Cybercrime Trends ©2020 Cliftonlarsonallen Cliftonlarsonallen ©2020 LLP 2020 Update

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor the information containedinformation herein.the inform the user any of changes in tax laws or other factorsthat affectcould based information. thisupon CliftonLarsonAllen LLPassumes obligationno to her CliftonLarsonAllenotherprofessional taxor action LLPtaking any to prior tax factors actionany if be to is contemplated. The user should contacthis or circumstancesor needs, and may require consideration - non of this materialmay not be applicable to, or suitable for, the user’s specific provided CliftonLarsonAllenby LLP theto user. The user also cautionedis that should be not construed, as legal, accounting, or tax advice or opinion The informationcontained hereingeneral isnature not intended, inand is and Disclaimers Create Opportunities tax and othertax and 2 ©2020 CliftonLarsonAllen LLP • Learning Objectives • • • • • Create Opportunities Identify solutions to help minimize solutionsIdentify minimize to help risk weaknesses security common information Identify litigationissuescybercrime recent Identify targeting schoolyour are hackers why and how Explain using tactics are hackers and trends fraud payment Recognize Identify cybercrimes 3 ©2020 CliftonLarsonAllen LLP Hackers have “monetized” their activity Create Opportunities – – – – targeted organizations Smaller “hands More sophistication More hacking More - on” effort on”

©2020 CliftonLarsonAllen LLP CurrentStateAffairs of Credential “Harvesting” Payment Fraud Ransomware Organized Crime • • • • Create Opportunities Use credentialsof to commit credit and banking online card fraud “Corporate Account Take yourHolding data hostage theft personal of Wholesale information - Over” Over” - aka CATO

©2020 CliftonLarsonAllen LLP Ransomware Create Opportunities Ransomware • • • • like Macs Starting last attacks types intoofeffort these over the Attackers Encrypt CryptoWall petya – Data Data year , Ryuk on local machine and on all data, hold it “ransom”all data, holdit for to target to target operating other systems, are putting much more time and and time more putting much are , CryptoLocker etc. , wannacry network , $$

©2020 CliftonLarsonAllen LLP Ransomware Create Opportunities 3. 2. 1. 3 Generations Local machine plus plus machine Local permissions network plus machine Local only machine Local ENTIRE NETWORK ENTIRE

©2020 CliftonLarsonAllen LLP Payment Payment  Fraud Create Opportunities CorporateAccount Takeover 3. 2. 1. 3. 2. 1. Recon/email persuasion Recon/email malware Deploy malware Deploy 1. CEO attack emailBusiness Compromise “Whaling” NEW NEW – W2 attacks W2 – – man in the middle the in man keystroke logger – 3 Versions 

©2020 CliftonLarsonAllen LLP Payment  Fraud Create Opportunities CATOMeasures Defensive • • • • • • • • Out of band authentication of Out - Multi - Multi Activity monitoring control Dual filtering address IP andACH block filter pay Positive factor authentication authentication layer

©2020 CliftonLarsonAllen LLP Create Opportunities COVID “Opportunities” 6. 5. 4. 3. 2. 1. Re- force Work Remote news related Virus/health Political news PPP programs funding SBA opening of businesses 12 ©2020 CliftonLarsonAllen LLP Create Opportunities “Spear Phishing” is What Phishing of form some in cause root a have breaches Most COVID “Opportunities” 13 ©2020 CliftonLarsonAllen LLP Create Opportunities Example Coronavirus email - email Coronavirus Example March 14

©2020 CliftonLarsonAllen LLP Payment  Fraud Create Opportunities Mitigation Keys Mitigation • • • • • • • • incident response Implement breach monitoring/ back gap the Air online bankingfor used PC Isolate the relationshipMaximize with the bank Remove local administrators Maintain current patch levels phishing email regarding Train users Use MFA forUsecloud all apps – Best practiceBestADMINS? for up media up

©2020 CliftonLarsonAllen LLP CurrentStateAffairs of $ be again.”be Evenbe. will that is merginginto category: one those that havehacked been will and aretwo only types of companies: Those “There thathave hackedbeen those that and Create Opportunities $2.1 it reach: will theorize companies Some $400 to: up business cost cybercrime Global The Cost TRILLION BILLION annually by 2019 - Robert Mueller

WEALTH ADVISORY | OUTSOURCING | AUDIT, TAX, AND CONSULTING

Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor 96% ofAttacks 96% are Preventable! Create Opportunities IntrusionAnalysis: CLAIncident Handling Team Analysis: Intrusion IntrusionAnalysis: CERT Coordination Center IntrusionAnalysis: Verizon BusinessServices TrustWave

©2020 CliftonLarsonAllen LLP Strategies Create Opportunities Our information security strategy objectives: following the have should • • • institutionmaximized is financial our with Relationship malware to resistant Networks are that savvy Users morewhoare aware and

©2020 CliftonLarsonAllen LLP Ten KeysTen to Mitigate Risk 2. Create Opportunities • • and permissions Defined user access roles roles access user Defined – Users should least privilege Principal of minimum access and administrator rights practical) (if removed be should “Local Admin” in Windows NOT have system X X X

©2020 CliftonLarsonAllen LLP Ten KeysTen to Mitigate Risk • • • • • 3. Hardened internal Hardenedsystems3. Create Opportunities listing applicationConsider white Strong Passwords Use Change default password Turnservices off unneeded Hardening checklists (end points)(end - • • • • • 4. Encryption strategy Encryption 4. Mobile media phones cell enabled Email drivesThumb desktops and Laptops Email centered – data data

©2020 CliftonLarsonAllen LLP  Ten KeysTen to Mitigate Risk 5. Create Opportunities • • • Vulnerability management process management Vulnerability • Testing to validate effectivenessvalidate to Testing Application patches patches systemOperating “belt and suspenders “belt and   ”   –   

©2020 CliftonLarsonAllen LLP Ten KeysTen to Mitigate Risk • • • • 6. Well6. defined perimeter security Create Opportunities points) hosts, AND workstations (end for networktraffic, Internet facing Detection/PreventionIntrusion traffic in out AND Firewall gateway/filterEmail Network segments – “Proxy” integration“Proxy” for layers • • • • • analysis, and automated alerting Know like…looks what “normal” Applications Servers Network authentication Routing infrastructure 7. Centralized audit logging, capabilities

©2020 CliftonLarsonAllen LLP Ten KeysTen to Mitigate Risk Create Opportunities 8. • • • • • • Defined incident response planand procedures response incident Defined Practice… Insurance preparedness Forensic whitelisting Application Including dataleakage prevention and monitoring preparedBe

©2020 CliftonLarsonAllen LLP Ten KeysTen to Mitigate Risk • • • • • • • • Create Opportunities Isolate the used PC for wires/ACH activity account Monitor Review contracts relative to all these filters and ACHblocks ACHpay positive - Out control/verificationDual Multi of - 9. Know/Use Online Banking Tools factor authentication - band verification/callband daily - back thresholdsback

©2020 CliftonLarsonAllen LLP Ten KeysTen to Mitigate Risk Create Opportunities Test Test Test 10. – – – – Application testing Application Social engineering testing testing Penetration approach “Belt suspenders” and ◊ ◊ ◊ ◊ Test internal processes internal Test toolsthe Test with your bank phishing spear Simulate external and Internal