Electronic Documents Act 2000 USA, Safe-Harbor Privacy Principles 2000
THE PRIVACY COMMISSIONER OF CANADA http://www.privcom.gc.ca
PIPEDA IMPLEMENTATIONSTAGE ONE JAN 1, 2001 Federally regulated organizations such as banks, telecommunications and transportation companiesSTAGE TWO JAN 1, 2002 The act extends to personal health informationSTAGE THREE JAN 1, 2004 The act extends to the collection, use or disclosure of personal information in the course of any commercial activity within a province
PERSONALLY IDENTIFIABLE INFORMATION DEFINEDDefined by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA)Personally Identifiable Information (PII) is any information relating to an identified or identifiable individual. customers name address “Sensitive information” telephone number medical or health conditions social security/insurance racial or ethnic origin other government identification numbers political opinions employer religious or philosophical beliefs credit card numbers personal or family financial information trade union membership personal or family medical information sexual preferences. employment history history of purchases or other transactions credit records and similar information.
HUMAN RESOURSE OR BUSINESS RELATED COMPLAINTS? HR 22% HR related complaints account for 22% of over all investigations completed Business related complaints account for 78% of over all investigations B 78%
POST-INVESTIGATIONS REQUIRING FURHER ACTION - HR? NJ D 2% 0% Further action 56% WF NWF Not requiring further 40% 38% action 42% MF UR 4% WFR 0% 16%
POST-INVESTIGATIONS REQUIRING FURHER ACTION - BIZ? WFR 13% NJ Further action 56% 3% UR NWF 1% Not requiring further 36% MF 7% action 39% D 1% WF 39%
PCO FINDINGS BY INDUSTRY Commercial Enterprise Energy 1% Transportati 6% on 12% Financial Telecommu 54% nications 27%
PCO FINDINGS BY CLASSIFICATION & INDUSTRY PCO FINDINGS5040 Financial30 Telecommunications20 Transportation Commercial Enterprise10 Energy 0 UR NWF WF WFR MF NJ D-10
FINANCIAL INDUSTRY POST-INVESTIGATION ACTION REQUIRED? No action required 9% Action required 91%
PIPEDA - FEDERAL COURT Who owns your e-mail? One of the Privacy Commissioners investigations has made it all the way to federal court
PIPEDA - FEDERAL COURT Music Swapping and the right to privacy ISP’s need to protect consumers privacy in compliance with PIPEDA PIPEDA does provide a provision for law breakers Will consumers confidence and privacy rights outweigh the law?
CONSUMER CONFIDENCE GREW IN 2003 Usage is up from 57% to 61% Internet users trust of online transactions went up from 27.5% to 33% 21% more users in 2003 have indicated that they trust online transactions All credits to The Conference Board.
SUMMATION Cyber-Crime is real and its happening right here in New Brunswick just look at the indicators Technology has out paced legislation and criminals are benefiting from it Private business needs to take this seriously Good privacy practices are good for business and good for our economy 6 of 10
Thank you!For additional information on this subject please contact: Mark.Bernard.CISM@apollo-cc.com Privacy & Security Assurance Professionals www.apollo-cc.com 6 of 10