WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor. | ©2016 CliftonLarsonAllen LLP

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor. | ©2016 CliftonLarsonAllen LLP

Trends in Cybersecurity Risk

Farmer Cooperatives Conference November 2016

©20

16 C

lifto

nLar

sonA

llen

LLP

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Raise Your Hand If…

2

©20

16 C

lifto

nLar

sonA

llen

LLP

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Everything Can Talk to Everything….

3

• My product or system can talk to yours!• How do we manage that???

©20

16 C

lifto

nLar

sonA

llen

LLP

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Organized Crime• Cybercrime for Profit: Hackers have

“monetized” their activity– Theft of… PII / PFI /Credit Card Information– Account Take Overs– Interference with operations and availability

• Cybercrime as an Industry:– Markets, Suppliers and Service providers

(“cybercrime as a service”) – Financing and Trading systems– Proliferation of business models and

Specialization

4

©20

16 C

lifto

nLar

sonA

llen

LLP

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Phishing Is One Entry Point

5

©20

16 C

lifto

nLar

sonA

llen

LLP

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

• CEO asks the CFO…• Common mistakes

1. Use of private email2. “Don’t tell anyone”

• Safeguards1. Never use email for sole method

of authorization2. Ensure recipient has VERBALLY

validated with “source” of email for financial transactions

• http://www.csoonline.com/article/2884339/malware-cybercrime/omahas-scoular-co-loses-17-million-after-spearphishing-attack.html

Persuasion Attack – CEO Impersonation

6

©20

16 C

lifto

nLar

sonA

llen

LLP

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Ransomware

http://www.engadget.com/2016/02/19/hospital-ransomware-a-chilling-wake-up-call/ 7

©20

16 C

lifto

nLar

sonA

llen

LLP

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Ransomware

8

©20

16 C

lifto

nLar

sonA

llen

LLP

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Ransomware

• Malware encrypts everything it can interact with

9

©20

16 C

lifto

nLar

sonA

llen

LLP

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Policies• SANS/CIS 20

Critical Controls

10

People Rules

`

Tools

©20

16 C

lifto

nLar

sonA

llen

LLP

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Defined Standards

11

• Secure Standard Builds• Disciplined Change

Management• Consistent Exception

Control and Documentation

• Documentation

twitter.com/CLAconnectfacebook.com/cliftonlarsonallen

linkedin.com/company/cliftonlarsonallen

©20

16 C

lifto

nLar

sonA

llen

LLP

CLAconnect.com

twitter.com/CLAconnectfacebook.com/cliftonlarsonallen

linkedin.com/company/cliftonlarsonallen

©20

16 C

lifto

nLar

sonA

llen

LLP

CLAconnect.com

Randy Romes, CISSP, CRISC, MCP, PCI-QSAPrincipalInformation Security ServicesRandy.romes@claconnect.com888.529.2648

12