fraud in the crosshairs · micho schumann principal, cyber security services kpmg in the cayman...
TRANSCRIPT
1© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Fraud in the Crosshairs
November 2016
kpmg.ky
For more information please contact Brid Verling or Micho Schumann @ KPMG
2© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Presenters
Micho SchumannPrincipal, Cyber Security ServicesKPMG in the Cayman Islands+ 1 345 815 [email protected]
@MichoSchumann
Brid VerlingSenior Manager, Forensic KPMG in the Cayman Islands+ 1 345 914 [email protected]
For more information please contact Brid Verling or Micho Schumann @ KPMG
3© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
About Profiles of the fraudster
2010348 cases in 69 countries
2013596 cases in 78 countries
2016750 cases in 81 countries
For more information please contact Brid Verling or Micho Schumann @ KPMG
4© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Background
2016— 750 fraudsters from 81 countries. Up from 596 in
prior survey.
— Frauds investigated from March 2013 to August 2015.
— Survey expanded to explore certain topics more deeply
— New in 2016 — delved into technology (enabler and detector) and added a series of questions around the characteristics of the cyber‐fraudsters.
For more information please contact Brid Verling or Micho Schumann @ KPMG
5© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Fundamental characteristics
Autocratic,3x more likely to be regarded as
friendly as not
Well respected
(38%), nearly 4x more likely than someone with a low reputation
Has a sense of superiority
79% male
Has unlimited authority
44%
36–55years of age
Holds an executive level position
(38%)Manager (32%);
Staff (20%)
65% of fraud lasted between 1 and 5 years
Type of Fraud:Misappropriation of Assets (47%); Financial reporting fraud (22%).
Cost of Fraud:Cost to company exceeding $1M (27%).
Source: Global Profiles of the Fraudster, KPMG International, 2016
For more information please contact Brid Verling or Micho Schumann @ KPMG
6© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Age of the fraudster
36–45Years old
18–25Years old
46–55 Years old
Older than55 Years
*The age of the remainder is unknown
Source: Global Profiles of the Fraudster, KPMG International, 2016
26–35Years old
8%
31%
37%
14%
1%
For more information please contact Brid Verling or Micho Schumann @ KPMG
7© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Gender
Remainder unknown gender
Source: Global Profiles of the Fraudster, KPMG International, 2016
Genderof fraudster
17%
79%
For more information please contact Brid Verling or Micho Schumann @ KPMG
8© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Level of seniority
Source: Global Profiles of the Fraudster, KPMG International, 2016
Management (no executive capacity)
Executive — Director
32%
26%
20%
5%
3%3%
2%
Staff member
Executive — Corporate Officer
Non‐Executive Director
Other
Owner/Shareholder
For more information please contact Brid Verling or Micho Schumann @ KPMG
9© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Years of service
Source: Global Profiles of the Fraudster, KPMG International, 2016
2%
19%14%
38%
Less than 1 year 1 to 4 years 4 to 6 years More than 6 years
For more information please contact Brid Verling or Micho Schumann @ KPMG
10© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Fundamental characteristics
Primary FunctionFinance
Level of SeniorityStaff member
Alone or in CollaborationAlone
Has debt20%
Primary FunctionVaried
Level of SeniorityExecutive
Alone or in CollaborationCollaboration
Has debt8%
Source: Global Profiles of the Fraudster, KPMG International, 2016
For more information please contact Brid Verling or Micho Schumann @ KPMG
11© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
5M+ 1M–5M 200K–1M < 200K
5M+ 1M–5M 200K–1M <200K
Colluders
Solo
Cost of Fraud
Source: Global Profiles of the Fraudster, KPMG International, 2016
For more information please contact Brid Verling or Micho Schumann @ KPMG
12© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Fraud by industry Industries should have unique fraud risks, but in the industries listed below the most common type of fraud was misappropriation of assets.
Mostly embezzlement
Financial services
Pharmaceuticals
Consumer & industrial markets
Mostly procurement
fraud
Energy & natural resources
Public sector & information
Communications & entertainment
For more information please contact Brid Verling or Micho Schumann @ KPMG
13© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Fraud triangle
Pressure/ Motivation
Opportunity
Rationalization
For more information please contact Brid Verling or Micho Schumann @ KPMG
14© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Motivation
Source: Global Profiles of the Fraudster, KPMG International, 2016
66% 27% 13% 12%
For personalfinancial gainand greed
Eager/”BecauseI can”
Organizationalculture driven
Desire to meettargets/hide lossesto receive bonus
12% 11% 10% 5%
Desire to meetbudgets/hide
losses to retain job
Desire to meet targets/hide losses to
protect the company
Other notlisted above
Other motives (less than 5%) include: Loss of confidence, avoidance of
regulatory compliance, ratings driven, publicity driven, disruption of
operations
For more information please contact Brid Verling or Micho Schumann @ KPMG
15© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Cyber fraud Characteristics
Tend to be younger
Less years of service
More likely to act alone
More likely to have a sophisticated Modus operandi
More likely to have conducted the fraud over shorter span (83% less than one year)
Source: Global Profiles of the Fraudster, KPMG International, 2016
For more information please contact Brid Verling or Micho Schumann @ KPMG
16© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Was technology used as an enabler to perpetrate the fraud?
Source: Global Profiles of the Fraudster, KPMG International, 2016
16%
26%
47%8%
Yes, the fraud could nothave been perpetratedwithout using technology
Somewhat, but the fraud could likely have occurred without
technology
Technology was not used to perpetrate the
fraud
Yes, to a large degree technology was used to enable the fraud
For more information please contact Brid Verling or Micho Schumann @ KPMG
17© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Means of detection
Tips offs and complaints, other than
formal hotline
Management review
Formal whistle blowing
report/hotline
Accidental Internal audit Suspicious superior
Other internal control
External audit
Self-reported/admitted
Proactive fraud-focused data analytics
27%24% 22% 20% 14% 14% 10% 7% 6% 3% 3%
Source: Global Profiles of the Fraudster, KPMG International, 2016
For more information please contact Brid Verling or Micho Schumann @ KPMG
18© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
• Weak internal control environment
• Management decisions dominated by an individual or small group
• Manager has very aggressive attitude
• Manager’s place great emphasis on earnings projections
• Consistently late reports
• Company has significant and unusual related-party transactions
• Company profit lags the industry
• Company is decentralized without much monitoring
• Auditors have doubt about company as a going concern
• Company has many difficult accounting measurement and presentation issues
• Company has significant transactions or balances that are difficult to audit
• Evasive when responding to auditor’s inquiries
• Company accounting personnel are lax or inexperienced in their duties
Red flags
For more information please contact Brid Verling or Micho Schumann @ KPMG
19© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Take away points - PREVENT, DETECT & RESPOND
Be vigilant with internal threats — Investigations— Forensic D&A— Whistleblowing programs/outsourcing
Know your business partners & third parties
— 3rd Party Risk Management— Corporate intelligence/ KYC reports
Perform risk assessments— Fraud Risk Management— Regulatory positioning services
Fight back with technology— Forensic technology— Cyber security— D&A
Source: Global Profiles of the Fraudster, KPMG International, 2016
For more information please contact Brid Verling or Micho Schumann @ KPMG
21© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The CIA Triad - the balancing act
Data
Availability
Conf.
Integrity
For more information please contact Brid Verling or Micho Schumann @ KPMG
22© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Cyber Security has become a conversation in every boardroom
March 2016 – Phishing attack leads to breach of employee tax data
Source: KrebsOnSecurity
November 2016 – 400 Million accounts breached
Source: BBC.com
March 2016 – Data breach results in leak of 1.5M client contact details
Source: CNBC
August 2015 – Thousands of users email addresses and passwords compromised.
Source: Cayman Compass
April 2016– 2.6 Terabytes of client data is leaked to the media.
Source: The Guardian
February 2016 – Data affected by Ransomware. Paid 17,000$ to regain access.
Source: PRI
For more information please contact Brid Verling or Micho Schumann @ KPMG
23© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Regulators in the mix
Source: ZDNet. Sept 2015
April 2016
For more information please contact Brid Verling or Micho Schumann @ KPMG
24© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
New “vectors” of threats are accelerating the concern
Bad “Actors” Isolated criminals “Script Kiddies”
YESTERDAY… TODAY…
Targets Identity Theft Self Promotion
Opportunities Theft of Services
Bad “Actors” Organized criminals Foreign States Hactivists
Targets Intellectual Property Financial Information Strategic Access
“Target of Opportunity”
“Target of Opportunity”
“Target of Choice”
“Target of Choice”
For more information please contact Brid Verling or Micho Schumann @ KPMG
25© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Our audit approachPRIVATE & CONFIDENTIAL
New “vectors” of threats are accelerating the concern
WHO ARE THEY?
HACKTIVISM
ORGANISED CRIME
THE INSIDER
STATE-SPONSORED
THE
THREATACTORS
For more information please contact Brid Verling or Micho Schumann @ KPMG
26© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Hacktivism
• Will attack companies, organizations and individuals who are seen as being unethical or not doing the right thing
• Hacking for fun … !
For more information please contact Brid Verling or Micho Schumann @ KPMG
27© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Organised Crime Traditionally based in former Soviet
Republics (Russia, Belarus, Ukraine)
Common attacks: Theft of PII for resale and misuse or resources for hosting of illicit material
Employ blackmail in terms of availability (Threats of denial of service attacks to companies and threats of exposing individuals to embarrassment)
For more information please contact Brid Verling or Micho Schumann @ KPMG
28© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
State Sponsored• Nations where commercial and state interests
are very aligned
• Military or Intelligence assets deployed in commercial environments
• Main aim to achieve competitive advantage for business
• Theft of commercial secrets (Bid information, M&A details)
For more information please contact Brid Verling or Micho Schumann @ KPMG
29© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
The Insider
Source: Prism Magazine
Who has access to what? Recent finds: Administrator passwords, payroll, passports & databases!Access to the CEO’s desktop PC
“Any user with access to valuable assets can act maliciously”
For more information please contact Brid Verling or Micho Schumann @ KPMG
30© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Missing the basics
Did not install a simple security fix on an overlooked
server
For more information please contact Brid Verling or Micho Schumann @ KPMG
31© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Weak passwords
Source: Cayman Compass
Popular passwords0 111111 Cayman
123456 Password Cayman1
1234567 Password1 Ecaytade
For more information please contact Brid Verling or Micho Schumann @ KPMG
32© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
PRIVATE & CONFIDENTIALFree WiFi
Source: Gizmodo.com
For more information please contact Brid Verling or Micho Schumann @ KPMG
33© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Free WiFi
For more information please contact Brid Verling or Micho Schumann @ KPMG
34© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
PRIVATE & CONFIDENTIALSocial engineering
The art of manipulating people into performing actions or divulging confidential information.
For more information please contact Brid Verling or Micho Schumann @ KPMG
35© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
PRIVATE & CONFIDENTIALSocial engineering – four elements
Four elements used in combination
Impersonation & persuasion
Sanitation reconnaissance
Internet & e‐mail spoofing
Unauthorized physical access
For more information please contact Brid Verling or Micho Schumann @ KPMG
36© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Social engineering – real world example
Attack
For more information please contact Brid Verling or Micho Schumann @ KPMG
37© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
RansomWare
For more information please contact Brid Verling or Micho Schumann @ KPMG
38© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Dumpster diving
For more information please contact Brid Verling or Micho Schumann @ KPMG
39© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Physical security
It’s underrated!
For more information please contact Brid Verling or Micho Schumann @ KPMG
40© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Security while traveling
Source: ABCNews. 2012
Source: CNN.com
For more information please contact Brid Verling or Micho Schumann @ KPMG
41© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Key takeaways Cyber Security is an increasingly “Top of House” issue that
is being discussed in the Boardroom and the C-Suite. It is NOT simply a technology issue.
When it is a technology issue, it often comes down to the basics.
Physical Access = Logical Access
Employee training and awareness is a key part of Information Security.
For more information please contact Brid Verling or Micho Schumann @ KPMG
42© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Thank youkpmg.ky
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
© 2016 KPMG, a Cayman Islands partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
kpmg.com/socialmedia kpmg.com/app
For more information please contact Brid Verling or Micho Schumann @ KPMG