The Impact of Cyber Crime on our Economy presentation
-
Upload
mark-es-bernard-cissp-cism-cisa-cgeit-crisc -
Category
Business
-
view
1.592 -
download
4
description
Transcript of The Impact of Cyber Crime on our Economy presentation
Cyber-Crime, Identity Theft
and Privacy Legislation
Compiled by: Mark E. S. Bernard, CISM, PA, Privacy & Security Consultant,
Apollo Computer Consultants Inc., www.apollo-cc.com Date: 2004/02/17
AGENDA
Cyber-Crime
ID Theft
Headlines
Consumer confidence
Privacy Legislation
Summation
CYBER-CRIME
All credits to Powell 2000
RECENT THREATS
As new more advanced
technology finds its way to the
market place law makers need
to keep up.
CYBER-CRIME DEFINED
(1) Crimes in which the computer
is the target of the criminal
activity;
(2) Crimes in which the computer
is a tool used to commit the
crime, and;
(3) Crimes in which the use of the
computer is an incidental
aspect of the commission of
the crime.
2003 SURVEYS
(1). Asset misappropriation reported from 60% of participants (PWC)
(2). Theft of proprietary information cost $70 Million (CSI/FBI)
(3). Denial of services cost $66 Million (CSI/FBI)
(4). Financial fraud cost $10 Million (CSI/FBI)
CYBER-CRIMES 2003 & 2004
0
5
10
15
20
25
30
35
Asset
Mis
appropria
tio
n
Fin
ancia
l
Mis
appropia
tio
n
Corruptio
n &
Brib
ery
Money
Launderin
g
Cyber C
rim
e
Industria
l
Espio
nage
Product P
iracy
NOW
FUTURE
(1) Virus 82%
(2) Insider abuse 80%
(3) Laptop 59%
(4) Unauthorized insider 45%
(5) Denial of service 42%
(6) System penetration 36%
(7) Theft of proprietary info 21%
(8) Sabotage 21%
(9) Financial fraud 15%
(10) Telecom fraud 10%
All credits to 2003 2003 CSI/FBI
% 0F 490 RESPONDENTS
All credits to 2003 PWC
CORPORATE ACCOUNTING
All credits to Bennett
INTERNATIONAL HEADLINES
Enron
- Enron Treasurer gets 5 years
- Arthur Anderson charged for obstruction of justice
- Canadian CIBC to pay 80 Million in fines
- Three Merrill Lynch Executives indicted
WorldCom
- Inflated annual profits
- Improperly accounting of 3.9 Billion expenses
- Accumulated 30 Billion in bad debt
- Largest Corporate bankruptcy in US history
CORPORATE REFORM
All credits to Bennett
INTERNATIONAL HEADLINES
Council of Europe
- Business is the prime target of Cyber-Crime
- However, public authorities and even private citizens are vulnerable too!
- Florida man faces charges of identity theft
- Feds charge 3 in massive credit fraud scheme
IDENTITY THEFT
All credits to Bennett 2001
2003 CANADIAN HEADLINES
- Sept 2003 Student buys BMO computers for resale on eBay, but discover client data on the hard-drives
- Sept 2003 Revenue Canada losses 120,000
Canadians private information
- March 2003 B.C. warns of identity theft
2003 RCMP/CSIS REPORT
- 2003 CSIS report states that payment card fraud
- 2003 CSIS report sates that organized crime is involved
- 2003 one new position added to Maritime region
- 1999 RCMP report states that Cyber-Crime’s #1 concern is Identity Theft
- 2003 Two new positions added to Maritime Tech-Crime Unit
2004 CANADIAN HEADLINES
- Music Industry hunts Canadian pirates
- Ontario asks consumers to get smart
about identity theft
- Canada, USA, Australia crack down on web site fraud
E-COMMERCE IN CANADA
2000
• 6.9% of households purchased goods over the Internet with or without
online payment
• 3.3 Million purchases were made at a value of 417 Million Dollars
• On average each household made 4 purchases at an average total value of
$517.00
• 60% was spent in Canada while 40% was spent outside of Canada
2001
• While purchases increased 73% to 7.2 Billion doubling importance from
0.2% to 0.4% of total operating revenue
• The proportion of businesses purchasing over the Internet increased to 18%
• Business-to-Business exceeded Business-to-Customer by a 4 to 1 ratio
• In 2000 63% businesses used the Internet accounting for 90% of online
economic activity
All credits to Statistics Canada
NB ECONOMICS - OCT 2003
- NB's economy has grow to 2.6%
as of Oct 16th, 2003 & will hit
3.0% in 2004
- NB Exports to the US are in excess
of $10 Billion annually
- 1 in 5 Americans are victims of ID
Theft that's 5.4 Million Americans
All credits to RBC
ID THEFT IN CANADA
Victims 2002 2003 % Economics 2002 2003 Increase
ON 4,031 5,772 43.19% ON $7,188,125.90 $12,682,218.64 $5,494,092.74
BC 1,046 1,829 74.86% BC $1,221,733.15 $1,808,318.45 $586,585.30
AB 635 1,079 69.92% AB $767,110.16 $1,282,716.71 $515,606.55
MB 196 195 -0.51% MB $187,843.92 $194,718.93 $6,875.01
SK 106 202 90.57% SK $84,937.37 $687,992.85 $603,055.48
UNKNOWN 144 34 -76.39% UNKNOWN $12,855.00 $5,640.02 -$7,214.98
NB 131 200 52.67% NB $150,016.54 $261,206.11 $111,189.57
NS 185 223 20.54% NS $222,516.14 $273,347.29 $50,831.15
NF 46 94 104.35% NF $27,480.20 $115,993.06 $88,512.86
PE 16 14 -12.50% PE $7,083.42 $2,150.00 -$4,933.42
NT 2 2 0.00% NT $0.00 $0.00 $0.00
QC 1,646 3,711 125.46% QC $1,916,011.64 $4,246,801.90 $2,330,790.26
YT 2 2 0.00% YT $0.00 $0.00 $0.00
NU 1 2 100.00% NU $1,100.00 $3,000.00 $1,900.00
TOTALS: 8,187 13,359 63.17% TOTALS: $11,786,813.44 $21,564,103.96 $9,777,290.52
ALL CREDITS RCMP PHONEBUSTERS
ONLINE SHOPPING MEN VS WOMEN
All credits to The Conference Board.
CONSUMER CONFIDENCE
eBusiness
2000 $657 Billion
2004 $6.8 Trillion
2003 $18.5 Billion during
holidays aloneAll credits to The Conference Board.
THE PRIVACY FACTS
European Union demanded adequate data protection for trade purposes
e-Commerce has been suffering because of low consumer protection
Technology has out paced law
Consumers need to have control over their private information in the
market place and until now had no laws to support their rights
PRIVACY LEGISLATION
Canadian Privacy Act 1984
Australia Privacy Act 1988
European Union Directive 95/46 EC 1995
USA Children’s Online Privacy Protection Act. 1998
United Kingdom Data Protection Act 1998
Canada, Bill C-6; Personal Information Protection
and Electronic Documents Act 2000
USA, Safe-Harbor Privacy Principles 2000
THE PRIVACY COMMISSIONER
OF CANADA
http://www.privcom.gc.ca
PIPEDA IMPLEMENTATION
STAGE ONE JAN 1, 2001
Federally regulated organizations such as banks, telecommunications and transportation companies
STAGE TWO JAN 1, 2002
The act extends to personal health information
STAGE THREE JAN 1, 2004
The act extends to the collection, use or disclosure of personal information in the course of any commercial activity within a province
PIPEDA PRINCIPLES
ACCOUNTABILITY
IDENTIFYING PURPOSES
CONSENT
LIMITED COLLECTION
LIMITED USE, DISCLOSURE AND RETENTION
ACCURACY
SAFEGUARDS
OPENNESS
INDIVIDUAL ACCESS
PROVIDE RECOURSE
PERSONALLY IDENTIFIABLE INFORMATION DEFINED
Defined by the American Institute of Certified Public Accountants (AICPA)
and the Canadian Institute of Chartered Accountants (CICA)
Personally Identifiable Information (PII) is any information relating to an
identified or identifiable individual.
“Sensitive information”
medical or health conditions
racial or ethnic origin
political opinions
religious or philosophical beliefs
trade union membership
sexual preferences.
customer's name address
telephone number
social security/insurance
other government identification numbers
employer
credit card numbers
personal or family financial information
personal or family medical information
employment history
history of purchases or other transactions
credit records and similar information.
HUMAN RESOURSE OR BUSINESS
RELATED COMPLAINTS?
HR
22%
B
78%
HR related complaints
account for 22% of over all
investigations completed
Business related complaints
account for 78% of over all
investigations
POST-INVESTIGATIONS REQUIRING
FURHER ACTION - HR?
NWF
40%
UR
0%WFR
16%
MF
4%
WF
38%
NJ
2%
D
0%Further action 56%
Not requiring further
action 42%
POST-INVESTIGATIONS REQUIRING
FURHER ACTION - BIZ?
UR
1%
NJ
3%
D
1%
MF
7%
WF
39%
NWF
36%
WFR
13% Further action 56%
Not requiring further
action 39%
Energy
6%Transportati
on
12%
Telecommu
nications
27%
Financial
54%
Commercial
Enterprise
1%
PCO FINDINGS BY INDUSTRY
PCO FINDINGS
-10
0
10
20
30
40
50
UR NWF WF WFR MF NJ D
Financial
Telecommunications
Transportation
Commercial Enterprise
Energy
PCO FINDINGS BY
CLASSIFICATION & INDUSTRY
Action
required
91%
No action
required
9%
FINANCIAL INDUSTRY POST-
INVESTIGATION ACTION REQUIRED?
PIPEDA - FEDERAL COURT
Who owns your e-mail?
One of the Privacy
Commissioners investigations
has made it all the way to
federal court
PIPEDA - FEDERAL COURT
Music Swapping and the right to
privacy
ISP’s need to protect consumers
privacy in compliance with
PIPEDA
PIPEDA does provide a
provision for law breakers
Will consumers confidence and
privacy rights outweigh the law?
CONSUMER CONFIDENCE
GREW IN 2003
Usage is up from 57% to 61%
Internet users trust of online
transactions went up from 27.5% to 33%
21% more users in 2003 have indicated
that they trust online transactions
All credits to The Conference Board.
SUMMATION
Cyber-Crime is real and its happening right here in New Brunswick
just look at the indicators
Technology has out paced legislation and criminals are benefiting
from it
Private business needs to take this seriously
Good privacy practices are good for business and good for our
economy
6 of 10
Thank you!
For additional information on this subject please contact:
Privacy & Security Assurance Professionals
www.apollo-cc.com
6 of 10