Discussion on how Certified Fraud Examiners (CFE's) can utilize Security Analytics to improve data security, compliance, and productivity within organizations.
Highlights include:
Employee Fraud Trends
Data Security Trends
Compliance Trends
Productivity Loss
Tools
Financial Needs
BYOD
ROAR
Litigation
Spoliation
2. Fraud Stats
+40yo woman
$994 B
Getting Worse
Media loss = $175,000
25% loss = > $1M
Not a “drive by”, but slow, painful death
Most Orgs do not recover
3. More Concerning?
Fraudster more likely to be ratted out by
pal than “discovered”
SMB’s especially vulnerable
Median loss by Executive Fraud? $853,000
5. Fraud (Dictionary.com)
Fraud [frawd]
Noun
Deceit, trickery, sharp practice, or breach of
confidence perpetrated for profit or to gain
some unfair or dishonest advantage.
A particular instance of such deceit or trickery:
mail fraud; election fraud.
Any deception, trickery, or humbug
A person who makes deceitful pretenses;
sham, poseur.
8. What if…..
You could predict what was going to
happen?
You could KNOW who was going to steal?
You could stop the crime before it
occurred?
Profiling
9. Security Analytics
It’s not Big Brother, it’s SMART Business
Improves Data Security Exponentially
Mistakes
Desperate
Criminal
Makes Compliance Easier
Can provide Productivity metrics
Termination Justification
Training Needs
Resource Allocation
Cost Saving Opportunities
Examples:
Lockheed, Fidelity, USPS, Kaiser Permanente, more
10. Data Security
Information is Money
Most companies don’t watch the inside
IT Control has fallen to Legal Demands
12. Data Security in the PAST
Isolated IT Responsibility
Firewalls & A/V
Break/Fix
13. Data Security TODAY
Overall corporate strategy
HR, Legal, & Finance actively involved
24x7 monitoring
Dedicated Personnel
Training includes:
IT, Legal, HR, Psych, more
14. Compliance
Regulation Compliance is BIG Business
Gov’t PROFIT-Center
HIPAA, SOX, PCI, GLBA, FISMA, Joint
Commission, Dodd-Frank, FINRA, SEC…..
State Level compliance
TIP: More are coming.
15. Compliance in the PAST
Paper Forms
Server Logs
Disparate/Silo’d Data
Toolsto search network to find info
Data is easily manipulated
16. Compliance TODAY
Aggregate results from start
Collect data where it begins not ends
Prelim reports automated
Anomalies ID as they happen
17. Studies show…
Upwards of 30% of screen time is wasted
Social Media is fun
Googling Zombies
Vast extremes
Few admit to training needs
Most DO NOT EVEN REALIZE they are
wasting so much time (it’s only 5
minutes….)
20. Productivity (Dictionary.com)
pro·duc·tiv·i·ty
Noun
the quality, state, or fact of being able to generate,
create, enhance, or bring forth goods and services:
The productivity of the group's effort surprised everyone.
Economics . the rate at which goods and services
having exchange value are brought forth or
produced:
Productivity increased dramatically last year.
27. Results?
Productivity is not:
Words per minute, calls per hour, IM’s per
day, clicks, meetings, or videos.
Productivity, if it can be explained, is:
ALL of it… and then some.
28. Lorenzi ROAR
Collect 1’s and 0’s
Sort in DB
Create Baseline
Match v Others
Anomalies v Usage
Reports @ High Level & In-Depth Level
29. ROARing Results
Tighter Data Security
Training needs ID’d faster
Unnecessary Resources ID’d faster
People
Equipment
Software
Best Practices documented
Individual employee baselines created
Communication (and sales) analysis available
Other in-depth analysis available
Businesses can regain control over their technology
environments
30. Productivity Math
15 minutes/Day X 260 workdays = 65 hours
(3%)
$41,673.83 (SSA 2010 Natl Avg Wage)
3% = $1,250 (lost time per employee)
Studies showing 30% means 624 HOURS
30% = $12,502 (lost time per employee)
31. So, what’s the BIG deal?
Why ROAR?
In-Depth understanding of business needs
Little Risk in expense and experience
Happier Employees
More Productivity
More Revenue potential
Large ROI for little dollars (don’t worry, we’ll convince you
to spend more money with predictive and other analysis
reports…)
Other Benefits
Improved Data Security (unless you already have a team of
people watching screens and analyzing usage)
Streamlined response for Compliance/Regulatory
requirements