SlideShare a Scribd company logo

CRI Retail Cyber Threats

OCTF Industry Engagement
OCTF Industry Engagement

Oct 9th 2014 - Paul C Dwyer CEO of Cyber Risk International keynote at Retail Fraud Conference Leicester

Technology
1 of 49
Cyber Executive Briefing Presenter: Paul C Dwyer CEO – Cyber Risk International Date: Oct 9th 2014 Retail Fraud Leicester 2014
Paul C Dwyer Paul C Dwyer is an internationally recognised information security expert with over two decades experience and serves as President of ICTTF International Cyber Threat Task Force and Co Chairman of the UK NCA National Crime Agency Industry Group. A certified industry professional by the International Information Systems Security Certification Consortium (ISC2) and the Information System Audit & Control Association (ISACA) and selected for the IT Governance Expert Panel. Paul is a world leading Cyber Security GRC authority. He has been an advisor to Fortune 500 companies including law enforcement agencies, military (NATO) and recently advised DEFCOM UK at Westminster Parliament. He has worked and trained with organisations such as the US Secret Service, Scotland Yard, FBI, National Counter Terrorism Security Office (MI5), is approved by the National Crime Faculty and is a member of the High Tech Crime Network (HTCN). Paul C Dwyer CEO Cyber Risk International
THE CYBER WORLD AND THE PHYSICAL ARE INTEGRATED
Cyber fronts in the Ukraine! Is it War?
What Are Cyber Threats? Cybercrime Cyber Warfare Cyber Espionage Cyber X Adversary
Cyber Statistics • Cybercrime costs £27 billion a year in the UK • £1,000 a second • 170,000 ID’s are stolen each year – 1 every three seconds • Theft of IP £9.2 billion (pharmaceuticals, biotechnology, electronics, IT and chemicals) Source: UK Cabinet Office
Cybercrime Economy Drivers It’s a business with an excellent economic model. Other reasons, you name it: • Technology • Internet • Recession • “A safe crime” • It’s easy to get involved • Part of Something
Hacktivism? Part of …..
Crimeware Toolkits Copyright - Paul C Dwyer Ltd - All Rights Reserved
Economic Model - the Actors • User – (Account Credentials) • Financial Institution • Supplier • Acquirer/Middlemen • Agents • Carding Forum • Carders • Fraudster (Consumer) • Retailer • Reshipping / drop zone • Money Mule Categories •Wholesalers •Retailers •Independent Contractors
Cybercrime – a Business
“The Daddy” - History TJ/K Max Dark Market & Shadow Crew 2002 ->
Original Crew
A Decade on What Have We Learnt? • Heating/AC Contractors Credentials • Intrusion Months Before Data Theft • Waited for US Thanksgiving Day • Malware KAPTOXA/BlackPOS 7 Months – Average Breach Before Detection 2/3 Cases informed by third party
What do they Want? 17
Retailers Data
Cyber Risks for You • Tangible Costs – Loss of funds – Damage to Systems – Regulatory Fines – Legal Damages – Financial Compensation • Intangible Costs – Loss of competitive advantage (Stolen IP) – Loss of customer and/or partner trust – Loss of integrity (compromised digital assets) – Damage to reputation and brand Quantitative vs. Qualitative 46% Reduction in Profits Following Breach
Bottom Line for Retailers • Arms Race – Cat and Mouse • Top 5 Target Groups – Continuously Attacked • You Spend Less on Cyber Security • Low Risk – High Reward for “Bad Guys” – Established Market for Data Assets • Best Data Assets On the Planet • Compliance is NOT Security
Retail Factors • Data on networked and distributed systems that are accessible to a widening array of entry points • Broad adoption of mobile applications by retailers adds many other new points of vulnerability • Complex supply chains - more access and data is given to vendors and external partners • Global expansion may require retailers to expand distribution of their own information around the world
Door left Open
Some Retailers Doors! • Point-of-sale (POS) terminals in stores • Mobile POS access points • Customer-facing e-commerce websites • Links with each third-party vendor, supply-chain vendor, ecosystem partner and contractor • Employee-facing access points — including those that may utilise employee-owned mobile devices — and the social workplace • Links to connected data centers via the cloud • Links to financial institutions and payment processors • Links to managed service providers • Links to delivery services • Links to all other contractors who are provided with network access • B2B, intranet and extranet portals • In-store wireless routers, kiosks and networks • The expanding “Internet of Things”: IP-based printers, IP-linked surveillance cameras and similar devices
Give me some examples
I’m not joking! Hack the Human!
Bad Guy Targets Individual (Asset) Chooses Weapon from underground forum Reconnaissance Weaponisation Delivery Exploitation C2 Lateral Movement Exfiltration Maintenance Gathers Intelligence About Employee and Assets Exploit Run – Comms Established – Command & Control Server Move Laterally Across Network Exfiltrate Data Protection – Maint Mode
When Harry met Sally
It’s a IT Cyber Security Problem, Right?
29 Legally It’s a Challenge for the Board! NO
Regulatory and Legal EU Data Privacy Directive EU Network Information Security Directive European Convention on Cybercrime 400+ Others – 10,000+ Controls – 175 Legal Jurisdictions Your Organisation
Responsibility – Convention Cybercrime All organisations need to be aware of the Convention’s provisions in article 12, paragraph 2: ‘ensure that a legal person can be held liable where the lack of supervision or control by a natural person…has made possible the commission of a criminal offence established in accordance with this Convention’. In other words, directors can be responsible for offences committed by their organisation simply because they failed to adequately exercise their duty of care.
Cyber is a Strategic Issue Strategic Level Operational Level Technical Level 32 Macro Security Micro Security How do cyber attacks affect, policies, industry, business decisions? What kind of policies, procedures and business models do we need? How can we solve our security problems with technology?
Board Room Discussion •Loss of market share and reputation •Legal Exposure CEO •Audit Failure •Fines and Criminal Charges •Financial Loss CFO/COO •Loss of data confidentiality, CIO integrity and/or availability CHRO •Violation of employee privacy •Loss of customer trust •Loss of brand reputation CMO Increasingly companies are appointing CRO’s and CISO’s with a direct line to the audit committee.
Corporate Governance Project Governance Risk Management Cyber Governance Risk Management Cyber Governance Cyber Risk Legal & Compliance Operational Technical
Resilience 36 Recognise: Interdependence Leadership Role Responsibility Integrating Cyber Risk Management
BUSINESS ICT REQUIREMENTS Business Legal Regulatory REQUIREMENT DRIVERS The Board DIRECT EVALUATE MONITOR CYBER RISK STRATEGY REACTIVE PROACTIVE
Thank You – Stay Connected www.paulcdwyer.com youtube.com/paulcdwyer mail@paulcdwyer.com +353-(0)85 888 1364 @paulcdwyer WE IDENTIFY, MITIGATE AND MANAGE CYBER RISKS Cyber Risk International Clonmel House – Forster Way – Swords – Co Dublin – Ireland +353-(0)1- 897 0234 xxxxxx mail@cyberriskinternational.com www.cyberriskinternational.com
EXTENDED MATERIAL – CRIMEWARE EXAMPLE
Example of Crimeware Tools, Tutorials, Services (Rent & Buy) Spyeye $500
Botnets (Rent or Own) Botnet Herder Proxy Proxy Command & Control Server Infected PC Infected PC Infected PC Infected PC Infected PC Infected PC Spam Spam Spam Website DDoS Attack
Spyeye – Toolkit Botnet Herder Proxy Spyeye C & C Server
Install C2
Get CC Info Botnet Herder Proxy Spyeye C & C Server or Upload List Infected PC Infected PC Infected PC Infected PC Infected PC Infected PC
Place Something For Sale Botnet Herder Proxy Spyeye C & C Server Uploads, Renames and Claims Ownership of Software Utility For Sale on a popular download store
Automate Transactions Botnet Herder Proxy Spyeye C & C Server Spyeye automates purchases by form filling at intervals to avoid detection using the stolen credit card information
Clean Money Botnet Herder Proxy Spyeye C & C Server
Billing Hammer Module
Avoid Detection Botnet Herder Proxy Spyeye C & C Server Billing hammer will send the transaction through an infected machine close to the cardholders address to avoid detection

Recommended

Insurance Innovation Award - AXA AFFIN Life
Insurance Innovation Award - AXA AFFIN LifeInsurance Innovation Award - AXA AFFIN Life
Insurance Innovation Award - AXA AFFIN LifeThe Digital Insurer
 
Startup InsurTech Award - iCede
Startup InsurTech Award - iCedeStartup InsurTech Award - iCede
Startup InsurTech Award - iCedeThe Digital Insurer
 
Webinar: Digital Health Strategy: Leveraging Emerging Technologies in Healthcare
Webinar: Digital Health Strategy: Leveraging Emerging Technologies in HealthcareWebinar: Digital Health Strategy: Leveraging Emerging Technologies in Healthcare
Webinar: Digital Health Strategy: Leveraging Emerging Technologies in HealthcareIntellectsoft
 
Zurich Insurance at Sitecore Symposium 2018
Zurich Insurance at Sitecore Symposium 2018Zurich Insurance at Sitecore Symposium 2018
Zurich Insurance at Sitecore Symposium 2018Deepak Mathews
 
Webinar Deck for 2018 Digital Insurance Predictions
Webinar Deck for 2018 Digital Insurance PredictionsWebinar Deck for 2018 Digital Insurance Predictions
Webinar Deck for 2018 Digital Insurance PredictionsThe Digital Insurer
 
Webinar Polls for 2018 Digital Insurance Predictions
Webinar Polls for 2018 Digital Insurance PredictionsWebinar Polls for 2018 Digital Insurance Predictions
Webinar Polls for 2018 Digital Insurance PredictionsThe Digital Insurer
 
Infographic | The Growing Need for Fast, Secure Telehealth
Infographic | The Growing Need for Fast, Secure TelehealthInfographic | The Growing Need for Fast, Secure Telehealth
Infographic | The Growing Need for Fast, Secure TelehealthInsight
 
The Digital Insurer - Overview June 2016 for News Correspondent Post
The Digital Insurer - Overview June 2016 for News Correspondent PostThe Digital Insurer - Overview June 2016 for News Correspondent Post
The Digital Insurer - Overview June 2016 for News Correspondent PostThe Digital Insurer
 

Recommended

Insurance Innovation Award - AXA AFFIN Life
Insurance Innovation Award - AXA AFFIN LifeInsurance Innovation Award - AXA AFFIN Life
Insurance Innovation Award - AXA AFFIN LifeThe Digital Insurer
 
Startup InsurTech Award - iCede
Startup InsurTech Award - iCedeStartup InsurTech Award - iCede
Startup InsurTech Award - iCedeThe Digital Insurer
 
Webinar: Digital Health Strategy: Leveraging Emerging Technologies in Healthcare
Webinar: Digital Health Strategy: Leveraging Emerging Technologies in HealthcareWebinar: Digital Health Strategy: Leveraging Emerging Technologies in Healthcare
Webinar: Digital Health Strategy: Leveraging Emerging Technologies in HealthcareIntellectsoft
 
Zurich Insurance at Sitecore Symposium 2018
Zurich Insurance at Sitecore Symposium 2018Zurich Insurance at Sitecore Symposium 2018
Zurich Insurance at Sitecore Symposium 2018Deepak Mathews
 
Webinar Deck for 2018 Digital Insurance Predictions
Webinar Deck for 2018 Digital Insurance PredictionsWebinar Deck for 2018 Digital Insurance Predictions
Webinar Deck for 2018 Digital Insurance PredictionsThe Digital Insurer
 
Webinar Polls for 2018 Digital Insurance Predictions
Webinar Polls for 2018 Digital Insurance PredictionsWebinar Polls for 2018 Digital Insurance Predictions
Webinar Polls for 2018 Digital Insurance PredictionsThe Digital Insurer
 
Infographic | The Growing Need for Fast, Secure Telehealth
Infographic | The Growing Need for Fast, Secure TelehealthInfographic | The Growing Need for Fast, Secure Telehealth
Infographic | The Growing Need for Fast, Secure TelehealthInsight
 
The Digital Insurer - Overview June 2016 for News Correspondent Post
The Digital Insurer - Overview June 2016 for News Correspondent PostThe Digital Insurer - Overview June 2016 for News Correspondent Post
The Digital Insurer - Overview June 2016 for News Correspondent PostThe Digital Insurer
 
Future of digital identity Programme summary - 15 dec 2018 lr
Future of digital identity Programme summary - 15 dec 2018 lrFuture of digital identity Programme summary - 15 dec 2018 lr
Future of digital identity Programme summary - 15 dec 2018 lrFuture Agenda
 
HeathWallace_Mobile_Whitepaper_2015
HeathWallace_Mobile_Whitepaper_2015HeathWallace_Mobile_Whitepaper_2015
HeathWallace_Mobile_Whitepaper_2015Rory Yates
 
Transformation & Tradition: Reimagining the Customer-Agent Experience in Insu...
Transformation & Tradition: Reimagining the Customer-Agent Experience in Insu...Transformation & Tradition: Reimagining the Customer-Agent Experience in Insu...
Transformation & Tradition: Reimagining the Customer-Agent Experience in Insu...Cake and Arrow
 
Webinar Deck for 2018 Health Technology & Impact on Insurance
Webinar Deck for 2018 Health Technology & Impact on InsuranceWebinar Deck for 2018 Health Technology & Impact on Insurance
Webinar Deck for 2018 Health Technology & Impact on InsuranceThe Digital Insurer
 
Digitalbusiness
DigitalbusinessDigitalbusiness
DigitalbusinessHiren Selani
 
Future.Talk 1/2018
Future.Talk 1/2018Future.Talk 1/2018
Future.Talk 1/2018The Digital Insurer
 
Accenture four keys digital trust
Accenture four keys digital trustAccenture four keys digital trust
Accenture four keys digital trustOptimediaSpain
 
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMStaying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMRick Bouter
 
CDI + türki̇ye information webinar
CDI + türki̇ye information webinarCDI + türki̇ye information webinar
CDI + türki̇ye information webinarThe Digital Insurer
 
India's draft Internet of Things -policy
India's draft Internet of Things -policyIndia's draft Internet of Things -policy
India's draft Internet of Things -policyPrayukth K V
 
Global Insurtech Roadshow 2018 – REVIEW
Global Insurtech Roadshow 2018 – REVIEWGlobal Insurtech Roadshow 2018 – REVIEW
Global Insurtech Roadshow 2018 – REVIEWThe Digital Insurer
 
How IoMT is Enabling Healthcare & Medtech Organizations to Tackle Critical Ch...
How IoMT is Enabling Healthcare & Medtech Organizations to Tackle Critical Ch...How IoMT is Enabling Healthcare & Medtech Organizations to Tackle Critical Ch...
How IoMT is Enabling Healthcare & Medtech Organizations to Tackle Critical Ch...JessiRyan1
 
Insurance Technology Trends 2021
Insurance Technology Trends 2021Insurance Technology Trends 2021
Insurance Technology Trends 2021insureedge
 
rp_state-of-market-the-market-the-internet-of-things-2015_en_xg
rp_state-of-market-the-market-the-internet-of-things-2015_en_xgrp_state-of-market-the-market-the-internet-of-things-2015_en_xg
rp_state-of-market-the-market-the-internet-of-things-2015_en_xgMartin Marshall
 
rp_state-of-market-the-market-the-internet-of-things-2015_en_xg
rp_state-of-market-the-market-the-internet-of-things-2015_en_xgrp_state-of-market-the-market-the-internet-of-things-2015_en_xg
rp_state-of-market-the-market-the-internet-of-things-2015_en_xgErica Finelli
 
Cracking the Code on Consumer Fraud | Accenture
Cracking the Code on Consumer Fraud | AccentureCracking the Code on Consumer Fraud | Accenture
Cracking the Code on Consumer Fraud | Accentureaccenture
 
Proof of immunity and the demise of privacy 2020 world in 2030
Proof of immunity and the demise of privacy 2020 world in 2030Proof of immunity and the demise of privacy 2020 world in 2030
Proof of immunity and the demise of privacy 2020 world in 2030Future Agenda
 
Ecosystm IoT combined forecast 2017 - 2022
Ecosystm IoT combined forecast 2017 - 2022Ecosystm IoT combined forecast 2017 - 2022
Ecosystm IoT combined forecast 2017 - 2022Chris White
 
The future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaThe future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaFuture Agenda
 
The Digital Shift in Financial Services
The Digital Shift in Financial ServicesThe Digital Shift in Financial Services
The Digital Shift in Financial ServicesTrustmarque
 
Aon Retail & Wholesale Update 2016
Aon Retail & Wholesale Update 2016Aon Retail & Wholesale Update 2016
Aon Retail & Wholesale Update 2016Graeme Cross
 
Global Risks Report 2014
Global Risks Report 2014Global Risks Report 2014
Global Risks Report 2014ngocjos
 

More Related Content

What's hot

Future of digital identity Programme summary - 15 dec 2018 lr
Future of digital identity Programme summary - 15 dec 2018 lrFuture of digital identity Programme summary - 15 dec 2018 lr
Future of digital identity Programme summary - 15 dec 2018 lrFuture Agenda
 
HeathWallace_Mobile_Whitepaper_2015
HeathWallace_Mobile_Whitepaper_2015HeathWallace_Mobile_Whitepaper_2015
HeathWallace_Mobile_Whitepaper_2015Rory Yates
 
Transformation & Tradition: Reimagining the Customer-Agent Experience in Insu...
Transformation & Tradition: Reimagining the Customer-Agent Experience in Insu...Transformation & Tradition: Reimagining the Customer-Agent Experience in Insu...
Transformation & Tradition: Reimagining the Customer-Agent Experience in Insu...Cake and Arrow
 
Webinar Deck for 2018 Health Technology & Impact on Insurance
Webinar Deck for 2018 Health Technology & Impact on InsuranceWebinar Deck for 2018 Health Technology & Impact on Insurance
Webinar Deck for 2018 Health Technology & Impact on InsuranceThe Digital Insurer
 
Accenture four keys digital trust
Accenture four keys digital trustAccenture four keys digital trust
Accenture four keys digital trustOptimediaSpain
 
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMStaying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMRick Bouter
 
CDI + türki̇ye information webinar
CDI + türki̇ye information webinarCDI + türki̇ye information webinar
CDI + türki̇ye information webinarThe Digital Insurer
 
India's draft Internet of Things -policy
India's draft Internet of Things -policyIndia's draft Internet of Things -policy
India's draft Internet of Things -policyPrayukth K V
 
Global Insurtech Roadshow 2018 – REVIEW
Global Insurtech Roadshow 2018 – REVIEWGlobal Insurtech Roadshow 2018 – REVIEW
Global Insurtech Roadshow 2018 – REVIEWThe Digital Insurer
 
How IoMT is Enabling Healthcare & Medtech Organizations to Tackle Critical Ch...
How IoMT is Enabling Healthcare & Medtech Organizations to Tackle Critical Ch...How IoMT is Enabling Healthcare & Medtech Organizations to Tackle Critical Ch...
How IoMT is Enabling Healthcare & Medtech Organizations to Tackle Critical Ch...JessiRyan1
 
Insurance Technology Trends 2021
Insurance Technology Trends 2021Insurance Technology Trends 2021
Insurance Technology Trends 2021insureedge
 
rp_state-of-market-the-market-the-internet-of-things-2015_en_xg
rp_state-of-market-the-market-the-internet-of-things-2015_en_xgrp_state-of-market-the-market-the-internet-of-things-2015_en_xg
rp_state-of-market-the-market-the-internet-of-things-2015_en_xgMartin Marshall
 
rp_state-of-market-the-market-the-internet-of-things-2015_en_xg
rp_state-of-market-the-market-the-internet-of-things-2015_en_xgrp_state-of-market-the-market-the-internet-of-things-2015_en_xg
rp_state-of-market-the-market-the-internet-of-things-2015_en_xgErica Finelli
 
Cracking the Code on Consumer Fraud | Accenture
Cracking the Code on Consumer Fraud | AccentureCracking the Code on Consumer Fraud | Accenture
Cracking the Code on Consumer Fraud | Accentureaccenture
 
Proof of immunity and the demise of privacy 2020 world in 2030
Proof of immunity and the demise of privacy 2020 world in 2030Proof of immunity and the demise of privacy 2020 world in 2030
Proof of immunity and the demise of privacy 2020 world in 2030Future Agenda
 
Ecosystm IoT combined forecast 2017 - 2022
Ecosystm IoT combined forecast 2017 - 2022Ecosystm IoT combined forecast 2017 - 2022
Ecosystm IoT combined forecast 2017 - 2022Chris White
 
The future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaThe future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaFuture Agenda
 
The Digital Shift in Financial Services
The Digital Shift in Financial ServicesThe Digital Shift in Financial Services
The Digital Shift in Financial ServicesTrustmarque
 

What's hot (20)

Future of digital identity Programme summary - 15 dec 2018 lr
Future of digital identity Programme summary - 15 dec 2018 lrFuture of digital identity Programme summary - 15 dec 2018 lr
Future of digital identity Programme summary - 15 dec 2018 lr
 
HeathWallace_Mobile_Whitepaper_2015
HeathWallace_Mobile_Whitepaper_2015HeathWallace_Mobile_Whitepaper_2015
HeathWallace_Mobile_Whitepaper_2015
 
Transformation & Tradition: Reimagining the Customer-Agent Experience in Insu...
Transformation & Tradition: Reimagining the Customer-Agent Experience in Insu...Transformation & Tradition: Reimagining the Customer-Agent Experience in Insu...
Transformation & Tradition: Reimagining the Customer-Agent Experience in Insu...
 
Webinar Deck for 2018 Health Technology & Impact on Insurance
Webinar Deck for 2018 Health Technology & Impact on InsuranceWebinar Deck for 2018 Health Technology & Impact on Insurance
Webinar Deck for 2018 Health Technology & Impact on Insurance
 
Digitalbusiness
DigitalbusinessDigitalbusiness
Digitalbusiness
 
Future.Talk 1/2018
Future.Talk 1/2018Future.Talk 1/2018
Future.Talk 1/2018
 
Accenture four keys digital trust
Accenture four keys digital trustAccenture four keys digital trust
Accenture four keys digital trust
 
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMStaying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBM
 
CDI + türki̇ye information webinar
CDI + türki̇ye information webinarCDI + türki̇ye information webinar
CDI + türki̇ye information webinar
 
India's draft Internet of Things -policy
India's draft Internet of Things -policyIndia's draft Internet of Things -policy
India's draft Internet of Things -policy
 
Global Insurtech Roadshow 2018 – REVIEW
Global Insurtech Roadshow 2018 – REVIEWGlobal Insurtech Roadshow 2018 – REVIEW
Global Insurtech Roadshow 2018 – REVIEW
 
How IoMT is Enabling Healthcare & Medtech Organizations to Tackle Critical Ch...
How IoMT is Enabling Healthcare & Medtech Organizations to Tackle Critical Ch...How IoMT is Enabling Healthcare & Medtech Organizations to Tackle Critical Ch...
How IoMT is Enabling Healthcare & Medtech Organizations to Tackle Critical Ch...
 
Insurance Technology Trends 2021
Insurance Technology Trends 2021Insurance Technology Trends 2021
Insurance Technology Trends 2021
 
rp_state-of-market-the-market-the-internet-of-things-2015_en_xg
rp_state-of-market-the-market-the-internet-of-things-2015_en_xgrp_state-of-market-the-market-the-internet-of-things-2015_en_xg
rp_state-of-market-the-market-the-internet-of-things-2015_en_xg
 
rp_state-of-market-the-market-the-internet-of-things-2015_en_xg
rp_state-of-market-the-market-the-internet-of-things-2015_en_xgrp_state-of-market-the-market-the-internet-of-things-2015_en_xg
rp_state-of-market-the-market-the-internet-of-things-2015_en_xg
 
Cracking the Code on Consumer Fraud | Accenture
Cracking the Code on Consumer Fraud | AccentureCracking the Code on Consumer Fraud | Accenture
Cracking the Code on Consumer Fraud | Accenture
 
Proof of immunity and the demise of privacy 2020 world in 2030
Proof of immunity and the demise of privacy 2020 world in 2030Proof of immunity and the demise of privacy 2020 world in 2030
Proof of immunity and the demise of privacy 2020 world in 2030
 
Ecosystm IoT combined forecast 2017 - 2022
Ecosystm IoT combined forecast 2017 - 2022Ecosystm IoT combined forecast 2017 - 2022
Ecosystm IoT combined forecast 2017 - 2022
 
The future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaThe future of digital identity 2019 future agenda
The future of digital identity 2019 future agenda
 
The Digital Shift in Financial Services
The Digital Shift in Financial ServicesThe Digital Shift in Financial Services
The Digital Shift in Financial Services
 

Viewers also liked

Aon Retail & Wholesale Update 2016
Aon Retail & Wholesale Update 2016Aon Retail & Wholesale Update 2016
Aon Retail & Wholesale Update 2016Graeme Cross
 
Global Risks Report 2014
Global Risks Report 2014Global Risks Report 2014
Global Risks Report 2014ngocjos
 
World Economic Forum Global Risks 2014
World Economic Forum Global Risks 2014World Economic Forum Global Risks 2014
World Economic Forum Global Risks 2014haemmerle-consulting
 
I går, i dag og i morgen - Security Systems Roadmap, Chris Mallon, IBM US
I går, i dag og i morgen - Security Systems Roadmap, Chris Mallon, IBM USI går, i dag og i morgen - Security Systems Roadmap, Chris Mallon, IBM US
I går, i dag og i morgen - Security Systems Roadmap, Chris Mallon, IBM USIBM Danmark
 
Retail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewRetail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewOCTF Industry Engagement
 
Twitter for Consumer Businesses: Overview of Twitter Business Uses & Trends
Twitter for Consumer Businesses: Overview of Twitter Business Uses & TrendsTwitter for Consumer Businesses: Overview of Twitter Business Uses & Trends
Twitter for Consumer Businesses: Overview of Twitter Business Uses & TrendsAdam Schoenfeld
 
Administering windows xp
Administering windows xpAdministering windows xp
Administering windows xpSamaja
 
Direct Line Case Study
Direct Line Case StudyDirect Line Case Study
Direct Line Case StudyMikekholt
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckArrow ECS UK
 
UK food and drink market update 2016
UK food and drink market update 2016UK food and drink market update 2016
UK food and drink market update 2016Graeme Cross
 
Keeping you and your library safe and secure
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secureLYRASIS
 
Salesforce1 PlatformアーキテクチャWebinar
Salesforce1 PlatformアーキテクチャWebinarSalesforce1 PlatformアーキテクチャWebinar
Salesforce1 PlatformアーキテクチャWebinarSalesforce Developers Japan
 
Human-Rights-Report_2015
Human-Rights-Report_2015Human-Rights-Report_2015
Human-Rights-Report_2015Cam Chau
 
How to hack stuff for cash
How to hack stuff for cashHow to hack stuff for cash
How to hack stuff for cashMarco Schuster
 
Illinois Poison Center 2008 Annual Report
Illinois Poison Center 2008 Annual ReportIllinois Poison Center 2008 Annual Report
Illinois Poison Center 2008 Annual ReportIllinois Poison Center
 

Viewers also liked (18)

Aon Retail & Wholesale Update 2016
Aon Retail & Wholesale Update 2016Aon Retail & Wholesale Update 2016
Aon Retail & Wholesale Update 2016
 
Global Risks Report 2014
Global Risks Report 2014Global Risks Report 2014
Global Risks Report 2014
 
World Economic Forum Global Risks 2014
World Economic Forum Global Risks 2014World Economic Forum Global Risks 2014
World Economic Forum Global Risks 2014
 
I går, i dag og i morgen - Security Systems Roadmap, Chris Mallon, IBM US
I går, i dag og i morgen - Security Systems Roadmap, Chris Mallon, IBM USI går, i dag og i morgen - Security Systems Roadmap, Chris Mallon, IBM US
I går, i dag og i morgen - Security Systems Roadmap, Chris Mallon, IBM US
 
Retail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 OverviewRetail Excellence Ireland - Cyber Threats 2015 Overview
Retail Excellence Ireland - Cyber Threats 2015 Overview
 
Twitter for Consumer Businesses: Overview of Twitter Business Uses & Trends
Twitter for Consumer Businesses: Overview of Twitter Business Uses & TrendsTwitter for Consumer Businesses: Overview of Twitter Business Uses & Trends
Twitter for Consumer Businesses: Overview of Twitter Business Uses & Trends
 
Insurance Fraud Whitepaper
Insurance Fraud WhitepaperInsurance Fraud Whitepaper
Insurance Fraud Whitepaper
 
Administering windows xp
Administering windows xpAdministering windows xp
Administering windows xp
 
Direct Line Case Study
Direct Line Case StudyDirect Line Case Study
Direct Line Case Study
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
 
UK food and drink market update 2016
UK food and drink market update 2016UK food and drink market update 2016
UK food and drink market update 2016
 
4. Centos Administration
4. Centos Administration4. Centos Administration
4. Centos Administration
 
Keeping you and your library safe and secure
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secure
 
CIM Digital Summit 2015 - Direct Line Group: Ash Root's Presentation
CIM Digital Summit 2015 - Direct Line Group: Ash Root's PresentationCIM Digital Summit 2015 - Direct Line Group: Ash Root's Presentation
CIM Digital Summit 2015 - Direct Line Group: Ash Root's Presentation
 
Salesforce1 PlatformアーキテクチャWebinar
Salesforce1 PlatformアーキテクチャWebinarSalesforce1 PlatformアーキテクチャWebinar
Salesforce1 PlatformアーキテクチャWebinar
 
Human-Rights-Report_2015
Human-Rights-Report_2015Human-Rights-Report_2015
Human-Rights-Report_2015
 
How to hack stuff for cash
How to hack stuff for cashHow to hack stuff for cash
How to hack stuff for cash
 
Illinois Poison Center 2008 Annual Report
Illinois Poison Center 2008 Annual ReportIllinois Poison Center 2008 Annual Report
Illinois Poison Center 2008 Annual Report
 

Similar to CRI Retail Cyber Threats

CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"OCTF Industry Engagement
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin OCTF Industry Engagement
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College WorkshopRahul Nayan
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachUlf Mattsson
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?ITU
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better CybersecurityShawn Tuma
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017Craig Devlin
 

Similar to CRI Retail Cyber Threats (20)

Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
 
CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College Workshop
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
 
Cybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slidesCybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slides
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
 
File000119
File000119File000119
File000119
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017
 

More from OCTF Industry Engagement

Cyberpol ISIS Threats Presentation - Redacted
Cyberpol ISIS Threats Presentation - RedactedCyberpol ISIS Threats Presentation - Redacted
Cyberpol ISIS Threats Presentation - RedactedOCTF Industry Engagement
 

More from OCTF Industry Engagement (7)

Cyber999 Brochure
Cyber999 BrochureCyber999 Brochure
Cyber999 Brochure
 
Judgement Day - Slovakia
Judgement Day - SlovakiaJudgement Day - Slovakia
Judgement Day - Slovakia
 
Cyberpol ISIS Threats Presentation - Redacted
Cyberpol ISIS Threats Presentation - RedactedCyberpol ISIS Threats Presentation - Redacted
Cyberpol ISIS Threats Presentation - Redacted
 
Cyber-Risk-Management-Assessment (1)
Cyber-Risk-Management-Assessment (1)Cyber-Risk-Management-Assessment (1)
Cyber-Risk-Management-Assessment (1)
 
CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)CRI-Exec-Cyber-Briefings (1)
CRI-Exec-Cyber-Briefings (1)
 
CRI-Corporate-Profile (1)
CRI-Corporate-Profile (1)CRI-Corporate-Profile (1)
CRI-Corporate-Profile (1)
 
KidSafe - Parental Training Presentation
KidSafe - Parental Training PresentationKidSafe - Parental Training Presentation
KidSafe - Parental Training Presentation
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

CRI Retail Cyber Threats

  • 1. Cyber Executive Briefing Presenter: Paul C Dwyer CEO – Cyber Risk International Date: Oct 9th 2014 Retail Fraud Leicester 2014
  • 2. Paul C Dwyer Paul C Dwyer is an internationally recognised information security expert with over two decades experience and serves as President of ICTTF International Cyber Threat Task Force and Co Chairman of the UK NCA National Crime Agency Industry Group. A certified industry professional by the International Information Systems Security Certification Consortium (ISC2) and the Information System Audit & Control Association (ISACA) and selected for the IT Governance Expert Panel. Paul is a world leading Cyber Security GRC authority. He has been an advisor to Fortune 500 companies including law enforcement agencies, military (NATO) and recently advised DEFCOM UK at Westminster Parliament. He has worked and trained with organisations such as the US Secret Service, Scotland Yard, FBI, National Counter Terrorism Security Office (MI5), is approved by the National Crime Faculty and is a member of the High Tech Crime Network (HTCN). Paul C Dwyer CEO Cyber Risk International
  • 3. THE CYBER WORLD AND THE PHYSICAL ARE INTEGRATED
  • 4. Cyber fronts in the Ukraine! Is it War?
  • 5.
  • 6. What Are Cyber Threats? Cybercrime Cyber Warfare Cyber Espionage Cyber X Adversary
  • 7.
  • 8. Cyber Statistics • Cybercrime costs £27 billion a year in the UK • £1,000 a second • 170,000 ID’s are stolen each year – 1 every three seconds • Theft of IP £9.2 billion (pharmaceuticals, biotechnology, electronics, IT and chemicals) Source: UK Cabinet Office
  • 9. Cybercrime Economy Drivers It’s a business with an excellent economic model. Other reasons, you name it: • Technology • Internet • Recession • “A safe crime” • It’s easy to get involved • Part of Something
  • 11. Crimeware Toolkits Copyright - Paul C Dwyer Ltd - All Rights Reserved
  • 12. Economic Model - the Actors • User – (Account Credentials) • Financial Institution • Supplier • Acquirer/Middlemen • Agents • Carding Forum • Carders • Fraudster (Consumer) • Retailer • Reshipping / drop zone • Money Mule Categories •Wholesalers •Retailers •Independent Contractors
  • 13. Cybercrime – a Business
  • 14. “The Daddy” - History TJ/K Max Dark Market & Shadow Crew 2002 ->
  • 16. A Decade on What Have We Learnt? • Heating/AC Contractors Credentials • Intrusion Months Before Data Theft • Waited for US Thanksgiving Day • Malware KAPTOXA/BlackPOS 7 Months – Average Breach Before Detection 2/3 Cases informed by third party
  • 17. What do they Want? 17
  • 19. Cyber Risks for You • Tangible Costs – Loss of funds – Damage to Systems – Regulatory Fines – Legal Damages – Financial Compensation • Intangible Costs – Loss of competitive advantage (Stolen IP) – Loss of customer and/or partner trust – Loss of integrity (compromised digital assets) – Damage to reputation and brand Quantitative vs. Qualitative 46% Reduction in Profits Following Breach
  • 20. Bottom Line for Retailers • Arms Race – Cat and Mouse • Top 5 Target Groups – Continuously Attacked • You Spend Less on Cyber Security • Low Risk – High Reward for “Bad Guys” – Established Market for Data Assets • Best Data Assets On the Planet • Compliance is NOT Security
  • 21. Retail Factors • Data on networked and distributed systems that are accessible to a widening array of entry points • Broad adoption of mobile applications by retailers adds many other new points of vulnerability • Complex supply chains - more access and data is given to vendors and external partners • Global expansion may require retailers to expand distribution of their own information around the world
  • 23. Some Retailers Doors! • Point-of-sale (POS) terminals in stores • Mobile POS access points • Customer-facing e-commerce websites • Links with each third-party vendor, supply-chain vendor, ecosystem partner and contractor • Employee-facing access points — including those that may utilise employee-owned mobile devices — and the social workplace • Links to connected data centers via the cloud • Links to financial institutions and payment processors • Links to managed service providers • Links to delivery services • Links to all other contractors who are provided with network access • B2B, intranet and extranet portals • In-store wireless routers, kiosks and networks • The expanding “Internet of Things”: IP-based printers, IP-linked surveillance cameras and similar devices
  • 24. Give me some examples
  • 25. I’m not joking! Hack the Human!
  • 26. Bad Guy Targets Individual (Asset) Chooses Weapon from underground forum Reconnaissance Weaponisation Delivery Exploitation C2 Lateral Movement Exfiltration Maintenance Gathers Intelligence About Employee and Assets Exploit Run – Comms Established – Command & Control Server Move Laterally Across Network Exfiltrate Data Protection – Maint Mode
  • 27. When Harry met Sally
  • 28. It’s a IT Cyber Security Problem, Right?
  • 29. 29 Legally It’s a Challenge for the Board! NO
  • 30. Regulatory and Legal EU Data Privacy Directive EU Network Information Security Directive European Convention on Cybercrime 400+ Others – 10,000+ Controls – 175 Legal Jurisdictions Your Organisation
  • 31. Responsibility – Convention Cybercrime All organisations need to be aware of the Convention’s provisions in article 12, paragraph 2: ‘ensure that a legal person can be held liable where the lack of supervision or control by a natural person…has made possible the commission of a criminal offence established in accordance with this Convention’. In other words, directors can be responsible for offences committed by their organisation simply because they failed to adequately exercise their duty of care.
  • 32. Cyber is a Strategic Issue Strategic Level Operational Level Technical Level 32 Macro Security Micro Security How do cyber attacks affect, policies, industry, business decisions? What kind of policies, procedures and business models do we need? How can we solve our security problems with technology?
  • 33. Board Room Discussion •Loss of market share and reputation •Legal Exposure CEO •Audit Failure •Fines and Criminal Charges •Financial Loss CFO/COO •Loss of data confidentiality, CIO integrity and/or availability CHRO •Violation of employee privacy •Loss of customer trust •Loss of brand reputation CMO Increasingly companies are appointing CRO’s and CISO’s with a direct line to the audit committee.
  • 34. Corporate Governance Project Governance Risk Management Cyber Governance Risk Management Cyber Governance Cyber Risk Legal & Compliance Operational Technical
  • 35.
  • 36. Resilience 36 Recognise: Interdependence Leadership Role Responsibility Integrating Cyber Risk Management
  • 37. BUSINESS ICT REQUIREMENTS Business Legal Regulatory REQUIREMENT DRIVERS The Board DIRECT EVALUATE MONITOR CYBER RISK STRATEGY REACTIVE PROACTIVE
  • 38. Thank You – Stay Connected www.paulcdwyer.com youtube.com/paulcdwyer mail@paulcdwyer.com +353-(0)85 888 1364 @paulcdwyer WE IDENTIFY, MITIGATE AND MANAGE CYBER RISKS Cyber Risk International Clonmel House – Forster Way – Swords – Co Dublin – Ireland +353-(0)1- 897 0234 xxxxxx mail@cyberriskinternational.com www.cyberriskinternational.com
  • 39. EXTENDED MATERIAL – CRIMEWARE EXAMPLE
  • 40. Example of Crimeware Tools, Tutorials, Services (Rent & Buy) Spyeye $500
  • 41. Botnets (Rent or Own) Botnet Herder Proxy Proxy Command & Control Server Infected PC Infected PC Infected PC Infected PC Infected PC Infected PC Spam Spam Spam Website DDoS Attack
  • 42. Spyeye – Toolkit Botnet Herder Proxy Spyeye C & C Server
  • 44. Get CC Info Botnet Herder Proxy Spyeye C & C Server or Upload List Infected PC Infected PC Infected PC Infected PC Infected PC Infected PC
  • 45. Place Something For Sale Botnet Herder Proxy Spyeye C & C Server Uploads, Renames and Claims Ownership of Software Utility For Sale on a popular download store
  • 46. Automate Transactions Botnet Herder Proxy Spyeye C & C Server Spyeye automates purchases by form filling at intervals to avoid detection using the stolen credit card information
  • 47. Clean Money Botnet Herder Proxy Spyeye C & C Server
  • 49. Avoid Detection Botnet Herder Proxy Spyeye C & C Server Billing hammer will send the transaction through an infected machine close to the cardholders address to avoid detection