security analytics for certified fraud examiners

Fraud Stats +40yo woman $994 B Getting Worse Media loss = $175,000 25% loss = > $1M Not a “drive by”, but slow, painful death Most Orgs do not recover

More Concerning? Fraudster more likely to be ratted out by

pal than “discovered” SMB’s especially vulnerable Median loss by Executive Fraud?

$853,000

Most Dangerous to Organization? Organized Crime Random Employees Hacktivists

Fraud (Dictionary.com)

Fraud [frawd] Noun

Deceit, trickery, sharp practice, or breach of confidence perpetrated for profit or to gain some unfair or dishonest advantage.

A particular instance of such deceit or trickery: mail fraud; election fraud.

Any deception, trickery, or humbug A person who makes deceitful pretenses; sham,

poseur.

Real Time Information to Stop Fraud & AbuseThe Lorenzi Group

What Is? Ongoing Analytical analysis of user

generated data

What if….. You could predict what was going to

happen? You could KNOW who was going to

steal? You could stop the crime before it

occurred?

Profiling

Security Analytics It’s not Big Brother, it’s SMART Business Improves Data Security Exponentially

Mistakes Desperate Criminal

Makes Compliance Easier Can provide Productivity metrics

Termination Justification Training Needs Resource Allocation Cost Saving Opportunities

Examples:Lockheed, Fidelity, USPS, Kaiser Permanente, more

Data Security Information is Money Most companies don’t watch the inside IT Control has fallen to Legal Demands

Set it and Forget it Security is

DEAD

Data Security in the PAST Isolated IT Responsibility Firewalls & A/V Break/Fix

Data Security TODAY Overall corporate strategy HR, Legal, & Finance actively involved 24x7 monitoring Dedicated Personnel Training includes: IT, Legal, HR, Psych,

more

Compliance Regulation Compliance is BIG Business Gov’t PROFIT-Center HIPAA, SOX, PCI, GLBA, FISMA, Joint

Commission, Dodd-Frank, FINRA, SEC….. State Level compliance

TIP: More are coming.

Compliance in the PAST Paper Forms Server Logs Disparate/Silo’d Data

Tools to search network to find info Data is easily manipulated

Compliance TODAY Aggregate results from start Collect data where it begins not ends Prelim reports automated Anomalies ID as they happen

Studies show… Upwards of 30% of screen time is

wasted Social Media is fun Googling Zombies Vast extremes Few admit to training needs Most DO NOT EVEN REALIZE they are

wasting so much time (it’s only 5 minutes….)

Results? Productivity lost Viruses & Malware introduced Untrained employees Frustrated employees Fraud opportunities increased Loss of competitiveness

What is Productivity?

?

Productivity (Dictionary.com)

pro·duc·tiv·i·ty Noun

the quality, state, or fact of being able to generate, create, enhance, or bring forth goods and services: The productivity of the group's effort surprised everyone.

Economics . the rate at which goods and services having exchange value are brought forth or produced: 

Productivity increased dramatically last year.

Productivity (in the beginning)

Productivity

Productivity (industrial revolution)

Productivity (1 dimension)

Productivity (knowledge revolution)

Productivity (today and beyond)

Results? Productivity is not:

Words per minute, calls per hour, IM’s per day, clicks, meetings, or videos.

Productivity, if it can be explained, is: ALL of it… and then some.

Lorenzi ROAR Collect 1’s and 0’s Sort in DB Create Baseline Match v Others Anomalies v Usage Reports @ High Level & In-Depth Level

ROARing Results Tighter Data Security Training needs ID’d faster Unnecessary Resources ID’d faster

People Equipment Software

Best Practices documented Individual employee baselines created Communication (and sales) analysis available Other in-depth analysis available Businesses can regain control over their technology

environments

Productivity Math15 minutes/Day X 260 workdays = 65

hours (3%)$41,673.83 (SSA 2010 Natl Avg Wage)3% = $1,250 (lost time per employee)

Studies showing 30% means 624 HOURS30% = $12,502 (lost time per employee)

So, what’s the BIG deal? Why ROAR?

In-Depth understanding of business needs Little Risk in expense and experience Happier Employees More Productivity More Revenue potential Large ROI for little dollars (don’t worry, we’ll convince you to

spend more money with predictive and other analysis reports…)

Other Benefits Improved Data Security (unless you already have a team of

people watching screens and analyzing usage) Streamlined response for Compliance/Regulatory

requirements

BYOD Stored Communications Act

Employee Owned/Company Paid

Company Owned

Litigation Is coming…..

Litigation Holds Spoliation (YOU could be responsible)

Final Thoughts Security Analytics is available TODAY Reduces Fraud Increases Productivity Makes Compliance regulation easier

Questions?

Robert Fitzgerald

The Lorenzi Group866-632-9880 x123

www.thelorenzigroup.comrfitzgerald@thelorenzigroup.com