Corporate Security Cyber Crime Charles S. Barr, CPP, CFEP

Corporate Security Cyber Crimecharles S Barr Cpp Cfepresentation

Corporate Security – Cyber Crime Charles S. Barr, CPP, CFE Presentation Topics Private Sector Security Trends Expansion of Security Function Risk Management Security Director’s Role in Cyber Security Cyber Crime’s Global Impact on Business Defining Cyber Crime Categories of Cyber Crime Cyber Extortion-Ransomware Distributed Denial of Service Attacks (DDoS) Theft of Proprietary Information Individual’s Role in Cyber Security Security Manager to Risk Manager Security Manager Guards Guns Locks Risk Manager Information Security Physical Security Personnel Security Information: Fraud Units, AML Units, Creation of a new security position, Chief Information Security Officer, CISO, to focus on Information Security; Clear Desk Inspections, Applicant background; Employee Interim BI, Workplace Violence Workshops, Business Continuity Exercises with IT 3 Security Director-Chief Security Officer Security Director Former military or law enforcement background Criminal Justice Degree Corporate organization position Sub-unit of legal, human resources or real estate Chief Security Officer Private or public sector background Business Degree Corporate organization position Direct reporting line to senior corporate officials Risk Management Anticipating Risks Recognizing Risks Analyzing Risks Take Steps to Reduce or Prevent Risks Evaluate Results 5 Protecting Organization’s Assets Risk manager protects organization’s assets implement controls to reduce the negative risks Asset Anything of value to organization Proprietary information: formulas, trade secrets People Equipment Computer hardware - software Measuring Asset’s Worth Three factors Overall value of asset to organization Immediate impact Indirect impact Can organization function without the asset; short term impact, long term impact, impact on other assets 7 Security Director’s Focus Cyber Security Five Areas 1.

Operational 2. Physical 3. Electronic 4. Cultural 5. Non-Tangible Paul Benne, Seminar, 2015, ASIS Western New Jersey Chapter 8 Operational -Know the means & methods of cyber adversaries-the enemy -Establish policies, procedures, programs and training to protect organization’s assets Physical -Control physical access to data systems including computers, data centers, co-locations & facility -Ensure walls, doors & ceilings are hardened according to asset value Electronic -Consider analytics technologies to provide advanced warning systems -Incorporate complexities in ID credentials -Use electronic system or combination of systems to assist in the physical & operational security efforts Cultural -Educate employees about threats -Test them -Reward them -Cultivate a culture of awareness -Question everything Non-Tangible -Communicate with employees -Give employees a clear pathway & permission to act on suspicious activities What is Cyber Crime Cyber Crime & Technology Cyber crime definitions Cyber crime : intended act using computers or other technologies in a virtual setting, internet Computer crime: criminal act committed with a computer Computer-related crime: criminal act in which a computer is involved, even peripherally Digital crime: unauthorized access, dissemination, corruption of electronically stored data Definitions used interchangeably by security professionals 15 Cyber Extortion-Ransomware Form of online crime Cybercriminal uses internet, threatens to attack systems or hold data assets until payment is made After payment sends decryption key to victim Originally cybercriminals used DDoS attacks to force victim into submission 16 History of Ransomware - earliest cases seen in Russia Used TROJ_CRYZIP.A that zipped certain files before overwriting the original files Left only password-protected zip files in the user’s system Ransom note demanded $300 Targeted files types-DOC, XLS, JPG, ZIP, PDF History of Ransomware, continued By March 2012, spread across Europe & North America Some displayed a notification page from victim’s local police agency instead of ransom note See examples in following slides Mexico United States Ransomware 2016 First Quarter of 2016, compared to last Quarter 2015 has seen a 789% increase in the number of phishing emails containing malicious code, mostly ransomware, according to PhishMe, security company providing anti-phishing solutions.

Phishing-solicitation of personal information via e-mail by cyber-criminals for fraudulent purposes JavaScript download applications are main carriers Payment is usually made in Bitcoin, digital currency Ransomware 2016, continued Ransomware 2016, continued Ransomware 2016, continued Distributed Denial of Service Attacks (DDoS) Attack overloads company system, web-server, with numerous communications, prevents legitimate traffic from getting through Use multiple personal computers (PC’s) without owners knowledge Use as a diversion, attackers steal money from accounts using stolen credentials Banks, e-commerce and retail companies common targets DDoS Attacks continued E-MAIL EXTORTION CAMPAIGNS THREATENING DISTRIBUTED DENIAL OF SERVICE ATTACKS The Internet Crime Complaint Center (IC3) recently received an increasing number of complaints from businesses reporting extortion campaigns via e-mail.

In a typical complaint, the victim business receives an e-mail threatening a Distributed Denial of Service (DDoS) attack to its Website unless it pays a ransom. Ransoms vary in price and are usually demanded in Bitcoin. Source: FBI, July 31, 2015 Alert Number I-073115-PSA DDoS Attacks continued Attack Motivations Richard Clark, former Special Advisor to the US President, provided following: Cybercrime: financial gain Hacktivisim: ideological-persuade certain actions or “voices†Espionage: gain information on another organization for an advantage War (Cyber): attack adversary’s centers of power, critical infrastructure entities DDoS Attacks continued Radware’s Global Security Report: Security Industry Survey ( global respondents 39% - large organizations (500 million annual revenue) 23 industries: mostly telecom/internet/cloud; fin’l services; comp-related products & manufacturing Interviews of eleven top security officers from groups Radware’s Security Survey Results DDoS most cited threat type-46% Unauthorized access-41% Advanced persistent threats-39% Security Survey Results, continued Business Concerns Due to Cyber-Attacks Reputational Loss-47% Revenue Loss-21% Service Outage-12% Productivity Loss-7% Customer/Partner Loss-5% Penalties/Fines-3% US Justice Department Case On January 21, 2016, a grand jury in the Southern District of New York indicted seven Iranian nationals for their involvement in conspiracies to conduct a coordinated campaign of distributed denial of service (“DDoSâ€) attacks against the United States financial sector and other United States companies from 2011 through 2013.

Each defendant was a manager or employee of ITSecTeam or Mersad, private security computer companies based in the Islamic Republic of Iran that performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps. Theft of Proprietary Information More than one-half of NYSE companies identified cyber threats as risks in SEC filings Kellogg Co. identified food production processes as a critical asset Dedicated security group to protect trade secrets Trade secrets stored on a system not connected to the internet WSJ article (6/29/14) Kellogg hired a first time Chief Information Security Officer, CISO 32 Proprietary Information Valuable asset for many organizations 1.

Intellectual property Commercially valuable product of human intellect 2. Trade secrets Financial, business, scientific, technical, economic or engineering information Proprietary Information 3. Patented material Information has the government grant of right, privilege or authority, excludes others from using, marketing or selling material for period of time Property right for original work of authorship Literary Musical Dramatic Graphic Proprietary Theft Case Example 4/30/15: Kolon Industries Inc., South Korean industrial company pled guilty to conspiring to steal trade secrets from E. I. DuPont de Nemours & Co.’s (DuPont) 6/06-2/09: Kolon conspired with former DuPont employees to steal secrets for making Kevlar, high-strength fiber used for body armor and other products Fined $360 million in restitution/fines Individual Role in Cyber Security Protect Company Information Protect Personal Information Any Questions

Paper For Above instruction

Cybercrime has emerged as a significant threat to organizations worldwide, fundamentally altering the landscape of corporate security. As technology advances, so do the tactics employed by cybercriminals, necessitating a comprehensive approach that integrates cyber security into traditional physical and organizational security frameworks. This paper explores the multifaceted domain of cybercrime within corporate security, examining its categories, the evolving roles of security personnel, prevalent threats such as ransomware, DDoS attacks, and trade secret theft, and strategies for mitigation and management.

To effectively address cybercrime, understanding its definitions and classifications is essential. Cybercrime encompasses any criminal act committed through the use of computers or digital technology, including unauthorized access, dissemination of malicious data, and digital extortion. Cyber extortion, notably ransomware, has become particularly prevalent, leveraging encryption to hold data hostage until ransom is paid. The history of ransomware reveals it initially targeted individual users and small organizations but has since evolved into a sophisticated tool used against large enterprises and critical infrastructure, often demanding payment in cryptocurrencies like Bitcoin (Britz, 2013; Dempsey, 2011).

One of the significant challenges organizations face is DDoS attacks, which overload servers with traffic, rendering services inaccessible—a tactic often used as a diversion to facilitate other cybercrimes such as theft or fraud. According to Radware’s 2015 Global Security Report, DDoS remains a primary threat, especially to financial institutions and e-commerce platforms (Radware, 2015). These attacks are motivated by various factors, including financial gain, ideological reasons, espionage, and cyber warfare (Clark, 2015). The motivations behind cyber-attacks influence the strategies security managers must adopt to defend critical assets effectively.

Protection of proprietary information is another critical aspect of cyber security. Trade secrets, intellectual property, and confidential data constitute valuable assets that require stringent safeguards. Notably, organizations like Kellogg’s have established dedicated security teams and implemented best practices such as storing trade secrets on systems disconnected from the internet to mitigate risks of theft (Wall Street Journal, 2014). The theft of proprietary information often involves insider threats or external hackers employing advanced techniques, including spear-phishing and malware, to infiltrate organizational defenses (Britz, 2013).

The role of security personnel is evolving from traditional guards to risk managers with a focus on cyber security. A security director must possess knowledge of cyber threats and establish policies, such as employee training programs, to foster a security-aware culture. The creation of new roles like the Chief Information Security Officer (CISO) reflects this shift, emphasizing strategic oversight and incident response capabilities (Benne, 2015). Furthermore, physical security controls—such as access restrictions and surveillance—remain vital in safeguarding data centers and sensitive environments.

Effective risk management involves identifying, assessing, and mitigating risks associated with digital assets. A comprehensive risk management approach considers factors like immediate and long-term impacts, overall asset value, and the likelihood of threats materializing. Organizations must implement controls, such as encryption, multi-factor authentication, and continuous monitoring, to reduce vulnerabilities (Hess, 2009). Regular audits, incident response plans, and business continuity exercises further enhance resilience against cyber threats.

The global scope of cybercrime underscores the need for international cooperation and legal frameworks. Cases such as the indictment of Iranian nationals involved in DDoS attacks highlight the transnational nature of cyber threats (FBI, 2016). Legal actions, coupled with technological safeguards, form an integrated defense strategy. Companies are increasingly recognizing the importance of cybersecurity investments, evidenced by the appointment of CISO roles and the development of policies aligning with regulatory standards such as GDPR and NIST guidelines (Yadron, 2014).

In conclusion, cybercrime presents a dynamic and multifaceted challenge to corporate security. Organizations must adopt a layered defense strategy that includes physical security, cyber-specific controls, personnel training, and proactive risk management. By understanding cyber threat categories and responding effectively, organizations can protect their assets, preserve their reputation, and ensure operational continuity in an increasingly digital world.

References

• Britz, M.T. (2013). Computer Forensics and Cyber Crime. Pearson Education.
• Dempsey, J.S. (2011). Introduction to Private Security. Wadsworth.
• FBI. (2016). Indictment of Iranian nationals for DDoS attacks. U.S. Department of Justice.
• Hess, K.M. (2009). Introduction to Private Security. Wadsworth.
• Radware Inc. (2015). Global Application & Network Security Report.
• Wall Street Journal. (2014). “Corporate boards race to shore up cybersecurity.”
• Yadron, D. (2014). “Corporate Boards Race to Shore Up Cybersecurity.” The Wall Street Journal.
• Clark, R. (2015). Cyberattack motivations and implications. seminar, ASIS Western New Jersey Chapter.
• Britz, M.T. (2013). Computer Forensics and Cyber Crime. Pearson Education.
• Trend Micro Inc. et al. (2016). Reports on ransomware trends.