TABLE OF CONTENTS

What is Cybersecurity?

History of Cybersecurity

Fundamentals of Cybersecurity: CIA Triad

Data Centre Concepts and security measures

Importance of certain cybersecurity terms

Thank you
 WHAT IS
CYBER
SECURITY? Cybersecurity is important for
protecting individuals,
businesses, and governments
from a variety of threats,
including malware, phishing
attacks, and data breaches.
 Researchers began to explore the
Bob Thomas developed the first antivirus 1960s security implications of interconnected
computer systems.
software, Creeper, which could move across
ARPANET's network. Ray Tomlinson's
Reaper, the first malware antivirus software, 1970s
chased and deleted Creepers. 1987 saw the birth of commercial malware-
examining antiviruses, with Andreas Lüning and
1980s Kai Figge releasing their first software product
The 1990s saw rapid growth and innovation for the Atari ST, the Czechoslovaks creating the
in the Internet, leading to increased cyber first NOD antivirus, and John McAfee launching
attacks. The Morris worm, released in 1988, 1990s VirusScan software in the US.
infected over 6,000 computers, disrupting the
early development of the Internet. In 2000, the first major denial-of-service attack
2000s was launched against the Yahoo! website. And in
2004, the first major data breach occurred at TJX
Companies, exposing the personal information of
over 45 million customers.
2010 - Stuxnet: A sophisticated computer worm that targeted Iranian nuclear
facilities.
2011 - Sony Pictures hack: A cyber attack that targeted Sony Pictures Entertainment,
resulting in the theft of personal information and unreleased films.
2016 - Yahoo! data breaches: Two data breaches that affected over 1 billion Yahoo!
users.
2017 - Yahoo! data breaches: Two data breaches that affected over 1 billion Yahoo!
users.
2019 - Capital One data breach: A data breach that affected over 100 million
customers of the Capital One financial services company.
2020 - SolarWinds Orion hack: A cyber attack that targeted the SolarWinds Orion
software, which is used by many government agencies and businesses around the
world. Microsoft Exchange hack: A cyber attack that targeted the Microsoft Exchange
email server software, resulting in the theft of emails and other sensitive information.
2023 - Shields Health Care Group data breach: The breach affected over 2 million
people and exposed their personal information, including names, addresses, contact
information, and medical records.
 There are a number of ways to protect the confidentiality of information, including:

Encryption: Encryption scrambles data so that it can only be read by

authorized users. Encryption can be used to protect data at rest (stored on a
device) or in transit (transmitted over a network).
Access control: Access control mechanisms restrict access to information to
Confidentiality authorized users. This can be done using passwords, biometric
Ensuring that data is authentication, or other methods.
only accessible to Physical security: Physical security measures protect information from
authorized users. unauthorized physical access. This can include things like locks, security
cameras, and guards.
 There are a number of ways to protect the integrity of information, including:

Data validation: This involves checking data to ensure that it is accurate and
complete. For example, a data validation check might ensure that a
customer's address is in a valid format.
Integrity Checksums: A checksum is a value that is calculated based on the contents
of a file or message. If the file or message is changed, the checksum will also
Ensuring that change. This can be used to detect unauthorized changes to data.
information is Digital signatures: A digital signature is a cryptographic technique that can be
accurate and used to verify the authenticity and integrity of a digital message or document.
complete
 There are a number of things that organizations can do to improve the availability
of their information systems, including:

Redundancy: Having multiple copies of critical systems and data can help
ensure that they are still available even if one component fails.
Load balancing: Distributing traffic across multiple servers can help improve
Availability the performance and availability of websites and other applications.
Ensuring that Disaster recovery planning: Having a plan in place to recover from a disaster
information is can help minimize the downtime and disruption to business operations.
accessible to authorized
users when needed.
 DATA CENTRES
A data centre is a facility that contains computer
systems and other components such as
telecommunications and storage systems.

Data and applications are stored, processed, and distributed via data centres.
Data centres can be cloud-based, which means they are hosted by a third-party
provider, or on-premises, which means they are situated at the organization's
own facilities.
In order to serve important operations like e-commerce, customer relationship
management (CRM), and enterprise resource planning (ERP), data centres are
crucial for many enterprises and organisations.
 Security Measures for Data Centers
FIRE SUPPRESSION AND
PHYSICAL EMERGENCY
Physical security measures, such as Fire suppression systems, such as sprinklers and gas extinguishers, can
security guards, fences, and cameras, help put out fires before they cause significant damage. Emergency
can help prevent unauthorized access to response plans can help data center operators respond to incidents, such
data center facilities. as fires, floods, and earthquakes, in a timely and effective manner.

ENVIRONMENT
TECHNICAL Environmental controls, such as temperature and
humidity control, can help protect data center equipment
Firewalls, Intrusion detection systems (IDS)/ Intrusion prevention from damage.
systems (IPS): IDS systems monitor network traffic for suspicious
activity. IPS systems can block suspicious network traffic. Antivirus
software: Antivirus software detects and removes malware from
computer systems. Access control: restrict access to systems to
authorized users.
VUCA
UNCERTAINITY

Uncertainty refers to the lack of COMPLEXITY

predictability or certainty. In an
uncertain environment, it is difficult
to know what will happen next. This Complexity refers to the
can make it difficult to make interconnectedness of different parts
decisions and to take risks. of a system. In a complex
environment, it is difficult to
understand how different factors
interact with each other. This can
make it difficult to predict the AMBIGUITY
outcome of actions.
VOLATILITY
Ambiguity refers to the lack of clarity
or meaning. In an ambiguous
Volatility refers to the speed and environment, it is difficult to interpret
magnitude of change. In a volatile information and to make sense of
environment, things change quickly the world around us. This can make
and unexpectedly. This can make it it difficult to make decisions and to
difficult to plan for the future or to take action.
make long-term decisions.
VUCA
The VUCA environment is challenging for businesses and individuals alike.
However, it also presents opportunities for those who are able to adapt and thrive
in this environment. Be flexible and adaptable. Things change quickly in a VUCA
environment, so it is important to be able to adapt your plans and strategies
accordingly. Be comfortable with uncertainty. It is important to be able to make
decisions even when you do not have all the information you need.

Overall, SaaS, IaaS, PaaS, VUCA, Big Data, IoE, and IoT
are all important concepts that are shaping the modern
world. By understanding these concepts, businesses and
individuals can better position themselves to succeed in
the VUCA environment.
BIG DATA
Big Data refers to the large and complex datasets that are generated
by modern businesses and organizations. Big Data can be analyzed to
extract valuable insights that can be used to improve decision-making,
operations, and customer experiences.

Improved decision-making: Big data can be used to identify trends and

patterns that would be difficult or impossible to see with smaller datasets.
This information can then be used to make better decisions about everything
from product development to marketing campaigns.

Enhanced customer experiences: Big data can be used to better understand

customer needs and preferences. This information can then be used to
personalize products and services, improve customer service, and create
more targeted marketing campaigns. For example, a streaming service might
use big data to recommend movies and TV shows to users based on their
viewing history.
CLOUD AS A
SERVICE OPTIONS

PAAS
IAAS SAAS
PaaS stands for Platform as a
Service. It is a type of cloud
IaaS stands for Infrastructure computing in which a platform SaaS stands for Software as a
as a Service. It is a type of for developing, running, and Service. It is a type of cloud
cloud computing in which managing applications is computing in which software is
infrastructure, such as servers, delivered to customers over delivered to customers over
storage, and networking, is the internet. PaaS customers the internet. SaaS applications
delivered to customers over can deploy their applications to are typically hosted by a third-
the internet. IaaS customers the PaaS platform without party provider and can be
are responsible for managing having to manage the accessed by customers using
their own applications on the underlying infrastructure. a web browser.
IaaS infrastructure.
 Internet of Things
IoT stands for Internet of Things. It is a subset of IoE
that focuses on the connection of physical objects to
the internet for the purpose of collecting and
transmitting data. IoT devices are typically small, low-
cost, and battery-powered. Wearable devices and
smart sensors are examples of IoT devices.
Internet of Everything
IoE stands for Internet of Everything. It is a term used to
describe the network of physical objects that are
connected to the internet. IoE devices can collect and
transmit data, which can be analyzed to extract New business models and opportunities: IoE and IoT are
valuable insights. Smart homes and smart cities are
enabling new business models and opportunities in a
examples of IoE applications.
variety of industries. For example, IoE is being used to
develop new services for smart cities and smart homes.
IoT is being used to develop new products and services
for wearable devices and connected vehicles.
THANK
YOU!
Cyber Crime
&
Cyber
Attack
 Hi, I’m Nunudzai Mrewa

IT Security Engineer at Twenty8 Labs Malaysia

Malware Analyst
Researcher
 01
Cyber Threats
 Cyber-attack

● Cyber-attacks are
specific, intentional
actions or activities
that target computer
systems
● The primary objective
of cyber-attacks is to
exploit vulnerabilities,
steal sensitive data,
disrupt services
● Cyber-attacks come in
various forms
 Cybercrime

● Cybercrime refers to
criminal activities that
are carried out using
computer networks or
digital devices
● The objective of
cybercriminals is to
commit fraud, theft, data
breaches
● Cybercrimes are typically
committed by
individuals, criminal
organizations, or state-
sponsored actors
 Cyber Security

● Cybersecurity
refers to the
practice of
protecting devices.
● The primary goal of
cybersecurity is to
safeguard
information
● Cybersecurity
involves proactive
measures
 Security

Functionality Usability
 CIA Triad

01 02
Confidentiality Integrity
Keeping information Ensuring that information is
private accurate and trustworthy

03
Availability
Making sure that
information and resources
are accessible when
needed
 Protecting the Pillars of Security

Confidentiality Integrity Availability

Ensure: Restrict access Ensure: Use data Ensure: Employ
using encryption and integrity checks, update redundancy,.
access controls. software.
Violations: DDoS attacks,
Violations: Data Violations: Data downtime due to failures.
breaches, unauthorized tampering,
access. unauthorized changes.
 ● Physical or digital devices
used for authentication and
access control
● Physical- key fobs, access
cards,
● Digital-time-sensitive codes
or one-time passwords

Security Tokens (OTPs)

● Used to authenticate users
 Financial Crime

Fraud Identity Theft ATM Skimming

Investing in non- Identity theft Device on an ATM
existent schemes involves stealing machine that
Using use stolen and misusing captures
cards someone's personal cardholders' data
information during transactions
 Financial Crime

Insider Trading Money Laundering

Using non-public, Disguising financial
confidential assets so they can
financial be used without
information to detection of the
manipulate stock illegal activity that
markets produced them
Digital Hijacks: Ransomware Threats
Think of ransomware as a digital kidnapper for your files
 ● Akira is a ransomware-as-
a-service (RaaS) group
● The Development Bank of
Southern Africa was hit by
a ransomware in June.

Akira ● The compromised

information includes

Ransomware
business names, names of
directors and
shareholders, addresses.

Source:The Record
 ● Customers and clients of
the bank may be

Akira
concerned about the
security of their personal
and financial information,

Ransomware: ● Employees may face

increased risk of identity

After Effects
theft
● The bank faces immediate
challenges in terms of
cybersecurity, reputation
management, and
potential financial losses

Source:The Record
 Common malware families

Kenya Nigeria South Africa

Virus Virus Worms
Spam Botnet Backdoor Botnet

Source:The PcTechMag
 Business
Email
Compromise
 ● It is a sophisticated type of
cybercrime that involves
cybercriminals
compromising and

Business Email
manipulating email
accounts
● Email Account Compromise
Compromise ● Impersonation
● Social Engineering
 Types of Business Email Compromise

Invoice fraud Employee Payroll Changes

The attacker sends The attacker may request

fraudulent invoices to changes to employee payroll
employees responsible for information
payments

CEO Fraud Attorney Impersonation

The attacker impersonates a The attacker pretends to be a

high-ranking executive lawyer or legal representative
 ● Robust email security
practices,
● conduct employee
training on recognizing
phishing and BEC
attempts,

Prevention
● Establish clear
verification processes for
financial transactions and
sensitive information
requests
 Business
Disruption with
AI
 ● AI-powered malware and
bots can autonomously
identify vulnerabilities in
target systems and launch

Automating
attacks without human
intervention.
● Attackers can use AI to
Attacks continuously scan for
weaknesses, allowing them
to exploit new
vulnerabilities as they
emerge
 ● AI can personalize
phishing emails by
Enhanced analyzing the target's
online behavior and
Phishing social media
presence, making the
Attacks emails more
convincing and likely
to succeed
 ● AI can be used to
create malware that
adapts and changes its
behavior in response to
Evasion security measures.
● Machine learning
Detection algorithms can help
malware remain
undetected by
traditional antivirus
software
 Telecoms Fraud

Subscription Fraud SIM Card Cloning

This occurs when someone Criminals duplicate a SIM

uses false information to card, allowing them to make
obtain telecom services or calls and use data on the
devices victim's account

Call Forwarding Fraud Premium Rate Service Fraud

Hackers gain unauthorized Fraudsters set up premium

access to a user's call rate services and trick users
forwarding settings to divert into calling or texting these
calls to a different number numbers
 ● Financial Losses:
Cyberattacks can result in
direct financial losses
● Reputation Damage: A
cyberattack can severely
6 Ways Cyber damage a company's
reputation.

crime Impacts
● Legal and Regulatory
Consequences: Businesses
that experience a data breach

Business or fail to adequately protect

customer data may face legal
repercussions.
 ● Operational Disruption:
Cyberattacks can disrupt
business operations, leading to
downtime
● Intellectual Property Theft:

6 Ways Cyber Cybercriminals may target

businesses to steal intellectual
property, trade secrets, and

crime Impacts ●
proprietary information
Supply Chain Disruption:
Businesses are interconnected
Business through supply chains, and a
cyberattack on one company can
have a domino effect
Conclusion

The world is dynamic and ever changing

We covered:

● Threats
● Affect
● Mitigation
We need a proactive strategy to execute
on anticipated threats!
Thank you for listening
 ...and our sets of editable icons
You can resize these icons without losing quality.
You can change the stroke and fill color; just select the icon and click on the paint bucket/pen.
In Google Slides, you can also use Flaticon’s extension, allowing you to customize and add even more icons.
Educational Icons Medical Icons
Business Icons Teamwork Icons
Help & Support Icons Avatar Icons
Creative Process Icons Performing Arts Icons
Nature Icons
SEO & Marketing Icons
 CYBER SECURITY IN
ZIMBABWE

Presented by:
Mr. T. Gumindoga
Ministry of ICT, Postal & Courier
Services
 Introduction

SMART
PRESENTATION Zimbabwe 2030
OUTLINE
Cyber Security in
Zimbabwe

Conclusion
 ▪ICT is a powerful economic stimulus.
▪ICTs are the underlying nerve system for sustainable
economic development in any country.
▪The ICT sector has proven to be a strong driver of GDP
growth in nations across the world.
▪One study, “Socio-economic Impact of Internet in
Emerging and Developing Economies” estimates that
INTRODUCTION when Internet penetration rises by 10 percent in emerging
economies, it correlates with an incremental GDP
increase of one to two percent.
▪Zimbabwe, like many other countries globally, is fully
aware of the importance of information and
communication technologies for socio-economic
development and transformation.
 • The thrust of NDS1 is to facilitate achievement of an
e-enabled economy where all sectors embrace ICT to
improve efficiency in line with the global trends.

National Priority
Digital Economy
NATIONAL
Economic Growth and
DEVELOPMENT Stability

Areas
STRATEGY(NDS1)
Transport Infrastructure
2021-2025 and Utilities

Food Security & Nutrition

Governance
 • The Ministry of ICTPCS is critical to the attainment of a
Digital Economy through the provision of ICT
solutions and services across all sectors of economy.
• The Ministry’s policy thrust hinges on;
• Improving access to ICTs,
• Increasing ICTs usage,
• Improving ICT governance and
• Ensuring ICT industry growth.

DIGITAL ECONOMY Digital

Infrastructure

Digital
Digital
entrepreneursh
Platforms
ip
Digital
Econom
y

Digital
Digital Skills Financial
Services
 Outcomes
Upper Middle Income Economy by 2030

SMART Zimbabwe 2030

SMART ZIMBABWE Confidence and Security of networks and services

Smart Trade and Commerce

2030 MASTERPLAN

Smart Government

Smart Agriculture
Smart Transport

Smart Education

Smart Tourism

Smart Mining
Smart Health
Smart Cities
…

Pillars
Partnerships, Skills, Capacity Building and Content Development
Platforms

Secure and Shared Infrastructure

Policy, Regulation and Standards

 CYBER SECURITY IN ZIMBABWE
• Enactment of the Cyber and Data Protection Act [12:07]
• National Cyber Security Strategy
• Review of the National Cyber Security Policy
• E-Transactions and e-Commerce Bill
• Training and Cyber Security Awareness programmes
for Civil Servants and Citizens
• Establishment of the Zimbabwe Computer Incident
Response Team ( Zw-CIRT)
CURRENT INITIATIVES • Establishment of the the Data Protection Unit
• Public Key Infrastructure
 CYBER AND DATA PROTECTION ACT [12:07]

▪Cyber and Data Protection Act [Chapter 12:07].

▪Promulgated on 3 December 2021 and effective on date
of gazetting.
▪A culmination of regional efforts to harmonise Data
Protection Laws (SADC –HIPSSA Project). (cybercrime,
data protection, e-transactions)
▪Based on Principles enshrined in the African Union
CYBER SECURITY IN Convention on Cyber Security and Personal Data
ZIMBABWE Protection (Malabo Convention 2014).
▪International good practice and cooperation in protection
of Personal Information in view of rise in abuse of
personal information.
 CYBER AND DATA PROTECTION ACT [12:07]

▪Amends the Criminal Law (Codification and Reform Act

[Chapter 9:23) to provide for offences that are cyber
related.
▪Amends provisions of the Criminal Procedure and
Evidence Act [Chapter 9:07] to provide for admissibility
of electronic evidence and procedures to expedite
preservation of such evidence as well as obligations of
CYBER SECURITY IN service communications providers.
ZIMBABWE ▪Amends the Interceptions of Communications Act
[Chapter 11:20] to provide for establishment of a Cyber
Security and Monitoring of Interceptions of
Communications Centre and its functions.
▪Establishment of the Cyber Security Committee ( 11
Members)
▪Section 5: Establishment of the Data Protection Authority
 DATA PROTECTION AUTHORITY
• Established by section 5 of the Cyber and Data Protection
Act [Chapter 12:07]
• The key institutional mechanism for the enforcement of the
Cyber and Data Protection in Zimbabwe.

CYBER SECURITY IN
ZIMBABWE
 DATA PROTECTION AUTHORITY/ UNIT
• To regulate the manner in which personal information may
be processed through the establishment of conditions for
the lawful processing of data;
• To promote and enforce fair processing of data in
accordance with this Act;
• To issue its opinion either of its own accord, or at the
request of any person with a legitimate interest, on any
matter relating to the application of the Cyber and data
Protection.
CYBER SECURITY IN • To advise the Minister on matters relating to right to privacy
ZIMBABWE and access to information;
• To receive, by post or electronic means or any other
equivalent means, the complaints lodged against data
processing and give feed-back to the claimants or
complainants;
• To conduct research on policy and legal matters relating to
the development of international best practices on the
protection of personal information in Zimbabwe and advise
the Minister accordingly;
• in consultation with the Minister, to facilitate cross border
cooperation in the enforcement of privacy laws and
participating at national, regional and international forums
mandated to deal with the protection of personal
 ZW-CIRT

The Ministry through POTRAZ is setting up the National

Computer Incidents Response team( ZW-CIRT)
• Trusted central coordination point of contact (POC)
for cyber security and incidence response.
• The NCIRT’s aim is to identify, defend, respond and
manage cyber threats.
CYBER SECURITY IN
ZIMBABWE
”Only amateurs attack machines; professionals target people.”

Bruce Schneier
 CAPACITY BUILDING AND AWARENESS

• National Cyber Security Awareness Month

• Zimbabwe Cyber Security Insight Magazine
• Training and capacitating of personnel in Government
Ministries, Departments and Agencies.
• Capacity building initiatives for Judiciary Officers and
Law Enforcement Agencies in the area of Cyber
CYBER SECURITY IN Security.

ZIMBABWE
 ISMS IMPLEMENTATION

• Development of Information Security Policies,

Standards and Procedures based on the ISO 27001
standard for all Government Ministries, Departments
and Agencies.
• Risk Assessment
• Vulnerability Assessments
CYBER SECURITY IN • Penetration Tests
• IS Audits
ZIMBABWE
 • Cyber Security is our shared responsibility
CONCLUSION
 “CYBER FRAUD SUMMIT”
CYBER SECURITY | CYBER FINANCIAL CRIME
Cybercology and AI & Decision Automation
Sprayview Hotel | Victoria Falls| 18 – 22 September 2023
Eng Prudence Kadebu|+263 713385554 | [email protected]
 Introduction
• Cybersecurity incidents are perceived to be entirely
technological in nature.
• Overlap between cybersecurity and social behavior
(psychology).
• Assumptions and stereotypes of cybercriminals.
• Emerging technologies and technology convergence.
• Billions of devices generating data
How the technology landscape is changing

Human Technology Data

Process
The role of
the human
People Create Technology, Drive it
and Consume it

but also…

Compromise it.

Knowledge is power
 Some Interesting Insights
Verizon’s 2019 Data Breach Investigations Report, email was the delivery mechanism
used in 94% of malware attacks

In 2020, the average cost of a data breach was USD 3.86 million globally, and USD 8.64
million in the United States - IBM

Also, in 2020, 93% of cyber attacks started with people instead of technology - Dr. Erik
Huffman, Cyber Psychologist

Verizon’s Business 2022 data breach Investigations Report revealed that the human
element continues to drive breaches, accounting for 82% of all attacks.

New research shows that women make up around 25% of the cybersecurity
workforce.
 The Human Element: Cyberchology

▪ ESET and The Myers-Briggs Company Cyberchology report

Cybersecurity + Psychology = Cyberchology

Threat factors of the human element

▪ Personality
▪ Stress
▪ Human fallibility
▪ Information gap
 Psychology
• The study of behavior and the mind.
• There are different types of psychology, such as
cognitive, forensic, social, and developmental
psychology.
• Technology influences social behavior.
• Concerns over technology destroying the social
fabric
• Emerging technologies
• Metaverse allows one to assume a new
persona in the form of avatars.
• AI and Large Language Models (GPTs)
• Recommender systems (Cambridge Analytica)
• Ethical issues
• New security risks that were previously not
prevalent.
Convergence of
Physical and Digital
• Presence - The VR environment offers the
perception of physical presence as avatars interact.
• Immersion - Active participation in the VR
environment where one feels like they are a part
of the environment totally just like in the physical.
• Embodiment - Magnifies the Proteus effect in
which the behavior of an individual, within virtual
worlds, is changed by the characteristics of the
avatar
• Anonymity - a perception afforded by online
communications allows individuals to take actions
that would otherwise result in legal or social
sanctions.
• Anonymity- a perception afforded by online
communications allows individuals to take actions
that would otherwise result in legal or social
sanctions.

7
•
Human Fallibility and Cyber threats
 Personality
Naturally, people have preferences and if the technology doesn’t suit them, the strategy fails.
Personality Characteristics Risks
Extraverted Work out ideas by talking them through Vulnerable to manipulation, deceit, and persuasion from
personality cybercriminals (social engineering)

People with a Observe and remember details Take cyber security risks but are more likely to spot Phishing
preference for attacks
sensing
People with a Guided by personal values Likely to fall victim to social engineering attacks than those with
preference for a preference for Thinking
Feeling
However, more cautious and therefore more rigorous when
people with a Systematic or structured.
following cyber security policies
preference for
Judging
People with a Solve problems with logic Can over-estimate their own competence, leading to mistakes
preference for
Thinking
Information Gap
Dunning-Kruger Effect

• The cybersecurity/IT professionals are as

vulnerable to phishing and social
engineering attacks as everyone else.
• They’re also just as likely to reveal
information to a hacker as non-technical
staff.
• This isn’t a technical issue, it’s a human
issue.
 The Roadmap: An Organisational Cyber-
security Culture
• Need for a more proactive approach to cybersecurity due to technological
change and the widening information gap
• Dispel the assumption that Cyber-threats come from outside.
• Raise awareness to the unpredictability of today’s Cyber-criminals and Cyber-attacks.
• Conduct CPDs
• Avoid delegation of cyber-security wholly to IT specialists who may be
clueless about human personalities and perceptions.
• Team Coherence.
• Need for diversity (participation of women) in Cyber-security.
• IT as a strategic function.
• Develop a Cybersecurity policy, BYOD policy.
• Audit and enforce cybersecurity compliance
• Capacitate Human Resources function
• Ensure data that is collected is analysed in real time.
The role of
Technology

Technology Change
AI & Decision automation
User Behaviour Analytics – Profiling
Anomaly Detection
AI & Machine Learning

But where human capacity begins

AI allows computers to perform
to plateau in terms of accuracy,
tasks that previously could have
speed, and processing power, AI
been done only by humans.
really begins to gain traction.

Machine Learning makes AI

A computer learns from complex
systems able to acquire their own
data sets, training to become
knowledge, by extracting
smarter as it learns.
patterns from raw data.
AI, Machine Learning, and Deep
Learning
 AI & Machine Learning

Across all industries, decisions can be Organizations make large investments in Pre-trained models are also available for
made more intelligent, more precise or AI and Machine Learning, adoption, customisation and
more personalized with Machine operationalisation to create business
Learning. value.
setting up data science teams,
collecting and organizing data,
creating ML pipelines and
training models.
Automated Decision Services
 Machine Learning and Business
Rules are Complementary
Use Case Machine Learning Business Rules

Score how likely a customer is to buy a Ensure eligibility and

Product Recommendations product decide on personalized offer

Determine propensity of customer to Calculate quote and apply discount if

Insurance Underwriting churn appropriate

Assess likelihood of fraudulent claim Determine eligibility and coverage based on

Insurance Claims Handling policy

Assign probability of default on payment Apply business policies to maintain

Loan Approvals company risk profile

Expose potential for missed connections Apply policies to rebook early/efficiently

Travel Disruptions
Highlight probably irregular entries Flag for investigation or manual review
Tax and Bill Calculations

17
 Intelligent decisions - Leverage
predictions, and decide with rules
Prescriptive Predictive Customer
Rules + Models = Response

Business Rules Insights

Business strategy and Machine Learning model
regulatory constraints trained on historical data

If the applicant And the applicant Then accept the

credit score is low propensity to churn application
is high
And the applicant
is a platinum customer

18
 Decision Automation enables Continuous
Improvement

Machine Predictions
Decision Decisions
Business Operational
Outcomes
Learning Automation Applications Data

Policies
Business Rules

19
 Benefits of Rule
Learning/Transparent ML

Transparency
The model is readable (rules, scorecard)
Predictions are directly explainable
Prediction rules are modifiable
Lifecycle aligned with policy rules
 AI topical issues

Strong AI (Are we ready Ethical AI Explainable AI Brain-Machine Interface

Rogue AI
for it) (Meta)

Cambridge Analytica to advance Cognitive AI

Generative AI AI no longer serving Human-machine
Humanoid robots our interest Oxford Analytica interfaces
(Sofia, the Robot Disempowerment of
Bodyguard) humanity
 The Role of Data
The new gold

Enterprises are drowning in data

Need to derive actionable insights from

data

Big Data needs AI powered models to

make sense of it.

Log data, Processes

Who is generating the data
 Data Analytics

Descriptive Analytics- What happened

Prescriptive Analytics – How will it happen

Predictive Analytics - What might happen in the

future

Diagnostic analytics – Why did it happen

The data analysis
process
Step 1: Define the question
define their objective, what business problem needs to be solved
Step 2: Collect the data
Once the analyst has established their objective for the analysis, they’ll need to
design a strategy for collecting the appropriate data. Determine what kind of
data they’ll need: quantitative (numeric), or qualitative (descriptive) data
Step 3: Clean the data
It’s time to clean! In this step, a data analyst will need to clean the data to make
sure it’s of high quality.
Step 4: Analyse the data
This is the part where the data analyst will apply the methodologies associated
with the analysis type that will best “solve” their problem statement.
Step 5: Visualize and share your findings
The data analyst must now present their findings in a way that’s clear and easily
understood by key stakeholders. In order to do this, an analyst may use
visualization software—such as Tableau or Microsoft Power BI—that will
generate reports, dashboards, or interactive visualizations.
Application
areas by
sector

How technology is changing

various sectors
Digital Transformation
Benefits of customer
experience analytics
▪ Moving away from survey-based approaches to
improve customer experience
▪ Connects the dots and easily identifies patterns,
trends, and problem causes
▪ Empowers the team to visualize the entire
customer journey
▪ Eliminates guess-work in marketing, enables
CRM
▪ Can pinpoint specific interactions and link it
back to customers
▪ Allows teams to check the effectiveness of their
future product campaigns well in advance by
using similar ‘mock’ campaigns
 AI in the
financial industry
• Provide a more personalized user experience
• Send reminders to pay bills, suggest financial planning tools, perks to
understand and track personal finances.
• analyze customer data and recognize unusual behavior based on financial
and purchase history eg double payment, huge tip
• Make better credit decisions
• AI-based credit scoring, bias reduction in loan approvals
• Assess and manage risk
• forecast potential risks so they can take early steps to avoid them.
• Automate repetitive and mundane tasks
• Robotic process automation
• Detect and prevent fraud
• By analyzing spending patterns, location, and customer behavior, for
anomalies in spending habits
• Flag suspicious behavior, at which point a customer can be asked to
provide additional information.
• Block a suspicious transaction altogether.
• Banks can stop fraud in real-time
AI in retail and
e-commerce

• Improve customer experience

• Do a better job of forecasting
• Utilize recommender systems
• Create targeted marketing campaigns
• Identify sellers that violate minimum
advertised pricing (MAP)
• Remodel brick-and-mortar stores
• Routinely perform sentiment analysis
 Surveillance

CCTV is used Footage is While CCTV

for continuously monitoring is
surveillance or recorded and cheaper, it is
remote someone impeded by
monitoring of viewing from human
footage the other end fallibility
identifies factors like
intrusions etc fatigue and it
also consumes
much
Important bandwidth.
events to note
can be easily
missed.
 Smart Surveillance augments CCTV at the site to be monitored.
▪ It not only monitors but also identifies activities worth noting and
raises an alert to the monitoring centre or trigger action

Smart
automatically
▪ Its easier to monitor and control several sites remotely
Surveillance ▪ Edge Computing capabilities reduce bandwidth consumption.
▪ Surveillance is most controversial aspect of AI in ethics. Magnifies
the ability to intrude on privacy and personal details
The essence of time and attendance

The essence of time and attendance is critical in the HR

function of enterprises.

Cloud-based attendance systems help businesses track

employee hours, manage time-related requests,
processing payments and create schedules remotely.

It enables integration with payroll and HR tools.

Finally
• Investment in research on emerging
technologies in areas such as:
• Artificial Intelligence
• CPS and the Internet of Things
• Extended Reality
• Cloud Computing
• Blockchain
• Knowledge Transfer
• Academia
• Government
• Private enterprises
• Infrastructure sharing
• National AI Strategy (Multi-stakeholder
participation)
Thank you

[email protected]
0713385554
 “CYBER FRAUD SUMMIT”
CYBER SECURITY | CYBER FINANCIAL CRIME
Cyber Crime and Cyberattacks
Sprayview Hotel | Victoria Falls| 18 – 22 September 2023
Eng Prudence Kadebu|+263 713385554 | [email protected]
Outline

Cybersecurity
Cybercrime
Cyber Financial Crime
Digital Hijacking
Business Email Compromise
Cyber world and Retail, Rentals and
Telecoms Fraud
Cybercrime
 Financial Crime

• Any fraudulent or unlawful act of obtaining or using money or

property for economic benefit, perpetrated by individuals or
organisations.
• Profiteering from illegal activities.
• Includes:
• Money Laundering
• Unauthorised banking
• Fraud
• Embezzlement
 Cybercrime and financial crime

• Cybercrime
 Market Abuse and Insider Trading
Criminals or insider Market manipulation is when a market
for securities is inflated or deflated to
traders manipulate make it appear that securities are
the market rules worth more or less than their true
value.
and regulations and
gain secret • E.g. the issuer of securities gives
information from money to several people it controls
so that those people will acquire
within the entity, the securities fabricate the
using their power of existence of a market for them.
position personal High demand for an asset = High
financial gain. market value
 Digital Hijacks
Cyber /Digital hijacking, or computer
hijacking, occurs when an attacker takes
control of computer systems, software
programs, and/or network communications.
• Electronic Account Hijacking- a cybercriminal obtains
personal banking information and uses it to take over
your bank accounts. WhatsApp Account Take-Over
• Domain Hijacking – Through phishing, attackers take
over your control panel and point it to a scam site they
control.
• Ransomware Attacks – Targeted at companies
demanding a ransom as high as $70m. RaaS new norm.
• Browser hijacking is most often used to compel a
victim to click on adverts, change the default browser
settings, or reroute online traffic.
 • “the largest and most Beginning in September 2019, the threat actor
first conducted a “dry run,” injecting test code
sophisticated attack the world into SolarWinds’ network management and
has ever seen,” Microsoft Corp monitoring suite of products called Orion.

President Brad Smith

Case • Estimated to have compromised
In February 2020, the threat actor injected
trojanized (hidden) code into a file that was

Study:
later included in SolarWinds’ Orion software
up to 18,000 SolarWinds updates.
customers that used the
Solarwinds company’s Orion network
monitoring software SolarWinds released the software updates to its

Corp
customers not realizing that the updates were
compromised.
• hackers got access to emails at
Attack the U.S. Treasury, Justice and
Commerce departments and The trojanized code had provided the threat
actor with a “backdoor”—a program that can
other agencies give an intruder remote access to an infected
computer.
• Microsoft and many U.S.
Government Agencies. The threat actor was then able to remotely
exploit the networks and systems of SolarWinds’
• cyber hijacking since the hackers customers who had downloaded the
compromised software updates using a
took control of Orion’s software sophisticated computing infrastructure.
compilation process to include a
backdoor in authentic, software
updates.
https://www.gao.gov/blog/solarwinds-cyberattack-demands-significant-federal-and-private-sector-response-infographic
 Business email
compromise
issues
• A damaging form of cybercrime, with the potential
to cost a company millions of dollars.
• A form of phishing scam.
• Attackers often impersonate a trusted person or
entity like an executive, vendor, brand, or internal
system to fool a victim.
• BEC losses involving cryptocurrency rank highest.
• Look out for these forms of BEC:
• Urgent payment required scams
• Gift cards and wire transfers
• Credential compromise scams
Prevention tactics and safeguards to educate
and mitigate risk of business email compromise

• Use secondary channels or two-factor authentication to verify requests for changes in

account information.
• Ensure the URL in emails is associated with the business/individual it claims to be from.
• Be alert to hyperlinks that may contain misspellings of the actual domain name.
• Refrain from supplying login credentials or PII of any sort via email. Be aware that many
emails requesting your personal information may appear to be legitimate.
• Verify the email address used to send emails, especially when using a mobile or handheld
device, by ensuring the sender’s address appears to match who it is coming from.
• Ensure the settings in employees’ computers are enabled to allow full email extensions to be
viewed.
• Monitor your personal financial accounts on a regular basis for irregularities, such as missing
deposits.
• If you discover you are the victim of a fraud incident, immediately contact your financial
institution to request a recall of funds as soon as possible.
• Tool support
Understanding
Financial crime risks in
e-commerce
E-commerce businesses can be exploited for criminal
purposes in four major ways:
• Committing fraud against the customer by failing
to deliver goods or services.
• Buying goods or services using stolen bank card
data.
• Creating e-commerce businesses as a front for
illicit transactions (for example, to accept bank
card payments for drugs).
• Abusing online marketplaces to move criminally
obtained funds (for example, through
the sale of computer-generated books sold via
Amazon).
The latter two present particular money-laundering
and terrorist-financing (financial crime) threats
because they involve consensual transactions that
are intended to remain undetected.
How can we
protect our data
and systems
against these
Cybercrimes?
 Digital Users need Digital services

Businesses aim to provide the best user experience while reducing fraud losses.

Register: any account opening in banks, insurance, government agencies, retailers, gaming
sites etc

Account use: any risky action like downloading expensive analyst reports, changing user
details or making a transaction.

Every day’s Headache – How to Accurately identity risk in real time, combining on device
user behavior with device and session risk for detecting Account Opening Risk and
preventing Account Takeover (ATO).
 Case Study
Protecting Digital Users –
Banking/Insurance/Retail/Gvt

Open Account Account Login Account Activities Transaction

IBM Security Trusteer is a family of cloud services and endpoint device software that helps assess risk, detect fraud,
establish identity and authenticate users.
• A part of the IBM Security portfolio.

https://www.ibm.com/trusteer 14
 Online Fraud Protection – Threat
Intelligence Sources
~120 billion 600 millions 220 million Mobile 350,000 100,000
events per month protected identities devices malware samples phishing sites

IBM Security / © 2020 IBM Corporation 15

 Online Fraud Detection Accuracy

< 0.05% > 90% < 1%

Fraud Alert Fraud Detection Authentication

# Assuing trusteer deployment best practices was followed

16
 Solution Portfolio

• Known User Fraud • Unknown User • Adaptive • Actionable

• (account takeover Fraud • Access • Remediation
fraud) • (new account fraud) • (risk-based • (web malware
authentication) removal)
• Detect • Detect fraudulent
unauthorized account creation by • Balance MFA • Prevent malware
account access by new users requirement and phishing
obtaining a • Policy Abuse between user attempts to gain
legitimate user's experience impact access and control
details or and security. of customer or
generating
employee
synthetic identities
credentials.
Pinpoint Detect Pinpoint Assure Verify Trust Rapport
17
 Key Risk Indicators & Attacks -
Detect and Defend Against

Mobile App Web App Social Engineering Cross Channel

✓ Mobile Malware: ✓ Desktop Malware: ✓ Phone Calls Different attacks (MOs) in

overlay, keylogging redirection, keylogging, which the attacker moves
✓ Social Network
remote overlay between Web and Mobile
✓ Repackaged App
✓ Spear Phishing apps to gain access to the
✓ Remote Access Tools
✓ Downloader App account.
✓ Phishing
✓ Browser Spoofing
✓ Mobile Remote Supporting campaign
Tool ✓ Running in VM
✓ Smishing
✓ Running on Emulator ✓ Human Like BOTs
✓ Vishing
✓ SIM Swap ✓ Mobile Webview
 The Advanced Fraud Protection Breakdown
Look across hundreds of data points and risk indicators

Malicious
Behavior Device Network Account Intelligence Transactions Access
Tooling

• Compromised • Device ID • Location • Web & Mobile • New Device • Known Bad • New Payee • Failed Login
Credentials Malware Device
• Compromised • ISP / Carrier • Dormant • Risky Payee • Failed Auth
• Behavioral Device • Virtual Account • Phone
• Hosting • Transaction • Mutlipe
Biometrics Machines Number
• Abnormal Service • Associated Anomaly Attempts
• Multi-step Attributes • Emulators Devices • Risky IPs
• VPN • Country Risk • Velocity
Attack
• Spoofed Device • Screen Overlays • Phishing
• Call In • Auth Renewal
• Cross-Channel
Progress • Remote Access • Block Lists
• Navigation Flow
• Non-Human
(BOT)

Full Protection !!
Account
Open Account Account Login Activities Transactions
 Example: How does it work?
Login Browse Action

Web User
Visible

Mobile
User

Real time

Collect Analyze Respond & Alert & Fraud

• Device Attributes • Recommend Reporting Feedback
Invisible

User Profiling
• Geo Location • Abnormal behavior
• Behavior • Fraud patterns • Allow
• Malware • … • Step-up
• Network • Restrict
• ... • Deny
Consortium

20
IBM Security Trusteer @ 2023
 The power of Strong US Alert Distribution of Session Risk Reason

Analytics 3%
3%
2%

19%
Access from a known fraudster device
3%
Unusual access using suspicious device attributes
4%
Suspicious access using a Virtual Machine

Unusual activity using a known risky hosting service

5%
Suspicious anomalous pattern of accesses

Suspicious Behavioral Anomaly

Access from a suspicious device using spoofed attributes

5%
13%
Contains similar attributes to a known fraudster's device

Access from a new device

7%
Suspicious access pattern to multiple accounts

Multiple accesses from suspicious device within a short timeframe

Suspicious access using a remote access tool 10%

7%
Suspicious access to a user account with attributes different to those normally seen on the
user's device
Unusual access using suspicious mobile device attributes
8% 9%

21
Threat Research
Lab

Threat
Engineers
Security Reverse
Developers Engineers

Phishing Mobile
Analysts Researchers

Data Web
Scientists Researchers

Fraud
Analysts

22
 Case Management & Auto-Response

Combine Fraud Detection

with SOAR for automating
operational post-detection Fraud

activities, while delivering

a state-of-the-art case
management tool.
• Security Orchestration,
• Automation, and
• Response
SOAR

23
 ▪ Adoption of an integrated and business-wide
approach to cyber security
Cybersecurity ▪ A collaborative Cybersecurity Strategy involving all

Strategy
stakeholders.
▪ Make the end-user the first line of defense
A proactive approach ▪ IT as a strategic function – ITSM / ITIL
to preventing Cyber ▪ Develop and operationalise Cybersecurity
policy
attacks
▪ BYOD policy
▪ Disaster Recovery Plan
▪ Cybersecurity Incident Response Teams
▪ Auditing and enforcement of cybersecurity
compliance
 Never Trust, Always Verify

Check the Live cyber threat map

https://threatmap.checkpoint.com/

Questions
Thank You!!
[email protected]
[email protected]
+263713385554
DARKWEB INVESTIGATION
By Fanwell Sibanda

+263773868314
DARK WEB
• The Dark Web is the World Wide Web content that exists on darknets, overlay networks that use the
Internet but require specific software, configurations, or authorization to access. The dark web forms a
small part of the deep Web, the part of the Web not indexed by web search engines, although sometimes
the term deep Web is mistakenly used to refer specifically to the Dark Web.
• Onion Routing
Onion routing is one of the most common networking methods used to create Darknets and Dark Webs. Onion
routing is a technique for anonymous communication over a computer network. In an onion network,
messages are encapsulated in layers of encryption, analogous to layers of an onion. The encrypted data is
transmitted through a series of network nodes called onion routers, each of which "peels" away a single layer,
uncovering the data's next destination. When the final layer is decrypted, the message arrives at its
destination. The sender remains anonymous because each intermediary knows only the location of the
immediately preceding and following nodes. There are methods to break the anonymity of this technique, e.g.
timing analysis.
Common Darknet Protocols
• Tor Project
• The Invisible Internet Project (I2P)
• Freenet
• ZeroNet
 Anonymity
• For example Many people don't want the things they say online to be connected with their offline
identities. They may be concerned about political or economic retribution, harassment, or even
threats to their lives. Whistleblowers report news that companies and governments would prefer
to suppress; human rights workers struggle against repressive governments; parents try to create
a safe way for children to explore; victims of domestic violence attempt to rebuild their lives
where abusers cannot follow.
• If the suspect sees traffic coming from your investigation system, they may alter their activity,
start an aggressive cyber-attack, or even destroy evidence. This is one of the most important
things to consider when doing cyber investigations. Especially when investigating systems within
the Dark Web.
Types of VPN Services
• HotspotShield
• Nord VPN
• ProtonVPN
• SurfSharkVPN
• VyprVPN
Cont`
• It has long been believed that IP addresses and Cookies are the only
reliable digital fingerprints used to track people online. But after a while,
things got out of hand when modern web technologies allowed interested
organizations to use new ways to identify and track users without their
knowledge and with no way to avoid it.
• Browser Leaks is all about browsing privacy and web browser
fingerprinting. Here you will find a gallery of web technologies security
testing tools that will show you what kind of personal identity data can be
leaked, and how to protect yourself from this." - browserleaks.com

Type - https://browserleaks.com/geo and see if your device gives up your

actual geolocation or GPS location
Preserving Online Evidence

• Preserving Online Evidence is the critical thing to remember that

keeps the investigation viable. If it is not preserved in a forensically
sound manner, the evidence may be deemed inadmissible in court.
For example, once the evidence is captured, you should hash the data
to ensure the integrity of the data has not been compromised during
the investigation.
• Tying this with timestamps gives more weight to trust. All
investigations should follow a Standard Operating Procedure (SOP) to
provide consistency.
Base Process of Investigations
• Identification
Identification deals with intelligence gathering. Information about the information we need. Information mapping to data sources. What information is needed? Where
to obtain it from? How to seize it? In what order? Pre-seizure/acquisition actions needed. The identification phase should foresee the challenges that will be
encountered during the analysis and presentation phases and try to provide for them. The Identification phase should conclude with an Acquisition Plan.

• Acquisition
Acquisition is the execution of the Acquisition Plan created during the Identification phase. The goal of the acquisition phase is to obtain forensic copies of all digital
data that will be required during the analysis phase. This digital data includes both snapshot and live datasets as needed. All snapshot data sources are seized or
forensically imaged and live data is acquired in a notarized manner. Acquisition phase should conclude with a successful completion of the Acquisition Plan. All digital
data necessary for Analysis should be readily available.

• Analysis
Analysis is the phase in which acquired data becomes digital evidence. Aggregation, correlation, filtering, transformation and meta-data generation are the key
components through which data is analyzed. The way in which the examiner interacts with data will determine if the resulting findings are forensically sound and as
such can be accepted as digital evidence. Analysis phase should conclude with a set of digital evidence enough to cover the needs defined on the Identification phase.

• Presentation
Presentation will involve creating a final report to present the digital evidence obtained and supporting a liturgical process if needed. This report must be a self
contained, self explanatory written document in which all relevant actions taken during the Identification, Acquisition and Analysis phases are reflected. Digital
evidence should be presented along with all the needed detail necessary for an independent examiner to reproduce and validate such piece of evidence. Optionally, a
report can include other sets of information as a copy of the evidence or specific subsets of the data analyzed.
Report
Key things to keep in mind when writing a report.

• Keep a purpose/scope in mind. Always stay within scope.

• Collect the information regarding the investigation.
• Arrange the information into different sections.
• Mind the tone and language.
• Consider the length.
• Keep it simple.
• State accurate facts and only the facts.
• Stay within scope.
• Revise your report as necessary.
Connecting to Tor Network

• Ahmia.fi Tor Search Engine (onion site - requires Tor)URL

For example
• juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion
• asap2u4pvplnkzl7ecle45wajojnftja45wvovl3jrvhangeyq67ziid.onion
Cryptocurrency
• A cryptocurrency (or cryptocurrency) is a digital asset designed to
work as a medium of exchange that uses strong cryptography to
secure financial transactions, control the creation of additional units,
and verify the transfer of assets. Cryptocurrencies use decentralized
control instead of centralized digital currency and central banking
systems.
Tracking cryptocurrency transactions during an investigation
can have significant evidentiary value for several reasons:

• Identifying suspects: Tracking cryptocurrency transactions can be used to identify suspects involved in illegal activities. For example, by
analyzing the transaction history of a certain cryptocurrency address, it is possible to identify the individual or group that controls it.

• Establishing financial connections: Cryptocurrency transactions can be used to establish financial connections between suspects, for
example, by tracing the flow of funds from one address to another, investigators can determine if suspects are working together or if funds
are being laundered.

• Determining the scope of illegal activities: By tracking cryptocurrency transactions, investigators can determine the scope of illegal
activities. For example, by analyzing the volume of transactions and the amounts involved, investigators can determine if a suspect is
involved in large-scale criminal activities.

• Proving intent: Cryptocurrency transactions can be used to prove intent in an investigation. For example, by analyzing the timing of
transactions, investigators can determine if a suspect intended to engage in illegal activities or if the suspect had knowledge of the illegal
nature of their actions.

• Identifying assets: Cryptocurrency transactions can be used to identify assets. For example, by analyzing the transaction history of a certain
cryptocurrency address, it is possible to identify assets, such as property or other investments, controlled by a suspect.

• Providing Digital Evidence: Cryptocurrency transactions can be considered digital evidence, as the blockchain technology that supports
most of the cryptocurrencies creates a decentralized, transparent and immutable ledgers, providing a clear and verifiable record of all the
transactions, making it a reliable and admissible evidence in a court of law.
Cont`
Bitcoin Transactions Can Be Tracked?

• Privacy coins such as Zcash and Monero may serve up problems for
blockchain analysts, however. Zcash & monero uses a technology
called “zn-SNARKS” to hide transaction data, including the sender,
recipient, and amount transacted.
Practical example- demonstration
• Identify three usernames on Dark Market sites selling drugs "Person
of Interest." Document the "products" they are selling, rating if
available, and any forum posts they may have.

mlyusr6htlxsyc7t2f4z53wdxh3win7q3qpxcrbam6jf3dmua7tnzuyd.onion
(darkmarket)
darknetlidvrsli6iso7my54rjayjursyw637aypb6qambkoepmyq2yd.onion/
markets
Soc puppet Accounts
• https://www.fakenamegenerator.com
Dark Web Email Services

• TorBox – Web based email you can only access through Tor

• Type
torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion
Secure Email Services
• ProtonMail is incorporated in Switzerland and all our servers are located in
Switzerland. This means all user data is protected by strict Swiss privacy
laws.
• All emails are secured automatically with end-to-end encryption. This
means even we cannot decrypt and read your emails. As a result, your
encrypted emails cannot be shared with third parties.
• No personal information is required to create your secure email account.
By default, we do not keep any IP logs that can be linked to your
anonymous email account. Your privacy comes first.
https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/
Secure Drop
• is an open source whistle-blower submission system that media
organizations and NGOs can install to securely accept documents from
anonymous sources. It was originally created by the late Aaron Swartz and
is now managed by Freedom of the Press Foundation. Secure Drop is
available in 20 languages.”

• cy6wj77vryhcyh6go576hxycjz4wxlo4s5vevdinkw3armwzty5jozyd.onion
• xp44cagis447k3lpb4wwhcqukix6cgqokbuys24vmxmbzmaq2gjvc2yd.onion
Other Darkweb Link
• V3 Dark Markets
• ASAP Market: https://asap2u4pvplnkzl7ecle45wajojnftja45wvovl3jrvhangeyq67ziid.onion
• Aurora Market: http://aurora7t7en7racqbytspft6myxds25hnczjk56tvqev2bziir74t4yd.onion
• Dark0de: http://darkoddrkj3gqz7ke7nyjfkh7o72hlvr44uz5zl2xrapna4tribuorqd.onion
• Daeva Market: http://77o4j55bt7e53jrso2nuaumj24cory5weaqv7zypbptkxhdfgaxgfvyd.onion
• Dark Leak Market: http://54rdhzjzc4ids4u4wata4zr4ywfon5wpz2ml4q3avelgadpvmdal2vqd.onion
• Duck CVV: http://duckcvvpi4m4s2wyy423nu3wpn6rdvnsm623azwx2cwf6s3fzcutqiid.onion
• Express Pharma: http://xpreen4gwuqhyuraoojs3ca6345gvbtwrusjqmnustgbs7ckikr2mpyd.onion
• Potluck: http://potluckkh2a4nco2imsrxh3yxbgiezggkhu3sc3zuwrxpkrmlpeze2ad.onion
• Smokers Co: http://pt2mftbxeczbzufi2v7b3ekmsun4khq6hi7bdjo7w23fsx3easvr73ad.onion
• Steroid Warehouse: http://swgoodstau5oxhmlopb5m4ti3vmzeh5fhpdn5spmh36npq76ksgupmad.onion
• Tom and Jerry: http://tomjerr2cwoo2icmq2ijvmao2bjkawhtw2c7n6vmzqzomkyqea2o5dqd.onion
• Tor Market: http://rrlm2f22lpqgfhyydqkxxzv6snwo5qvc2krjt2q557l7z4te7fsvhbid.onion
• The Grass Company: http://grass7kk5kkgj7kzfl3m5ln4sljxardcednhjrhwvevt3ztivlzd6wad.onion
• Vice City: http://vice2e3gr3pmaikukidllstulxvkb7a247gkguihzvyk3gqwdpolqead.onion
Any Questions
• Thank you!
 Intelligence
SLIDESMANIA.COM

What comes to mind?

 I’m Nunudzai Mrewa
IT Security Engineer at Twenty8 Labs, Malaysia

Malware Analyst

Researcher
SLIDESMANIA.COM
 Generative AI and Certifications
■ Introduction to AI

■ Benefits, Drawbacks and Use cases of GenAI

■ Certifications and cybersecurity specializations

■ Tools used and skills needed

SLIDESMANIA.COM
 Generative AI
Artificial Intelligence (AI) aims to create machines and software systems
that can simulate, mimic, or replicate human-like intelligence. These
functions can include tasks like natural language understanding, image
recognition, problem-solving, decision-making.
SLIDESMANIA.COM
 Did you know?
Generative AI is a type of artificial intelligence (AI) that can create
new content, such as text, images, audio, and video. It does this by
learning the patterns and structure of existing data, then using
this knowledge to generate new and unique outputs.
SLIDESMANIA.COM
 Artificial intelligence is not a substitute for
human intelligence; it is a tool to amplify human
creativity and ingenuity
SLIDESMANIA.COM

― Fei Fei Lim

 Use Cases of AI
Text Generation
Generate a marketing slogan, catch phrase., you can generate ideas or summarize
news articles, emails and meeting minutes
SLIDESMANIA.COM
 Case Study: Seipone ai

● Seipone AI is an AI company that helps marketers,

brand managers, sales, agency, and customer
experience professionals capture and comprehend
consumer sentiments of Africans.
● Seipone AI uses artificial intelligence to measure
sentiments, separate comments, and identify sales
leads.
● Seipone AI can capture and comprehend 87% of
data that is missed by traditional media tools.
SLIDESMANIA.COM
 Case Study: Leta ai

● Founded in New York and built in Nairobi in 2021

● Leta is a venture-capital backed technology
company that builds supply chain & logistics
software to enable the efficient and automated
movement of goods in Africa
● Leta says it has optimized over 500,000 deliveries,
delivered more than 20,000 tons of goods and
managed 2,000 vehicles
SLIDESMANIA.COM
 Use Cases of AI
Video Generation
SLIDESMANIA.COM
 Use Cases of AI
Audio
LANDR is an AI-powered audio tool that allows you to create, collaborate, master,
distribute, and promote music.

Descript- filler word removal, Clone your voice using overdubbing, transforms
low-quality recordings to studio sound.

Summarise meeting points, and send them to everyone

SLIDESMANIA.COM
 Use Cases of AI
Image Generation
SLIDESMANIA.COM
 Use Cases of AI
Image Generation
Creating visual materials for marketing, poster flier, newsletter, apparel or seeing
how the renovated office will look like
SLIDESMANIA.COM
 Benefits of AI

Increased creativity Improved efficiency Reduced costs

New ideas and inspiration Automate tasks and free Eliminate human labour
up time and supplement
understaffed teams
SLIDESMANIA.COM
 Benefits of AI

Improved decision-making Increased visibility Enhanced Scalability

Provide insights that can Gain visibility into threats GenAI can be scaled to
help security analysts that may not be visible to handle large amounts of
make better decisions human analysts data
SLIDESMANIA.COM
SLIDESMANIA.COM

Image generated by: ideogram ai

 What happens when something we think is
helping us begins hurting us?
SLIDESMANIA.COM

Peter Klimek, Imperva

 Drawbacks of AI

Misinformation Privacy concerns Job displacement

Fake news, create chaos Data harvesting Job replacement in some
industries
SLIDESMANIA.COM
 In 1988, demonstrations took place by a
group of mathematics teachers in the United
States of America to protest against allowing
school students to use calculators in schools.

Source: Washington Post

SLIDESMANIA.COM
 Drawbacks of AI

Complexity Bias Responsibility

GenAI can be complex to GenAI models can be Who is responsible for
implement and manage biased, which can lead to security incidents that
inaccurate results involve GenAI systems?
SLIDESMANIA.COM
Solutions?
SLIDESMANIA.COM
SLIDESMANIA.COM
 Penetration testers
Simulating cyberattacks to identify vulnerabilities and develop
and implement security controls to mitigate these vulnerabilities.

Tools: Metasploit, Burpsuite, Nessus

SLIDESMANIA.COM
 Penetration testers
Certified Ethical Hacker (CEH)

Offensive Security Certified Professional (OSCP)

CGIAC Penetration Tester (GPEN

SLIDESMANIA.COM
 Incident responders
Incident responders are responsible for responding to security
incidents, such as data breaches and malware infections

Tools: EnCase,Volatility,FireEye
SLIDESMANIA.COM
 Incident responders: Certifications
Certified Incident Handler (GCIH)

Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

SLIDESMANIA.COM
 Security architects
designing and implementing security solutions for computer
systems and networks

Tools: Microsoft Threat Modeling Tool,ArchiMate,Visio

SLIDESMANIA.COM
 Security architects: Certifications
GIAC Security Architect (GSEC)

Certified Information Security Manager (CISM)

Certified Information Systems Auditor (CISA)

SLIDESMANIA.COM
 Security managers
responsible for overseeing the security program for an
organization. They work with other stakeholders to develop and
implement security policies and procedures

Tools: GRC software, JIRA, Microsoft Excel for risk analysis

SLIDESMANIA.COM
 Security managers: Certifications
Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

Certified Information Systems Auditor (CISA)

SLIDESMANIA.COM
 Cloud Security Specialists
Securing cloud-based environments, services, and data. They play
a critical role in safeguarding an organization's assets as it
transitions to or utilizes cloud computing platforms.

Tools: AWS Identity and Access Management (IAM),Azure Active

Directory (AD),Cloud Security Posture Management (CSPM)
platforms
SLIDESMANIA.COM
 Cloud Security Certifications
Certified Cloud Security Professional (CCSP)

AWS Certified Security – Specialty

Microsoft Certified: Azure Security Engineer Associate

SLIDESMANIA.COM
 Final Thoughts
Balance is key!
SLIDESMANIA.COM
 Thank you!

Do you have any questions.

SLIDESMANIA.COM
 And the bigger
the better
SLIDESMANIA.COM
 According to Positive Technologies

94% 85% 72%

Attacks compromise Targeted network Adoption of
corporate email equipment Cybersecurity policies
SLIDESMANIA.COM
 Let’s review some facts.

Elephants Pandas Cats

Elephants can sense storms. Pandas don’t hibernate. Cats use their whiskers as feelers.

Dogs Kangaroos Koalas

Dogs can smell your feelings. There are more kangaroos than Koalas are even more lazy than
humans in Australia. cats.
SLIDESMANIA.COM
 This is our team!

Erika V. John S. Marie M.

Lorem ipsum dolor sit Lorem ipsum dolor sit Lorem ipsum dolor sit
amet, consectetuer amet, consectetuer amet, consectetuer
adipiscing elit. Aenean adipiscing elit. Aenean adipiscing elit. Aenean
commodo ligula eget commodo ligula eget commodo ligula eget
dolor. dolor. dolor.
SLIDESMANIA.COM
 This is an editable world map.

Showcase places 100% Editable

You can use maps to show your offices or You can double click on the desired
SLIDESMANIA.COM

markets. Or as charts, highlighting the country and change fill color.

countries and adding your data.
 And this is a timeline or process

Monday Tuesday Wednesday Thursday Friday

Lorem ipsum dolor Lorem ipsum dolor Lorem ipsum dolor Lorem ipsum dolor Lorem ipsum dolor
sit amet, sit amet, sit amet, sit amet, sit amet,
consectetuer consectetuer consectetuer consectetuer consectetuer
adipiscing elit. adipiscing elit. adipiscing elit. adipiscing elit. adipiscing elit.
SLIDESMANIA.COM
 Presenting a website?
If you are presenting a website, an internet product or an app, you can place a
SLIDESMANIA.COM

screenshot of it here.
 Presenting a website?
If you are presenting a website, an internet product or an app, you can place a
SLIDESMANIA.COM

screenshot of it here.
 Presenting an app?
If you are presenting a website, an internet product or an app, you can place a
SLIDESMANIA.COM

screenshot of it here.
 Presenting an app?
If you are presenting a website, an internet product or an app, you can place a
SLIDESMANIA.COM

screenshot of it here.
 Credits.
Presentation Template: SlidesMania

Images: Unsplash

Fonts used in this presentation: Ubuntu Condensed and Catamaran

SLIDESMANIA.COM
Editable Icons
SLIDESMANIA.COM
 Free themes and templates for
Google Slides or PowerPoint

Sharing is caring!
NOT to be sold as is or modified!
Read FAQ on slidesmania.com
SLIDESMANIA.COM

Do not remove the slidesmania.com text on the sides.

 FRAUD AUDIT & INVESTIGATION
VIC FALLS - 2023

SPY CAMERAS AND GADGETS

Secure Digital Space ( Now and Future )

Zimbabwe , September 2023
[email protected]

This report is solely for the use at CRS presentation. No part of it may be circulated, quoted, or reproduced for distribution outside the client organization
without prior written approval from MorniPac Consultants This material was used by MorniPac Consultants during an oral presentation; it is not a complete
record of the discussion. 1
 BOARD COMMITTEE
ICT SECURITY
IDEAL STRUCTURE
CEO

ICT EXECUTIVE
CHIEF INFORMATON
&
SECURITY OFFICER
DIGITAL STRATEGY

Information Security Assets Security Operations & PM

Operations& BCP Planning

Application Risk and
Access Control Network & Incident
Security Compliance
Security Handling
 Some Key ICT Security Challenges

• There is no end to end monitoring( eg: OS, Network, Database)

• No user monitoring of who is doing what Performance degrade -when enabling
Audit
• No control on the data copy and stealing from database/server
• No alert on suspicious activity
• No control on user actions VS details given on change/incident systems
• No automated password rotation
• No firewall restriction/Any one can login from any server
• No view on who has access to which server Compliance / Risk control
 “CYBER FRAUD SUMMIT”
CYBER SECURITY | CYBER FINANCIAL CRIME
Detection, Prevention, Investigation, and Reporting
Sprayview Hotel | Victoria Falls| 18 – 22 September 2023
Dr. Whisper Rukanda|+27 73 635 5777 | +263 772 410 555 |
[email protected]
2
MORNIPAC CONSULTANTS
PLANNING AND CONDUCTING AN INVESTIGATION

PRESENTER – DR J FARAI MUSAMBA

JFM 3
Agenda
1.Economic crime

2.Accountants and fraud

3.The Fraud triangle

4.Auditing and fraud prevention

5. Agile accounting and auditing

6.Unusual methods of investigating

7. Fraud prevention and investigation plan

JFM 4
Economic crime
• Economic crime refers to illegal acts committed by an individual or
group of individuals to obtain a financial advantage.

• Economic crimes are also referred to as financial crimes.

JFM 5
ECONOMIC CRIME

Economic crimes cover a wide range of crimes. These include:

• Money laundering
• Swindling and fraud
• Corruption
• Intellectual property crime
• Environmental crime
• Unfair trading practices
• Cybercrime

JFM 6
FRAUD

• Fraud is a major economic crime.

• Fraud is a knowing misrepresentation of the truth or concealment of

a material fact to induce another to act to her detriment.

• Fraud is a wide range of crimes that include Asset misappropriation,

Corruption and Financial statement misrepresentations

JFM 7
Fraud cntd
Businesses and governments suffer from various forms of fraud. This
fraud can be defined as:
• Occupational fraud- fraud perpetrated by those who are employed by
the organisations they defraud

• Non-occupational fraud- fraud perpetrated by persons who are

external to the organisations

JFM 8
The cost of fraud
• Fraud is endemic today and it is a major cost to :

• Business
• Society
• Governments and
• Individuals

Prevention of fraud is therefore a significant occupation today

JFM 9
 ACCOUNTANTS AND CYBER CRIME

Accounting in the cyber environment must adapt in order to meet the

challenges in the new environment..

Cyber security is a major threat for business, thus:

-Accountants must have in place cyber security practices to protect the

business and its clients

-Accountants must continually evaluate vulnerabilities and the need to

implement new internal controls to close any data security gaps.

-Accountants must assess the need for improved accounting information

technology in the business.
JFM 10
WHO COMMITS FRAUD?
• Research seems to suggests the following:

• Some people are honest all the time.

• Some people are dishonest some of the time.

• Most people are honest some of the time

• Some people are honest most of the time

JFM 11
 THE FRAUD TRIANGLE

▪ To fight fraud we need to understand the

motivations for fraud.

▪ The fraud triangle is the theory most used to

understand the motivations for fraud.

▪ The three elements must be present for fraud to

occur.

JFM 12
THE FRAUD TRIANGLE

Opportunity Pressure

Rationalization

JFM 13
The Fraud triangle- Pressure

External pressures:

-Debt

-Greed

-Lifestyle pressures

-Illicit pressures-vices, gambling, drugs

Internal pressures:

-Pressure to perform

-Too much work

JFM 14
The Fraud triangle- Opportunity

Internal controls:
-Not in place
-Not enforced
-Not monitored
-Not effective

No segregation of duties

Too much trust

Poor tone at the top

JFM 15
Fraud triangle- Rationalization

-I don’t get paid what I am worth

-Everyone else is doing it

-If they don’t know I am doing it they deserve to lose the money

-I am just borrowing- I intend to pay back

-Nobody will miss the money

-The organisation is big enough to survive this

JFM 16
Fraud diamond

Rationalization
Opportunity

Pressure
Capability

JFM 17
FRAUD DIAMOND
In addition to the three elements a fourth element can also be added.
-This element has to be there if the fraud must take place.
-This element is capability.
-The theory says , in addition to the three elements being present, fraud
would still not take place if the would-be perpetrator has no capacity to
pull it off.

JFM 18
THE FRAUD PENTAGON

Opportunity Rationalization

Pressure Capability

arrogance

JFM 19
 THE FRAUD PENTAGON

-A further element can be added to the four elements above.

-This fifth element, to make up the Fraud pentagon is

“Arrogance”

-It depicts the way that the person thinks he can get away with it.

-The person thinks he has the capacity to cheat and not be caught.

JFM 20
 FRAUD PREVENTION

To prevent fraud, the basic thing to do is to use the Fraud

triangle, the fraud diamond and the fraud pentagon.
It is important to ensure that one or more of the elements in
these theories is (or are) not present in a situation.
For instance, if the opportunity is removed, perhaps by
ensuring sufficient internal controls, fraud is unlikely to take
place. Like wise one or two of the other elements can be
removed with the same effect.

JFM 21
Fraud prevention

• One of the key ways to prevent fraud is to pay attention to the red
flags.

• Early detection of fraudulent behavior will limit the damage from

fraud.

JFM 22
Whistleblowing
• Whistleblowing is one of the most used methods of detecting and
preventing fraud.

• Whistleblowing is the term used to describe a person, usually a

worker, who reports certain wrongdoings in the company. The
wrongdoings disclosed must be of public interest.

• The wrong doing is usually, but not always, what one would have
witnessed.

JFM 23
ACCOUNTING AND AUDITING
• Accounting and auditing are important in the prevention of fraud.

• Auditing can be internal or external auditing

• The stages of auditing:

• Selection
• Planning
• Conducting fieldwork
• Reporting results
• Following up on corrective action

JFM 24
ADVANTAGES OF AUDIT
• Assurance to stakeholders
• Fair evaluation
• Fraud identification
• Moral policing
• Credibility
• Overall improvement
• Compliance
• Helps in building a good reputation

JFM 25
CHALLENGES FACED BY AUDITORS
• Revenue recognition
• Fraud
• Inventory inaccuracy
• Information delays
• Talent retention & development
• Job stress
• Outdated skills

JFM 26
ACCOUNTING AND FRAUD PREVENTION

• Accounting plays an important part in fraud prevention

• To prevent fraud accounting systems are supposed to be fit for purpose.
• It must be agile so as to move at the speed at which the perpetrators
move.
• Agile accounting is an approach to how accounting teams work and
create value. Its aim is to provide higher value support to business
leaders to improve operations and set future strategy.
• Agile accounting attempts to move away from the rigid, stagnant and
manual ways of working to a more responsive mode that takes into
account changes that come in play from time to time.
JFM 27
PRINCIPLES OF AGILE ACCOUNTING
The principles of agile finance:
• Focus on the delivery of value over the completion of pre- planned
tasks. (the breaking down of work into small chunks to facilitate quick
and continuous delivery of value helps in this regard)

• A focus on continuous improvement through iterative delivery and

continuous feedback

JFM 28
 AGILE AUDITING
o Agile auditing is mainly used in internal auditing.
o It is used to develop an audit plan that is able to respond to change.
Change could be a result of new risks emerging or business priorities
changing.
o Example: Internal auditors can focus on the highest priority risks
giving it all the attention- when that sprint is completed the auditor can
now look at the backlog of tasks that relate to the other risks.

JFM 29
 ADVANTAGES OF AGILE AUDITNG

o The advantages of agile auditing include:

o Better team collaboration
o Faster reporting
o Ability to adapt faster throughout the audit
o Better understanding of the organization’s risks- focusing on the
highest business risks forces the company to fully analyse its risks
and prioritize them.

JFM 30
Disadvantages of agile methodology
• Less predictable
• More time and commitment
• Greater demands on developers and clients
• Lack of necessary documentation
• Projects easily fall of track

JFM 31
DIFFERENCES BETWEEN AGILE AND TRADITIONAL
METHODS
• Agile internal audit focuses on value and not audit objectives

• Traditional audits focus on defining audit objectives during the

planning phase; while

• Agile IA defines the value to pursue during the audit engagement up

front

JFM 32
Fraud investigation
• Once fraud has occurred and been detected, it must be investigated.

• Investigation enables appropriate action to be taken.

• Taking action publicly helps to show zero tolerance of fraud and helps
in preventing future frauds

JFM 33
Fraud investigation
• To effectively investigate, one must create a fraud investigation model.
• The model will give you a structure to follow when dealing with allegations
of fraud
• The model will influence the fraud investigation plan .

• To complete the investigation one must,

-Perform an initial evaluation
-Make an investigation plan
-Conduct the investigation.

JFM 34
Fraud investigation
Components of the Fraud investigation plan include:
• Summary of the complaint
• Legal theories
• Investigations strategy and expected sources of evidence
• Required resources
• Milestones and timelines
• Expected report dates.

JFM 35
Components of a Typical Fraud
investigation Plan
Defining the objective & Crystallization of the terms of reference

Evidence Collected Indirectly

Documentary Tests & Interviews
Evidence Collected Indirectly:
Field Audit & Physical Checks (Optional)

Digital Analysis of Relationships & Trends

Sting Operations / Decoy Traps / Investigators 'Bluff
(Optional)
Confrontation Interviews (with legal
clearance)

Evaluation of Evidence

Reporting
JFM 36
Fraud investigation process
• Fraud investigation examines the evidence to determine whether or
not a fraud occurred, how it occurred, who was involved and the
value of the loss.
• The theory approach can be used in investigating allegations.
• The approach is based on:
-analyzing the data
-Creating a hypothesis,
-testing the hypothesis and
-refining the hypothesis

JFM 37
 Principles of internal investigations

1. Be fair and objective

2. Do not pre-judge

3. Avoid the appearance of bias

4. Plan and outline the investigation before starting

5. Investigate promptly

6. Keep the investigation separate and independent from the stakeholders

JFM 38
 Principles of internal investigations cntd.

7. Never mislead a witness

8. Protect confidentiality
9. Protect reputations
10. Investigate alleged acts of retaliation
11. Seek every witness’s cooperation
12. Reach a conclusion

JFM 39
EXPERT WITNESS
• Sometimes your investigations will result in you being asked to be an
expert business in court
• An expert witness is anyone with :
• Knowledge
• Experience and
• Authority
• In, or of a particular discipline beyond that of a layman
• Affiliation with a reputable organisation is also considered as
important for an expert witness
JFM 40
DUTY OF EXPERT WITNESS
• The expert witness’s duty is to give the trier of fact an impartial
expert opinion on particular aspects within his or her area of
expertise.
The expert witness should:
• Be truthful as to fact
• Thorough in technical reasoning
• Provide his honest opinion and
• Ensure that the report is complete

JFM 41
CHARACTERISTICS OF EXPERT WITNESS
• Clear communication- witness can succinctly explain complex topics

• Coachability- witness is open to and accept feedback

• Confidence- witness should have the ability to overcome a difficult situation confidently

• Candor- witness is candid and can fairly assess the merits of a case

JFM 42
SUCCESS FACTORS AS AN EXPERT WITNESS
• Expert witness must be qualified

• Testimony should address the matter to assist the trier of fact

understand the issue

• The testimony must be reliable

• The testimony must fit the facts of the case

JFM 43
THANK YOU

JFM 44
References
• M Chigondo – MorniPac Training Presentations
• A Vesterinen- Tips on how to manage whistleblowing
cases(2020)
• https://smallbusiness.chron.com
• https://blowthewhistle.com
• W Rukanda – MorniPac Training Presentations
• M Ehlers – basic principles of investigations,2017, Kroll
• International Institute of Certified Forensic Accountants Inc.
USA – (2016) Certified in Fraud and Forensic Accounting
Study Guide JFM 45
OPEN SESSION THANK YOU

[email protected]

JFM 46
 CYBER FRAUD SUMMIT
VIC FALLS - 2023
SUMMIT HIGHLIGHTS
The Fifth Industrial Revolution
BIG DATA
Cyber Security
Cyber Safety
Secure Digital Space ( Now and Future )
Zimbabwe ,Sept 2023
[email protected]

This report is solely for the use at CRS presentation. No part of it may be circulated, quoted, or reproduced for distribution outside the client organization
without prior written approval from MorniPac Consultants This material was used 1 by MorniPac Consultants during an oral presentation; it is not a complete
record of the discussion.
Nuggets & Reminders
3
• Major Assignments Employment Experience
•Qualifications ( Whisper Rukanda ( PhD )) • Bank Launch ∙MorniPac – Chief Operating Officer ( Retail,
•Diplomas + 8 ( Management, Leadership, Supervisory ) • Retail Set-up Telecoms, Banking and SOEs)
•Higher Diploma in Computer Science • 10 Key Systems ∙Barclays Bank Africa – Program Manager /
• Forensic Auditing Technical Delivery Consultant
•Bachelor of Business Studies Honours - UZ • VAPT and Revenue Assurance ∙MorniPac Consultants – Executive Consultant/
•Masters in Business Leadership - Unisa • Governments / State Advisory, NGOs Projects Executive
•Masters of Science in Information Systems & Technology – Professional Affiliations ∙Standard Bank Africa – Business Consultant /
Technion Israel • Forensic Society – USA Business Systems Interfaces
• Certified Forensic Examiner – Oxygen Forensics ∙Bluequest International – Regional Director
•Master of Science in Managing Complex Projects – MIT Boston
• Member of PMI – UK institute of Project ∙Plus Financial Holdings – Executive Director
•Doctorate in Information Systems & Technology, Information Management (Business & ICT Strategy)
Technology – Rocklands, USA • Member of the OWASP Center for Vulnerability ∙eTranzact Zimbabwe – Managing Director
•Certifications Assessment ∙Kingdom Bank – Group Projects Head /
•Certified Forensic Investigator (Paraben Commander II) USA • Associate of the Certified Ethical Hackers Institute. General Manager ICT
• Member of Computer Society of South Africa ∙Chemplex Corporation – Group MIS Manager
•Paraben Certified Mobile Examiner ( PCME ) • Associate Member – Computer Society of and Old Mutual PC Specialist
•Paraben Certified Forensic Examiner ( PCFE ) Zimbabwe
•Certified Project Manager – PMI UK
•Certified Digital Forensic Expert (CDFE) - USA Publications
•Certified Information Security Auditor (CISA) - USA ∙Leading Knowledge Management – Using information technology services for organizational benefit in
•Certified Ethical Hacker (CEH) – USA times of extreme uncertainty – PhD Thesis
• Certified Fraud Auditor (CFA) – IIAFA- USA ∙Using technology to Bring Service to the People - Masters in Business Leadership
∙Streamlining Supply Chain Management with Business to Business Marketing: A study focusing on
•Licensed Penetration Tester
advancing delivery by reducing leaks in addition to shrinkages and harnessing links, integration and
•Certified Forensic Examiner ( CFE ) relationships – MSc Information Systems and Technology
• Accredited Real Facilitator – REAL CONSULTING RSA ∙Strategic Information Systems Management – Selected Text for ICSAZ Computing Course
∙Dynamics of ICT – A case study of the Zimbabwean ICT environment 2010
∙Youth Guide – A Guide to Youth development and Growth in an extremely uncertain environment
∙Leadership Development Manual and Handbook – 2009
∙ICSAZ – Strategic Information Technology Handbook and Publication – ICSAZ – Dynamics of ICT –
Vic Falls – Zimbabwe 2010
∙Project Management Handbook for ICT and Business Projects.
Technology owes ecology
an apology
• “Fraud prevention and
detection is like a
mortal’s need for air.
When it’s present, it’s
never noticed. When it’s
missing, it’s all that’s
noticed”
• Author: Unknown

Cyber Security in the Financial Services Sector

Technology owes ecology an apology

Cyber Security in the Financial Services Sector

 The Revolution Is Just Beginning

Reach and Richness

Reach - The number of people receiving or exchanging
information.
Richness - The bandwidth (capacity) customization and
interactivity of information.

The ultimate example of probably the best way to

accomplish this is: ……??????
 Critical Thinking Exercise
There are 5 different color houses, occupied by people of 5 different nationalities, who
smoke 5 different cigar brands, drink 5 different types of alcohol, and have 5 different
pets. The houses are lined up in a row.

1. The Brit lives in the red house.

2. The Swede keeps dogs as pets.
3. The Dane drinks tea.
4. The green house is on the left of the white house.
5. The green house’s owner drinks coffee.
6. The person who smokes Pall Mall rears birds.
7. The owner of the yellow house smokes Dunhill.
8. The man living in the center house drinks milk.
9. The Norwegian lives in the first house.
10. The man who smokes Blends lives next to the one who keeps cats.
11. The man who keeps the horse lives next to the man who smokes Dunhill.
12. The owner who smokes Bluemasters drinks beer.
13. The German smokes prince.
14. The Norwegian lives next to the blue house.
15. The man who smokes Blends has a neighbor who drinks water.

QUESTION: WHO OWNS THE FISH?

http://www.zone-h.org/?hz=1

https://the-dark-web.com/dark-web-links/

osforensics download

Cyber Security in the Financial Services Sector

The Need of A Knowledge Accelerator

SOCIETY

NATURE

We need to create a
techno-socio-economic-ecological knowledge
accelerator - a kind of multi-disciplinary Apollo
project that uses current and future ICT
developments to address the challenges of
12
 Using the Internet
Strategically
HIG
Customer connectivity / competition /

H
Product and
Global Market
Service
External Drivers

Penetration
Transformation
technology

Performance
Cost and
Improvement in
Efficiency
Business
Improvements
Effectiveness
LOW collaboration / information and HIG
applications H
requirements / cost containment
Internal Drivers
ICT Review, health check ( VAPT )
and Ascertainability Assessment
 Macro Solution Scope – E.G banking system
Volumes Core Banking Key Systems Description

Current Current FCUBS 12.x Commercial: Bills & Coll, Deposits,

C Term Deposits, Lending e.g. overdraft,
loans
Retail Corporate Corporate B (550-600 Logged In
Banking Banking Users) o , Funds Transfers, Electronic Payments,
Retail: Teller, Term Deposits, Consumer
Retail (550 – 600 Logged In Users) r Lending, Funds Tfr, Electronic Payments
• 400,000 • 10,000
e Vision Plus Credit Cards
Growth FCUBS Sizing
Custome Customers In-House New Trade Finance New Trade Finance Application being
rs 650 Total Active Users B System delivered by BAGL CIB Project Pangea
• 16,000 (Includes 256 Active Tellers)
• 100,000 CASA a Front Arena Treasury
GCP Cash & Liquidity
CASA • 2,000 n
C
Barclays.Net Corporate Internet Cash Mgmt
BFG Corporate File Gateway
• 27,000 Loans kh
BARX Africa/ BARX FX Corporate FX
TDs 9 • 700 TDs ai BIR Retail Internet
per day Supported Channels
• 53 Bills n NPC / EBC ATM Acquirer / 123 Cards Issuance
• 26,000 n
Loans • 400 GLs Customer Communications g IVR Interactive Voice Response

e MS CRM Complaints, Service Requests

?per day O
l MERIDIAN+SAG+VRISK BANK SWIFT Payments, Payments
6,200 Funds Transfer per day t Switch and Sanctions Engine
s
Fax Phone/SMS/IVR Post h DALTEX Clearing
700 ATM Txns per day
Internet Front End e BNE Notifications Engine
eStatements Generator TBC eStatements Formatter (Retail & Corp)
215 POS Txns per day
Capacity FCUBS Sizing Cash r Striata Secure Email Push
FX Trade Retail
10 Mgmt S
• IVR Txns per dayContracts Xerox Paper Statements Printing
Average Daily
u EDS /Didograph Cheque Book Printing
(Incl. Loans) 39,000 OEDQ/Fortent/KAMLS Sanctions / AML/ KYC
p
• Current Saving & Deposits Physical Channels
p
BOC Liabilities Retail Cust / CASA Onboarding
BOC Assets Retail Cust / Loans / Cards Onboarding
274,000
o Instinct Application Fraud Detection
• Data Retention 24 months r TSM/CRSA Application Decisioning
from Branch & Channels, 60 Operations &
ATM Branch Contact t Debt Manager/CRSA Debt Collections & Recoveries
months for rest of contracts
350 105
Centre
2 i UAE Data Repository In-Country MI & Reporting
Africa/ UAE Data Warehouse Regional MI & Reporting
n
SAP GL Reporting
g
Impact System Deployment + usage of existing S Interface Only
Integration system + Integration y
s
t
e
m
s
 Solution in Use Scope

FCUBS: core banking functionality utilised

Trade Finance Strategy is to

Channel build new in-house solution.
Internet Telephone/
Mobile Tablet ATM POS Branch
/ Web IVR
Developmen
Integration Integration Gateway
ATM POS IVR Interfaces
t Interface Interface Interface BIC Directory
Development Upload
Tools Current Account Origination Credit Line Origination Letter of Credit Origination
Workbench Market Data Feeds
Testing
Savings Account Origination Retail Loan Origination
Workbench Workflow & Intermediary Portal
Business Term Deposit Origination Commercial Loan Origination
Postcode Finder
Process
Process Framework Base Email (SMTP)
Automation
Interface
Deposit Lendin Trade Treasur Telco - SMS
Current &
sSavings Retail & SME
g Loan Trade Finance
Finance Front Arena / BARX
Foreign y
Gateway
Loans Syndication Document
Letters of Credit Securities Management
Exchange
Term Deposits Mortgages Microfinance System
Product Bills & Money Market SWAPS & FRAS
Corporate Commercial Collections Output Management
Processing Deposits Loans ETD Derivatives
Asset Credit Bureau/
Modules GCP Debt Manager Management Credit Rating
Cash Collections & Interface
OTC Derivatives Customer Blacklist
Management Recoveries Data Interface
Transaction Nostro Standing Payments &
Funds Transfer
Electronic Rate Feeds
Services Reconciliation Instruction Collections Messaging
Payment & Clearing
Xcelerate Networks
Shared Services Expense Relationship
Fixed Assets
Inventory Safe Deposit
Processing Pricing Management Box Debit Card Interface

Ledger & Product Pricing Customer Limits & Role Based SWIFT Alliance
Base Services Accounting Rules
Intermediary
Information File Collaterals
Clearing
Security Oracle IDM
Connector
Management Operational Customer Data Regulatory
Retail Liabilities Retail Assets Standard Operational Reporting System
Reporting Reports Reports Reporting
Statements Extracts
Regulatory Reporting Interface
Data Mart Data Mart Reports
Information Server Base BAM Dashboards Advices & Alerts Tax Reporting

FCUBS Required FCUBS Not Required FCUBS Base Module Standard Shared Solutions
Module 1: Introduction
Module 2: Computer Forensic Incidents
Module 3: Investigation Process
Module 4: Disk Storage Concepts
Module 5: Digital Acquisition & Analysis
Module 6: Forensic Examination Protocols
Module 7: Digital Evidence Protocols
Module 8: Computer Forensics Investigative Theory DIGITAL FORENSICS
Module 9: Digital Evidence Presentation
Module 10: Computer Forensic Laboratory Protocols
Module 11: Computer Forensic Processing Techniques
23 – 27 October 2023
Module 12: Digital Forensics Reporting CERTIFICATION TRAINING
Module 13: Specialized Artifact Recovery
Module 14: e-Discovery and ESI
We also Certify
Module 15: Mobile Device Forensics DIGITAL FORENSIC EXAMINER
Module 16: USB Forensics DIGITAL FORENSIC SPECIALIST
Module 17: Incident Handling DIGITAL FORENSIC ANALYST
DIGITAL FORENSIC EXPERT
 Some Key ICT Security Challenges
• There is no end to end monitoring( eg: OS, Network, Database, Data)
• No user monitoring of who is doing what?
• Absence of enabled ICT Audit
• Absence of control on the data copying and stealing from database/server
• No alert on suspicious activity ( Exceptional Logs not Reviewed )
• No control on user actions VS details given on change/incident systems
• No automated password rotation ( Dept may use same password )
• No firewall restriction/Any one can login from any server
• No view on who has access to which server Compliance / Risk control
• There is need for Data Cleansing
• ICT Resources not Certified in area of work assigned.
 Some Key ICT Security Challenges
• Most Policies are Not Signed and Adopted
• Some Policies, Rules, Procedures, Standards and
Guidelines Still under Development
• No Signed Data Policy
• No Incident Response Team or BCP
• No comprehensive UAP
• Policies not operationalised ( no DR Servers )
• Data not clean
• No Staff Skills Matrix and Career Dev, Plans
• No Segregation of Duties
COMMON KEY SERVICE PROVIDERS SHORTCOMINGS
ERP system NOT integrated
- No standards and certifications
- Licensing Expiry ( Pirated Software Used )
- Human Resource Skilling ( No SMEs )
- Systems Integration (Departmental Silo of Systems )
- Vendor Management ( Unsystematic, No profiling, no Rating)
- BANKS Too Manual
- Data in bad state ( Data need Cleansing)
- ICT Upskilling / Development plan absent
- Poor Project Management or no Methodology
- No Business Continuity / DRP Sites
- No Digital Transformation Strategy
Digital Forensics and Other
Related Disciplines
• Forensics investigators often work as part of a
team, known as the investigations triad

24
 3 Eras of Fraudulent Activities
• Paleolithic Era
• Centered on cash and evading taxes
• Fraud schemes involved alcohol, gambling, prostitution and drugs

• Neolithic Era
• “Accountants could steal more than mobsters”
• Included cash heavy business to conceal proceeds

• Geek-olithic Era
• Computers or network of computers involved
Money
Power
Control
Publicity
Revenge
Crackers
Learning ,
Future protection/Penetration
testing
Or Just to do it!
26
 Cyber Power
Cyber power ( IR4 to Industry 5.0 )
At the heart of strategy should be the concept of cyber power, which can be
defined as the ability of a state to protect and promote its interests in and
through cyberspace. There are 5 broad dimensions of cyber power which align
to the pillars of this strategy
1. The people, knowledge, skills, structures and partnerships
2. The ability to protect our assets through cyber security and resilience
3. The technical and industrial
4. The global influence, relationships and ethical standards
5. The ability to take action in and through cyberspace to support
national security, economic wellbeing and crime prevention. - laws

Cyber Security in the Financial Services Sector

 Cyber Power
▪ Cyber power is distinct from more traditional forms of power. It involves
seamlessly blending hard capabilities and softer levers of influence. It is
more distributed and governments must work with partners in order
to attain and exercise it. And the pace of technological change means
that it can be gained and lost more quickly, as previously cutting edge
capabilities are rendered obsolete by new advances.
▪ Organizations strategy should reflect this, describing how they will work
with partners wherever they can as part of a whole-of-society effort.
Doing more to address problems upstream and fix root causes, anticipate
future trends and put in place long-term responses, and be more active in
shaping rather than responding to the contested geopolitical environment

Cyber Security in the Financial Services Sector

 Cyber crime and financial crime
• The difference between cybercrime and financial crime?

• But not all of these crimes have a financial motivation.

• Cyber-enabled financial crime is a smaller subset of cybercrime and includes crimes with a financial end-goal: ransomware, sextortion schemes, identity theft, money
laundering, etc.

• There are some types of cybercrime, such as the theft of intellectual property that are trickier to categorize.

• What are the types of financial crimes?

• • FC may involve fraud (credit card fraud, corporate fraud, securities fraud (including insider trading), bank fraud, payment (point of sale) fraud etc.); theft; scams or
confidence tricks; tax evasion; identity theft; money laundering; and counterfeiting, including the production of Counterfeit money and consumer goods.

• How can we defend against cybercrime and fraud?

• Current cybercrime and fraud defenses are focused on point controls or silos but are not based on an understanding of how criminals actually behave. For example, if banks
improve defenses around technology, crime will migrate elsewhere—to call centers, branches, or customers.
 Reasons for doing Cyber Crime
• Fame
• Reputation for Intelligence
• Financial
• Revenge on someone they hate
• Protest
• Pursue criminal activities
• Steal identity

• Forge document and messages

 Two sides of the same Coin
ty
Cy
ber e c uri
Cri be rS

Cyber Crime
m e Cy
Cyber Security

Decrease in broken software =

Increase in good software
 How is cyberspace experienced?
• Cyberspace is, by definition, a ‘shared’ space and its scale and
complexity means that every person’s experience of it is unique.
Citizens access cyberspace when they check their bank accounts online
or stream a film at home.

• Businesses use cyberspace to connect their staff with the resources

they need, whether this is access to information or control over a
manufacturing process.

• Governments provide public services to their citizens using online

portals.

• Cyber professionals look ‘under the hood’ at the technology, standards

and protocols that make it all ‘just work’ for users. All these groups use
cyberspace in different ways and for different purposes, and we are all
making an ever-greater use of it.
 Layers of
•
Cyberspace
Cyberspace can be described in terms of three layers:

• Virtual

• The part of cyberspace most people experience. It consists of representations of people and organisations through a virtual identity
in a shared virtual space.

• Virtual representations could be an email address, user identification, a social media account or an alias. One person or one
organisation can have multiple identities online. Conversely, multiple people or organisations could also create just a single, shared
identity.

Cyberspace can be described in terms of three layers:

Virtual
The part of cyberspace most people experience, consists of representations of people and
organizations through a virtual identity in a shared virtual space.
Virtual representations could be an email address, user identification, a social media
account or an alias. One person or one organisation can have multiple identities online.
Conversely, multiple people or organizations could also create just a single, shared identity.
Layers of Cyberspace
 What are the main types of Financial
Crime?
Financial crime is commonly considered as covering the following
offences:
• Fraud
• Electronic Crime
• Money Laundering
• Terrorist Financing
• Bribery And Corruption
• Market Abuse And Insider Dealing
• Information Security
 Who Commits Financial Crime
There are essentially seven groups of people who commit the various types of financial crime:
• Organized criminals, including terrorist groups, are increasingly perpetrating large-scale frauds
to fund their operations.
• Corrupt heads of state may use their position and powers to loot the coffers of their (often
impoverished) countries.
• Business leaders or senior executives manipulate or misreport financial data in order to
misrepresent a company’s true financial position.
• Employees from the most senior to the most junior steal company funds and other assets.
• From outside the company, fraud can be perpetrated by a customer, supplier, and contractor
or by a person with no connection to the organization.
• Increasingly, the external fraudster is colluding with an employee to achieve bigger and better
results more easily.
• Finally, the successful individual criminal, serial or opportunist fraudsters in possession of their
proceeds are a further group of people who have committed financial crime
 Issues for you to solve
▪ Ignorance of technology vulnerability
▪ Chaos and confusion – Mob mentality
▪ Hunger for more technology
▪ Google Glasses
▪ Wrist tool
▪ Automobile computers…etc
▪ The more we have, the more we rely on it, the more vulnerable we become!
▪ We want to trust the technology but cannot
▪ CANNOT trust any site, access or person
▪ We act on emotion not thought
▪ We cannot see the danger
▪ Anti Virus protection is about 35% effective unless updated daily and then
only 75%
▪ We are arrogant about what we want to do
▪ No or little compliance by businesses
▪ Target…et. al.
▪ We seem not to learn from the past
▪ IPv6 – the future or not?
 Digital Forensics and Other
Related Disciplines
• Vulnerability/threat assessment and risk
management
• Tests and verifies the integrity of stand-along
workstations and network servers

• Network intrusion detection and incident response

• Detects intruder attacks by using automated tools
and monitoring network firewall logs

• Digital investigations
• Manages investigations and conducts forensics
analysis of systems suspected of containing evidence
38
 Preparing for Digital
Investigations
• Digital
investigations
fall into two
categories:
• Public-sector
investigations
• Private-sector
investigations

39
 Following Legal
Processes
• Digital Evidence First Responder (DEFR)
• Arrives on an incident scene, assesses the situation,
and takes precautions to acquire and preserve
evidence ( 6 S of Crime Scene )

• Digital Evidence Specialist (DES)

• Has the skill to analyze the data and determine when
another specialist should be called in to assist

• Affidavit - a sworn statement of support of facts

about or evidence of a crime
• Must include exhibits that support the allegation

Guide to Computer Forensics

and Investigations Fifth 40
Edition
 Understanding
Private-Sector
Investigations
• Private-sector investigations involve private
companies and lawyers who address company
policy violations and litigation disputes
• Example: wrongful termination

• Businesses strive to minimize or eliminate

litigation

• Private-sector crimes can involve:

• E-mail harassment, falsification of data, gender
and age discrimination, embezzlement, sabotage,
Guide to Computerand industrial espionage
Forensics
and Investigations Fifth 41
Edition
 Understanding
Private-Sector
Investigations
• Businesses can reduce the risk of litigation by
publishing and maintaining policies that
employees find easy to read and follow
• Most important policies define rules for using
the company’s computers and networks
• Known as an “Acceptable use policy”

• Line of authority - states who has the legal right

to initiate an investigation, who can take
possession of evidence, and who can have
access to evidence
Guide to Computer Forensics
and Investigations Fifth 42
Edition
 Understanding
Private-Sector
Investigations
• Business can avoid litigation by displaying a
warning banner on computer screens
• Informs end users that the organization reserves
the right to inspect computer systems and
network traffic at will

Guide to Computer Forensics

and Investigations Fifth 43
Edition
 Understanding
Private-Sector
Investigations
• Businesses are advised to specify an authorized
requester who has the power to initiate
investigations

• Examples of groups with authority

• Corporate security investigations
• Corporate ethics office
• Corporate equal employment opportunity office
• Internal auditing
• The general counsel or legal department
Guide to Computer Forensics
and Investigations Fifth 44
Edition
 Understanding
Private-Sector
Investigations
• During private investigations, you search for
evidence to support allegations of violations of a
company’s rules or an attack on its assets

• Three types of situations are

common:
• Abuse or misuse of computing assets
• E-mail abuse
• Internet abuse
• A private-sector investigator’s job is to minimize
risk to the company 45
 Preparing a Digital
Forensics Investigation
• The role of digital forensics professional is to gather
evidence to prove that a suspect committed a crime
or violated a company policy
• Collect evidence that can be offered in court or at a
corporate inquiry
• Investigate the suspect’s computer
• Preserve the evidence on a different computer

• Chain of custody
• Route the evidence takes from the time you find it
until the case is closed or goes to court

Guide to Computer Forensics

and Investigations Fifth 46
Edition
 An Overview of a Computer
Crime
• Computers can contain information that helps law
enforcement determine:
• Chain of events leading to a crime
• Evidence that can lead to a conviction

• Law enforcement officers should follow proper

procedure when acquiring the evidence
• Digital evidence can be easily altered by an overeager
investigator

• A potential challenge: information on hard disks might

be password protected so forensics tools may be need to
be used in your investigation

Guide to Computer Forensics

and Investigations Fifth 47
Edition
 Revenue Assurance – Fraud Management

Detect Correct
GProcess

Delete
Prevention
(Investigation) Distract Defer

Detect
GProcess

Delete Distract /
Defer
49
 Back Tracing
• Elements of a back trace
• end points
• intermediate systems
• e-mail and packet headers
• logs

• Objective: to get to a dial-in POP

• The only messages that can’t be back traced are those

using a true anonymizer and those where no logs are
present
 Enabling Relationships

TELCO LOGS ISP’s LOGS

DIAL

INTERNET

OUR LOGS PENETRATE

HOST

ATTACK VICTIM
 Obtaining Subpoenas
• Notify involved organization that you are going to
subpoena and request that they preserve evidence -
find out who to deliver the subpoena to

• File John/Jane Doe lawsuit with an emergency order to

subpoena appropriate records

• Subpoena the logs you need

• Get everything you can on the first pass
• May need depositions
Requirements for Logs to be
used as Evidence
• Must not be modifiable
• Spool off to protected loghost
• Optical media
• Backups

• Must be complete
• All superuser access
• Login and logout
• Attempts to use any controlled services
• Attempts to access critical resources
• E-mail details

• Appropriate retention
 Tracing E-Mail Headers
(3) Received: from mailhost.example.com
([XXX.XXX.178.66])
by smtp.exampl.com; Sat, 12 Sep 1998 15:25:54 -0700
(2) Received: from web03.iname.net by mailhost.example.com (AIX 3.2/UCB
5.64/4.03) id AA07400; Sat, 12 Sep 1998 15:31:55 -0700
(1) Received: (from root@localhost) by web03.iname.net (8.8.8/8.8.0) id
SAA29949; Sat, 12 Sep 1998 18:25:13 -0400 (EDT)
Date: Sat, 12 Sep 1998 18:25:13 -0400 (EDT)
(4) From: fake user [email protected]
Message-Id: <[email protected]>
Content-Type: text/plain
Mime-Version: 1.0
To: [email protected]
Content-Transfer-Encoding: 7bit
Subject: This is a forged e-mail message
 Performing the Trace

Contact iname’s
Security Officer Connect account name,
time, & message ID to
source IP address

Locate ISP & contact

Get logs from
Security Officer
source IP

Who was connected

at the time of the
E-Mail?
 Evidence Collection &
Preservation
• Forensic evidence
• Safeback - creates physical images and mirrors of
affected computers

• Forensic analysis
• NTI tools

• NEVER work directly on the evidence

• Never contribute to the evidence

• Ensure chain of custody

60
61
Fraud has been in
existence for more than
twenty centuries. The
world continues to
grapple with the
devastating effects of
62
In this digital age, financial fraud
has become more sophisticated
than ever.

Lets look at the origins of fraud,

how it has evolved, and
technological advancements
toward fraud prevention security.
63
Donald R. Cressey, a renowned
criminologist, a person is most
likely to commit fraud when he has
enough motivation or pressure; an
opportunity presents itself, and
there is enough justification for
acting.

64
65
Fraud Triangle

Cyber Security in the Financial Services Sector

 Current to
3
Target
DATA APPLICATION
Systems Landscape
INFORMATIO
Self Service Channels Assisted Branch Assisted Contact Centre 3rd N SECURITY

CHANNELS
FCR
B.NET C2B BIR
ATM Auto
NPC Modbank Call Record BAT Party
Refund
BOC
BIR SME MSCRM Knowledge CC Perf Vodafone
BFG BARX IVR EBC Base Mgmt
Payroll FCUBS
CUSTOME

Modbank BOC
R MGMT

SERVICE
SALES &
SCV ASSETS
Connected Automated
SCV Telesales Tracking
Accounts FCR BOC MSCRM BOC Manager System
SCV LIABILITIES

1 Africa DW
PRODUCTS &
SERVICES

Bank Auto Loan

FCUBS Modbank Vision + GCP Front Arena BARX FX Reuters
Assurance Mgr
FX Mthly Prime2&3 Trade New BBE
FCR CIL Bloomburg
Income Browser Finance DMZ
Breakout
(needed to
BBE Data Funds Movement Document Mgmt
eStatements
Financial Risk Ops Support Serv. MI & Analytics automate
BAGL Corp Business ACH)
Mart
Turbo Swift SWIFT V+ eStatements Mgmt
TSM/CRSA
ACL (Front Debt Mgr / Smart Local BBE
Intelligence
(Must have (Striata/Sybri Sender Arena) CRSA Collections MI Apps
Meridian n) (FCUBS)
for Collections
OPERATIONS

eStatements iScore Bus Objects

Regulatory) ACH ACH Utility CCRS Bureau Sign Master Domain SAS
Generator Automation (FCR)
Xerox Deposit Trade Fin Trade
FCUBS CorPay Redemption SAS Instinct Data Mgmt ModBank
Printing Scanning Finance
Chq Book Account Collaterals Secure
Sweeping Origination (Gtee
Daltex (Didograph Open s DB GCIS Automation Loans
System + EDS) Scanning Scanning
)
CorpPayroll Corp Client TSM App Legal Business
Intellimatch Storage Browser Action
(B@W) Mgmt Object

Compliance Finance Corporate Support Services

CORP FUNCTIONS

Fortent Bank Plus FCR/FCC ModBank Cheques

KAMLS (CBE GL GL Payable VIP Payroll BCM Tool One Source Garnishment CRES Contact
Mgmt
(AML) Regulatory
OEDQ/ VRISK CBE FCUBS V+ Odyssey Cash Flow Fxd Asset
Datanomics Auction SAPHR Open Pages Taleo
(Sanctions) (BAGL) Portal GL GL (Front GL) System Mgmt
BAGL SAP
iScore BAGL SAP Procuremen DMR Leavers Control Issues Cash Flow
Signature VRISK (UK) (Front GL LMS Synergy System
Verification GL (Owari) t MSEXCEL) Checklist Mgmt Sys
(Owari)

IBM Data Power Informatica BNE GEFU Control BBE File Utility BBE Short
BEM (ESB) (API Mgmt) (ETL) CRSA System Handler Message Service
(Notifications)
INTEGRATION

Key New System Deployment + Newt usage of existing Decommission

Interface or Data Feed Impact No change To be decided
Integration system + Integration
Outstanding Actions with BBE to share what
68 system does and whether an impact
 The majority of businesses lack discipline in some of the
following areas:
•Documentation on policies and procedures in cyber security
controls;
•Keeping Information and IT asset registers up to date;
•Tracking emerging threats;
•User awareness on basic security controls;
•Implementing key security patches;
•Re-configurations and system hardening of key platforms;
•Monitoring and controlling access management (particularly
off-boarding of employees and contractors); and
•Back-up and recovery of critical data.

69
RED FLAGS
- BUSINESS
- ICT
RED FLAGS
 Is he or she spending a lot of secretive
time on the computer? Our Computer
Forensic Investigators can find out what
they are hiding...

Is your employee
acting strange with
what they are doing
on the company's
computer or Cell
Phone? Let our
Dallas Corporate
digital forensic
investigator find out
what is really going
on by finding hidden
files, passwords and
much more.
Don't let the skeletons taunt you DFW. Find
out what they are hiding by contacting our
Computer Forensic Investigator TODAY!...
 Is your employee doing
things they shouldn't on
company time and
property? Our digital
Forensic Investigators
agency can find out what
The PI suggested I run they are hiding... and
a cell/mobile phone provide you with evidence
forensic analysis on my so you can make a sound
husbands last business decision
generation phone ....
Don't let technology
(phones, PDA's,
computers, etc...) control
your life... take charge and
find out what is being
hidden from you today
Business RED Flags
Management override.
Irregular & poorly explained management activities.
Delays and problems in obtaining requested information.
Significant, unusual & unexplained changes in customers or suppliers.
Manager performing clerical duties.
Poor system access controls
Repeatedly exceeding estimates & budgets.
Weak Control Environment
Key Monitoring controls ignored
Bank reconciliations
Creditors reconciliations
Debtors reconciliations
Backlog in posting transactions to the system
Integrated systems not talking to each other
Intercompany accounts not being reconciled
Poor Internal control system
Clearing accounts/ Suspense accounts accumulating balances
Personal RED Flags
Living beyond their means.
Disgruntled / frustrated with their job.
Unusually close association with suppliers.
Severe personal financial losses.
Addiction – drugs, alcohol, gambling, etc…
Unexplained change in personal circumstances
(e.g. recent purchase of latest Mercedes on a monthly salary of
$1,000).
Rarely, or only takes VERY short, vacations.
Procurement Fraud
The basic acquisition and expenditure activities are:
— Purchasing goods and services, and
— Paying the bills
 Effective Ethics and Compliance
Program

If a company has an effective ethics and

compliance program (i.e., internal audit
department), 3 offense points are deducted from
the total score. So if the total score is 29 before the
reduction of 3 points, the fine would be $ 8.1
million; whereas a score of 26 results in a fine of
only $ 3.7 million.

Forensic and Investigative

Chapter 4 90
Accounting
 Accounts Payable Fraud Red Flags
1. Duplicate payments (2% of total purchases)

$80 million times 2% = $1.6 million loss.

• Extract only the numerical digits of an invoice number and match on only the numbers
portion of the invoice.
• Try identifying the dates that are similar such as dates that are less than 14 days.
• Try matching on the absolute value of the amount.

2. Rounded-amount invoices.

3. Invoices just below approval amounts.

4. Abnormal invoice volume activity (two invoices one month and 60 the next).

5. Vendors with sequential invoice numbers.

LC 0002, LC 0003, LC 0004

6. Above average payments per vendor.

C. Warner and B. G. Dubinsky, “Uncovering Accounts Payable Fraud,” Fraud Magazine, July/ August
2006, pp. 29-51.

Forensic and Investigative

Chapter 4 91
Accounting
 “CYBER FRAUD SUMMIT”
CYBER SECURITY | CYBER FINANCIAL CRIME
Detection, Prevention, Investigation, and Reporting
Sprayview Hotel | Victoria Falls| 18 – 22 September 2023
Dr. Whisper Rukanda|+27 73 635 5777 | +263 772 410 555 |
[email protected]
 CYBER SECURITY
FRAMEWORK OF A BANK
Central banks, have provided guidelines on
Information Security, Electronic Banking,
Technology Risk Management and Cyber Frauds,
wherein it is indicated that the measures
suggested for implementation cannot be static and
banks need to pro-actively create/fine-tune/modify
their policies, procedures and technologies based
on new developments and emerging concerns.
9/20/2023 2
The number, frequency and impact of cyber
incidents / attacks have increased manifold
in the recent past, more so in the case of
financial sector including banks,
underlining the urgent need to put in place
a robust cyber security/resilience
framework at banks and to ensure
adequate cyber-security preparedness
among banks on a continuous basis.
9/20/2023 3
 What is Cyber Security in Banking?

•Cyber security refers to the organization of

technologies, procedures, and methods
designed to prevent networks, devices,
programs, and data from attack, damage,
malware, viruses, hacking, data thefts or
unauthorized access.

9/20/2023 4
 Top Cybersecurity Frameworks for
Financial Institutions
NIST Cybersecurity Framework (NIST CSF)
• The NIST Cybersecurity Framework was developed by NIST, the US
Department of Commerce’s National Institute of Standards and
Technology, which supports US innovation through industrial
competitiveness via several strategies, including developing measurable
cybersecurity standards to protect critical infrastructure and
enhance information security and data protection activities.
• NIST CSF is a popular cybersecurity framework containing a set of
standards, guidelines, and best practices to help businesses get their
basic cybersecurity processes up to speed and have a baseline to develop
their IT infrastructure. NIST frequently updates the framework, keeping it
relevant as the number of cyber attacks and types of cybersecurity threats
evolve.

9/20/2023 5
The five main pillars of the NIST CSF are:
1. Identify
2. Protect
3. Detect
4. Respond
5. Recover
9/20/2023 6
 Center for Internet Security (CIS)
Critical Security Controls
•CIS Benchmarks focuses on securing
the configuration of operating systems,
software, middleware, and network
devices, which is referenced throughout
CIS Controls.

9/20/2023 7
 ISO 27001/27002
•ISO is the International Organization for
Standardization, while IEC refers to the
International Electrotechnical Commission.
•The ISO 27000 series are internationally recognized
and the global standard for information
security management.
•The ISO/IEC 27000 family comprises more than a
dozen sets of cybersecurity standards for
information security management systems (ISMS).
9/20/2023 8
 Cybersecurity Capability Maturity Model (C2M2)
• Created in 2012, C2M2 was originally part of the US
Department of Energy and cybersecurity experts’ response
to a White House initiative to assess the energy
industry’s security posture.
• However, today, the framework helps organizations of all
sizes and types, and especially financial institutions, evaluate
their cybersecurity postures and maturity to optimize
investments in cyber defense systems and procedures,
focusing on solutions relating to information technology and
operations technology.

9/20/2023 9
 Information Technology Infrastructure Library (ITIL)
• The ITIL is a set of best practices relating to managing IT services and
enhancing the quality of IT support. Its primary objective is to ensure that
an organization’s IT services adapt to the evolving objectives of the
business.
The framework comprises 26 processes, divided into five primary stages.
1. Service Strategy - including assessing and measuring IT strategy.
2. Service Design - including creating, managing, and assessing Information
Security services.
3. Service Transition - including risk management related to change.
4. Service Operation - including access management.
5. Continual Service Improvement - which helps organizations keep IT
services aligned with evolving businesses.

9/20/2023 10
 Cloud Security Alliance (CSA) Security, Trust &
Assurance Registry (STAR)
• The CSA is the world leader in raising awareness of best practices
relating to cloud computing environments.
• The CSA’s STAR Registry is open to the public. Anyone can see the
security and privacy controls provided by popular cloud computing
service providers.
• Cloud computing organizations that publish to the registry
demonstrate their compliance and security postures, including
information on the regulations, standards, and frameworks with which
they are aligned.

9/20/2023 11
 Australian Government Information Security Manual
(ISM)
• Its aim is to establish a cybersecurity framework that
organizations can align with their risk management
frameworks.
Is intended to be used by:
∙ Chief Information Security Officers (CISOs)
∙ Chief Information Officers (CIOs)
∙ Cybersecurity professionals
∙ Information technology (IT) managers
9/20/2023 12
 ZIMBABWEAN CONTEXT
•National Payment Systems Risk Based Guideline On
Cybersecurity
•The Risk Based Cyber Security Guideline is issued
pursuant to the National Payment Systems (NPS) Act
(Chapter 24:23)
•This Guideline applies to all institutions licensed under
the National Payment Systems, Banking and any
related Acts under the Reserve Bank of Zimbabwe’s
jurisdiction.
9/20/2023 13
•The Zimbabwean financial services community
has embraced some measures from
organisations such as the Bank for International
Settlement (BIS).
•While the principles and expectations of this
cybersecurity guideline incorporates risk
management areas that are outlined in the 24
Principles for Financial Market Infrastructures
(PFMIs), the Guideline is not intended to replace
or supersede the international best practices.

9/20/2023 14
•In the case where the institutions
cybersecurity operations depart
from the BIS cyber security
guideline, they shall identify and
demonstrate to the Bank, any
identified international best practise
guidelines they would have put in
place.
9/20/2023 15
 Cybersecurity in Banking – Value
Chain Analysis
•Cybersecurity in the banking
industry is split into three
segments:
- Hardware
- Software
- Services
9/20/2023 16
 Hardware
•With chips now being used in mission-critical servers
and safety-critical applications, protecting chips from
cyberattacks is becoming more critical and more
expensive.
•Systems vendors such as Apple and Amazon are
increasingly designing their chips rather than buying
commercially developed devices and intellectual
property (IP) created by third-party developers.

9/20/2023 17
 Software
The software element of the cybersecurity
value chain comprises the following areas:
identity management, network security,
endpoint security, threat detection & response,
cloud security, data security, email security,
application security, unified threat
management, and vulnerability management.

9/20/2023 18
 Services
•The services element of the cybersecurity value
chain comprises the following areas: managed
security services, post-breach response
services, and risk & compliance services.
•Services are typically outsourced because of
the complexity of addressing
cybersecurity-related issues, such as staying on
top of vulnerabilities, identifying & responding
to threats,
9/20/2023
and meeting compliance
19
 What Is Cybersecurity Compliance?
•Cybersecurity compliance means adhering to
standards and regulatory requirements set forth
by some agency, law or authority group.
•Organizations must achieve compliance by
establishing risk-based controls that protect the
confidentiality, integrity and availability of
information.
•The information must be protected, whether
stored, processed, integrated or transferred.
9/20/2023 20
 Why Is Compliance Important in
Cybersecurity?
•No organization is completely immune from
experiencing a cyberattack, meaning that
complying with cybersecurity standards and
regulations is paramount.
•It can be a determining factor in an
organization's ability to reach success, have
smooth operations and maintain security
practices.
9/20/2023 21
 Types of Data Subjected to
Cybersecurity Compliance
•Most cybersecurity and data protection
laws revolve around sensitive data,
including three different types:
personally identifiable information (PII),
financial information and protected
health information (PHI).

9/20/2023 22
 Benefits of Cybersecurity Compliance
∙ Protects their reputation
∙ Maintains customer or client trust
∙ Builds customer confidence and loyalty
∙ Helps identify, interpret and prepare for
potential data breaches
∙ Improves an organization’s security posture

9/20/2023 23
 CYBERSECURITY GOVERNANCE
•Cybersecurity governance is a
comprehensive cybersecurity strategy
that integrates with organizational
operations and prevents the interruption
of activities due to cyber threats or
attacks.
9/20/2023 24
 Features of cybersecurity
governance include:
• Accountability frameworks
▪ Decision-making hierarchies
▪ Defined risks related to business objectives
▪ Mitigation plans and strategies
▪ Oversight processes and procedures

9/20/2023 25
•Ensuring oversight structures are in place at
board level is a key feature of cyber
governance.
•As a material risk affecting companies, boards
are increasingly held accountable for ensuring
the executive team is taking appropriate steps
to mitigate the risk of a cybersecurity attack,
and also ensuring the organisation responds
appropriately in the event of an incident.
9/20/2023 26
•Often, boards have little to no experience in
this field, and whilst the dynamic nature of
cyber risk means that board members are not
expected to be cyber experts – though there is
merit to having expertise on the board – they
are expected to be able to challenge
management on this topic and inform
shareholders on the measures in place to
mitigate the impact of cybersecurity incidents.

9/20/2023 27
•Organisations must develop a
culture of cyber resilience.
•Everyone in the organisation should
feel supported to make decisions
that protect the confidentiality,
integrity and availability of
information assets and systems.

9/20/2023 28
•Awareness of and accountability for cyber
resilience should be seen throughout the
organisation as an important and
complementary part of that organisation’s
mission.
•Establishing an organisation’s cyber security
culture occurs from the top down.
•This can be communicated and reinforced
through strategy, policy and standards.

9/20/2023 29
 THE ROLE OF INTERNAL AUDIT IN
CYBER SECURITY
• Audit committees and boards have also reacted to the evolving threat.

• They have set an expectation for the IA function to play a key role in
ensuring the organisation is protected against cyberthreats.

• IA teams need to be increasingly vigilant and play a leading role in

challenging cybersecurity practices.

• What should IA functions and leaders keep in mind, and how can they
work with CIOs and CFOs to ensure their IT operations are secure?

9/20/2023 30
 Key cybersecurity considerations for IA
leaders
Assess cybersecurity risks against goals and strategy
• IA should consider the appropriateness of cybersecurity
frameworks implemented, the appropriateness of
cybersecurity risk management within their organisations,
the appropriateness of the cybersecurity strategy,
cybersecurity governance including the roles and
responsibilities for IT, security, business and third
parties, the effectiveness of IT disaster recovery and
business continuity planning programmes amongst
others.
9/20/2023 31
 Conduct risk based cybersecurity
assessments
• IA should focus on the adequacy of the risk
assessments and on key risks identified,
while also ensuring they have a sense of the
threat landscape internally and externally.
These key risks should be included in the
annual audit plan for review.

9/20/2023 32
 Assess compliance with cybersecurity
regulations
The regulatory environment continues to
evolve and continues to mandate
cybersecurity requirements that organisations
need to adhere to. There is a greater focus on
cybersecurity by regulatory bodies,
organisations and mainstream media

9/20/2023 33
 Determine how operational changes should be

assessed
•IA professionals should focus on familiarising
themselves with changes to their
organisations operating environment and
how this may lead to the increased
cybersecurity risk
9/20/2023 34
Collaborate with other lines of defence
IA should effectively collaborate with first-line
and second-line functions. In doing so, it can
reduce the likelihood of blind spots or
significant cybersecurity issues materialising.

9/20/2023 35
 Report and escalate the risks
•IA should ensure that key risks resulting from
cybersecurity assessments are reported as
soon as they are known and should not wait
for full execution of the audit as identified
risk can be exploited by attackers.

9/20/2023 36
Use relevant reference frameworks
• IA should consider existing frameworks when executing
assessments to ensure end to end coverage of cybersecurity
domains.
• Consider whether the organisation has formally adopted an
industry standard, framework or guidelines such as the National
Institute of Standards and Technology cybersecurity framework
(NIST CSF), International Organisation for Standardisation (ISO)
27001 and 27002 amongst others

9/20/2023 37
Report to the board and audit committee
•IA has a crucial role to play in ensuring that the
audit committee and board are fully informed
through provision of valuable current and
emerging cybersecurity insights.
•IA should ensure that the audit committee and
board remains highly engaged with cybersecurity
matters and are up to date on the ever-changing
threat landscape.

9/20/2023 38
 “CYBER FRAUD SUMMIT”
CYBER SECURITY | CYBER FINANCIAL CRIME
Detection, Prevention, Investigation, and Reporting
Sprayview Hotel | Victoria Falls| 18 – 22 September 2023
Dr. Whisper Rukanda|+27 73 635 5777 | +263 772 410 555 |
[email protected]
 Presentation Objectives
• Insuring Cyber Assets and Evaluations
• Information Security Assests & Certifications
(Cybersecurity hygiene)
• Cyber Risk and Data Protection Insurance
• Cyber Risk Assessment – Tools and Software
• Planning and Conducting Investigations on Cyber
• Commonly ignored exposures that can lead to complex,
high-risk attacks
• Cyber Asset Attack Surface Management (CAASM)
9/19/2023 2
 “CYBER FRAUD SUMMIT”
CYBER SECURITY | CYBER FINANCIAL CRIME
Cyber Crime and Cyberattacks
Sprayview Hotel | Victoria Falls| 18 – 22 September 2023
Eng Prudence Kadebu|+263 713385554 | [email protected]
Outline

Cybersecurity
Cybercrime
Cyber Financial Crime
Digital Hijacking
Business Email Compromise
Cyber world and Retail, Rentals and
Telecoms Fraud
Cybercrime
 Financial Crime

• Any fraudulent or unlawful act of obtaining or using money or

property for economic benefit, perpetrated by individuals or
organisations.
• Profiteering from illegal activities.
• Includes:
• Money Laundering
• Unauthorised banking
• Fraud
• Embezzlement
 Cybercrime and financial crime

• Cybercrime
 Market Abuse and Insider Trading
Criminals or insider Market manipulation is when a market
for securities is inflated or deflated to
traders manipulate make it appear that securities are
the market rules worth more or less than their true
value.
and regulations and
gain secret • E.g. the issuer of securities gives
information from money to several people it controls
so that those people will acquire
within the entity, the securities fabricate the
using their power of existence of a market for them.
position personal High demand for an asset = High
financial gain. market value
 Digital Hijacks
Cyber /Digital hijacking, or computer
hijacking, occurs when an attacker takes
control of computer systems, software
programs, and/or network communications.
• Electronic Account Hijacking- a cybercriminal obtains
personal banking information and uses it to take over
your bank accounts. WhatsApp Account Take-Over
• Domain Hijacking – Through phishing, attackers take
over your control panel and point it to a scam site they
control.
• Ransomware Attacks – Targeted at companies
demanding a ransom as high as $70m. RaaS new norm.
• Browser hijacking is most often used to compel a
victim to click on adverts, change the default browser
settings, or reroute online traffic.
 • “the largest and most Beginning in September 2019, the threat actor
first conducted a “dry run,” injecting test code
sophisticated attack the world into SolarWinds’ network management and
has ever seen,” Microsoft Corp monitoring suite of products called Orion.

President Brad Smith

Case • Estimated to have compromised
In February 2020, the threat actor injected
trojanized (hidden) code into a file that was

Study:
later included in SolarWinds’ Orion software
up to 18,000 SolarWinds updates.
customers that used the
Solarwinds company’s Orion network
monitoring software SolarWinds released the software updates to its

Corp
customers not realizing that the updates were
compromised.
• hackers got access to emails at
Attack the U.S. Treasury, Justice and
Commerce departments and The trojanized code had provided the threat
actor with a “backdoor”—a program that can
other agencies give an intruder remote access to an infected
computer.
• Microsoft and many U.S.
Government Agencies. The threat actor was then able to remotely
exploit the networks and systems of SolarWinds’
• cyber hijacking since the hackers customers who had downloaded the
compromised software updates using a
took control of Orion’s software sophisticated computing infrastructure.
compilation process to include a
backdoor in authentic, software
updates.
https://www.gao.gov/blog/solarwinds-cyberattack-demands-significant-federal-and-private-sector-response-infographic
 Business email
compromise
issues
• A damaging form of cybercrime, with the potential
to cost a company millions of dollars.
• A form of phishing scam.
• Attackers often impersonate a trusted person or
entity like an executive, vendor, brand, or internal
system to fool a victim.
• BEC losses involving cryptocurrency rank highest.
• Look out for these forms of BEC:
• Urgent payment required scams
• Gift cards and wire transfers
• Credential compromise scams
Prevention tactics and safeguards to educate
and mitigate risk of business email compromise

• Use secondary channels or two-factor authentication to verify requests for changes in

account information.
• Ensure the URL in emails is associated with the business/individual it claims to be from.
• Be alert to hyperlinks that may contain misspellings of the actual domain name.
• Refrain from supplying login credentials or PII of any sort via email. Be aware that many
emails requesting your personal information may appear to be legitimate.
• Verify the email address used to send emails, especially when using a mobile or handheld
device, by ensuring the sender’s address appears to match who it is coming from.
• Ensure the settings in employees’ computers are enabled to allow full email extensions to be
viewed.
• Monitor your personal financial accounts on a regular basis for irregularities, such as missing
deposits.
• If you discover you are the victim of a fraud incident, immediately contact your financial
institution to request a recall of funds as soon as possible.
• Tool support
Understanding
Financial crime risks in
e-commerce
E-commerce businesses can be exploited for criminal
purposes in four major ways:
• Committing fraud against the customer by failing
to deliver goods or services.
• Buying goods or services using stolen bank card
data.
• Creating e-commerce businesses as a front for
illicit transactions (for example, to accept bank
card payments for drugs).
• Abusing online marketplaces to move criminally
obtained funds (for example, through
the sale of computer-generated books sold via
Amazon).
The latter two present particular money-laundering
and terrorist-financing (financial crime) threats
because they involve consensual transactions that
are intended to remain undetected.
How can we
protect our data
and systems
against these
Cybercrimes?
 Digital Users need Digital services

Businesses aim to provide the best user experience while reducing fraud losses.

Register: any account opening in banks, insurance, government agencies, retailers, gaming
sites etc

Account use: any risky action like downloading expensive analyst reports, changing user
details or making a transaction.

Every day’s Headache – How to Accurately identity risk in real time, combining on device
user behavior with device and session risk for detecting Account Opening Risk and
preventing Account Takeover (ATO).
 Case Study
Protecting Digital Users –
Banking/Insurance/Retail/Gvt

Open Account Account Login Account Activities Transaction

IBM Security Trusteer is a family of cloud services and endpoint device software that helps assess risk, detect fraud,
establish identity and authenticate users.
• A part of the IBM Security portfolio.

https://www.ibm.com/trusteer 14
 Online Fraud Protection – Threat
Intelligence Sources
~120 billion 600 millions 220 million Mobile 350,000 100,000
events per month protected identities devices malware samples phishing sites

IBM Security / © 2020 IBM Corporation 15

 Online Fraud Detection Accuracy

< 0.05% > 90% < 1%

Fraud Alert Fraud Detection Authentication

# Assuing trusteer deployment best practices was followed

16
 Solution Portfolio

• Known User Fraud • Unknown User • Adaptive • Actionable

• (account takeover Fraud • Access • Remediation
fraud) • (new account fraud) • (risk-based • (web malware
authentication) removal)
• Detect • Detect fraudulent
unauthorized account creation by • Balance MFA • Prevent malware
account access by new users requirement and phishing
obtaining a • Policy Abuse between user attempts to gain
legitimate user's experience impact access and control
details or and security. of customer or
generating
employee
synthetic identities
credentials.
Pinpoint Detect Pinpoint Assure Verify Trust Rapport
17
 Key Risk Indicators & Attacks -
Detect and Defend Against

Mobile App Web App Social Engineering Cross Channel

✓ Mobile Malware: ✓ Desktop Malware: ✓ Phone Calls Different attacks (MOs) in

overlay, keylogging redirection, keylogging, which the attacker moves
✓ Social Network
remote overlay between Web and Mobile
✓ Repackaged App
✓ Spear Phishing apps to gain access to the
✓ Remote Access Tools
✓ Downloader App account.
✓ Phishing
✓ Browser Spoofing
✓ Mobile Remote Supporting campaign
Tool ✓ Running in VM
✓ Smishing
✓ Running on Emulator ✓ Human Like BOTs
✓ Vishing
✓ SIM Swap ✓ Mobile Webview
 The Advanced Fraud Protection Breakdown
Look across hundreds of data points and risk indicators

Malicious
Behavior Device Network Account Intelligence Transactions Access
Tooling

• Compromised • Device ID • Location • Web & Mobile • New Device • Known Bad • New Payee • Failed Login
Credentials Malware Device
• Compromised • ISP / Carrier • Dormant • Risky Payee • Failed Auth
• Behavioral Device • Virtual Account • Phone
• Hosting • Transaction • Mutlipe
Biometrics Machines Number
• Abnormal Service • Associated Anomaly Attempts
• Multi-step Attributes • Emulators Devices • Risky IPs
• VPN • Country Risk • Velocity
Attack
• Spoofed Device • Screen Overlays • Phishing
• Call In • Auth Renewal
• Cross-Channel
Progress • Remote Access • Block Lists
• Navigation Flow
• Non-Human
(BOT)

Full Protection !!
Account
Open Account Account Login Activities Transactions
 Example: How does it work?
Login Browse Action

Web User
Visible

Mobile
User

Real time

Collect Analyze Respond & Alert & Fraud

• Device Attributes • Recommend Reporting Feedback
Invisible

User Profiling
• Geo Location • Abnormal behavior
• Behavior • Fraud patterns • Allow
• Malware • … • Step-up
• Network • Restrict
• ... • Deny
Consortium

20
IBM Security Trusteer @ 2023
 The power of Strong US Alert Distribution of Session Risk Reason

Analytics 3%
3%
2%

19%
Access from a known fraudster device
3%
Unusual access using suspicious device attributes
4%
Suspicious access using a Virtual Machine

Unusual activity using a known risky hosting service

5%
Suspicious anomalous pattern of accesses

Suspicious Behavioral Anomaly

Access from a suspicious device using spoofed attributes

5%
13%
Contains similar attributes to a known fraudster's device

Access from a new device

7%
Suspicious access pattern to multiple accounts

Multiple accesses from suspicious device within a short timeframe

Suspicious access using a remote access tool 10%

7%
Suspicious access to a user account with attributes different to those normally seen on the
user's device
Unusual access using suspicious mobile device attributes
8% 9%

21
Threat Research
Lab

Threat
Engineers
Security Reverse
Developers Engineers

Phishing Mobile
Analysts Researchers

Data Web
Scientists Researchers

Fraud
Analysts

22
 Case Management & Auto-Response

Combine Fraud Detection

with SOAR for automating
operational post-detection Fraud

activities, while delivering

a state-of-the-art case
management tool.
• Security Orchestration,
• Automation, and
• Response
SOAR

23
 ▪ Adoption of an integrated and business-wide
approach to cyber security
Cybersecurity ▪ A collaborative Cybersecurity Strategy involving all

Strategy
stakeholders.
▪ Make the end-user the first line of defense
A proactive approach ▪ IT as a strategic function – ITSM / ITIL
to preventing Cyber ▪ Develop and operationalise Cybersecurity
policy
attacks
▪ BYOD policy
▪ Disaster Recovery Plan
▪ Cybersecurity Incident Response Teams
▪ Auditing and enforcement of cybersecurity
compliance
 Never Trust, Always Verify

Check the Live cyber threat map

https://threatmap.checkpoint.com/

Questions
Thank You!!
[email protected]
[email protected]
+263713385554
 “CYBER FRAUD SUMMIT”
CYBER SECURITY | CYBER FINANCIAL CRIME
Detection, Prevention, Investigation, and Reporting
Sprayview Hotel | Victoria Falls| 18 – 22 September 2023
Dr. Whisper Rukanda|+27 73 635 5777 | +263 772 410 555 |
[email protected]
 Cyber Liability Insurance
Presentation
Alwin Kopera
Underwriting Manager (FBC Re)

9/19/2023 2
 Presentation Outline

• Introduction
• General overview of cyber matters-Insurance perspective
• Major Causes of Data Breaches
• Highlights; Global Cyber Losses

• What is Cyber liability insurance?

• Exposure factors that influence an entity to buy cover
9/19/2023 3
 Presentation Outline

• Cyber Liability Policy Structure

• Underwriting Considerations
• Cyber Liability loss examples & claims management
• The End

9/19/2023 4
 INTRODUCTION

• Cybersecurity is an issue of profound importance in today’s

technology-driven world. The primary notion of
cybersecurity is the consolidation of the confidentiality,
integrity, and availability of computer resources, networks,
software programs, and data into a cohesive set of rules,
technologies, procedures, and strategies with the aim of
preventing cyber-attacks
• Cyber-attacks have in numerous cases led to loss of digital
assets, business interruption, loss of money and costly law
suits

9/19/2023 5
 OVERVIEW OF CYBER RISK MATTERS

• Growing Digital Transformation of Society-An increase in

cybercrime has been noted across the globe due to an increased use of
the internet and online transactions(Ecocash,ZIPIT, Omari)
• The coronavirus outbreak resulted in the largest work-from-home
situation in history, presenting IT criminals with new opportunities to
exploit any security vulnerabilities
• Widespread use of Internet Enabled Devices and Processes (
The Internet Of Things [IoT]) eg. Smart Technology (Smart Security
Systems eg Connected Homes)
• The rise of Cyber Legislation (Data Protection Act [Chapter 11:12]
Dec 2021), re-gazetted in March 2022 to become Cyber and Data
Protection Act [Chapter 12:07].Criminal law code section 163-Hacking
• Weak Legislation in Cryptocurrency matters creating a fertile ground
for criminals
9/19/2023 6
 EFFECTS OF FINANCIAL CYBER CRIME

9/19/2023 7
 Major Causes of Data Breach(es)

Malicious Cyber Attacks (Ransomware)

Phishing

Social Engineering

9/19/2023 8
 Ransomware
Double extortion

Cyber criminals combine the initial Hackers will also now attempt to
encryption of data with a secondary encrypt or delete backups, making
form of extortion, such as the threat to restoration and recovery more difficult
release sensitive or personal data. or impossible.

9/19/2023 9
 Ransomware

9/19/2023 10
 Global Cyber Losses Highlights
(A case of Allianz)

9/19/2023 11
 What is Cyber Liability Insurance?

A short term insurance policy which can

pay out consequential costs of a network
security and/or privacy breach as
specifically provided for in the policy

9/19/2023 12
 CYBER LIABILITY
EXPOSURE FACTORS
THAT SHOULD
INFLUENCE YOU TO
BUY CYBER LIABILITY
INSURANCE

9/19/2023 13
 ❑ Scenario 1 :-Denial Of Service Attack
Does your company’s revenue depend on transaction
volumes/ day or hr?
Do your clients have an alternative during your downtime?
How much would your company lose if You are not
operating for a day?
Do your operating costs reduce because your system is
down?
How much will it Cost to bring back your system up? Will
you pay ransom, hire a forensic expert and investigator.
How much will all that cost?
BANKERS, TELECOMMUNICATIONS,
HOTELIERS, ONLINE RETAILERS.

9/19/2023 14
 • Scenario 2- Theft/loss of Digital Assets
Does your business transact online?
Do you make payments based on email instruction- How much
would you pay to the wrong recipient in a phishing incident?
How much money can you possibly lose in an attack.
Is digital money part of your stock.
Do you keep digital assets which can be monetised ?
Do you keep money/digital assets belonging to others?
If you are sued to the extent of their loss will your business
survive?
If you lose your records, how much may you fail to recover
from Debtors/Customers OR how much extra can you pay ?

9/19/2023 15
 •Scenario 3 - Espionage Motivated Breach
Does your business benefit from secret recipes/ formulas
What’s the potential loss if the formula is known by
competitors or the public
Can an attack result in compromised quality
What is the cost of product recall or condemnation
Will the attack cause permanent loss of confidence in your
product
To what extent will an attack affect your market share?
MANUFACTURING INDUSTRY, RESTAURANTS,
FAST FOODS

9/19/2023 16
 Risks posed by an information security breach

• Reputational damage
• System unavailability and downtime
• Loss of revenue, data or competitive advantage
• Litigation arising from compromised data
• Costs incurred in responding to an incident:
• Legal defence and settlement
• Forensic investigation
• Affected party notification and remediation
• Public relations costs
• Industry / regulatory fines and penalties

9/19/2023 17
 CYBER LIABILITY POLICY STRUCTURE

FIRST PARTY COVER

SERVICES THIRD PARTY LIABILITY

9/19/2023 18
 First Party Cover
❖ Loss or damage to digital assets

❖ Business interruption from system

downtime

❖ Cyber Extortion

❖ Reputational damage

❖ Theft of money and digital assets

9/19/2023 19
 Loss or damage to digital assets

Loss or damage to data or software programs, resulting

in cost being incurred in restoring, updating, recreating
or replacing these assets to the same condition they
were in prior to the loss or damage

9/19/2023 20
 Business interruption from system downtime

Interruption, degradation in service or failure of the

network, resulting in loss of income, increased cost of
operation and/or cost being incurred in mitigating and
investigating the loss

9/19/2023 21
 Attempt to extort money by threatening to damage
or restrict the network, release data obtained from
the network and/or communicate with the customer
base under false presences to obtain personal
information

9/19/2023 22
 Reputational damage

Arising from a data protection breach being reported

(whether factually correct or not), that results in loss
of intellectual property, loss of income, loss of
customers and/or increased cost of operation

9/19/2023 23
 Direct monetary losses and associated disruption
from theft of computer equipment, as well as
electronic theft of funds / money from the
organisation by hacking or other type of cyber
crime

9/19/2023 24
 Third Party Coverage

Liability for damage to or corruption /

loss of third-party data or information,
including payment of compensation to
customers for denial of access, failure of
software, data errors and system security
failure

9/19/2023 25
 Third Party Coverage

• Defense costs
• Privacy and Data Breach Cover
• Fines and penalties
Regulatory fines
Industry associations fines

9/19/2023 26
 Services Coverage

Crisis
Communication Consultation Cover
Cover

9/19/2023 27
 Underwriting Considerations for cyber liability insurance

9/19/2023 28
 Examples of potential cyber claims

✔ Man in court for triggering BancABC VISA card crisis that caused hell for thousands (zimlive.com)
(Oct 2021)

✔ $27 million identity fraud suspect arrested | The Chronicle(June 2023)

✔ Teller hacks into POSB system (newsreportzim.com) (June 2023)

✔ Cybercriminals hack ZESA and have control of critical systems and terabytes of sensitive data? –
Techzim (August 2023)

9/19/2023 29
 Cyber Liability Claims Management

Resources required
•Lawyers
•Forensic Experts
•PR experts to manage a crisis
•Call centre or easy access to one.

The team of experts

• Usually appointed upfront by insurer
• They must be trained.
• There must be a system to coordinate the teams (Automated systems are better for
easy communication).
• They must be available at short notice

9/19/2023 30
 Claims Management Process
1. Notification to Insurer as soon as breach is detected
2. External experts should move on site:
✔ Forensic expert on site for technical response
✔ Legal expert to guide through legal requirements and co-ordinate
from a legal point of view
✔ PR/Communications experts to implement communications strategy
3. Obtain legal guidance as regards necessary on notification to breached
parties. This is where regulatory requirement become critical.
4. Affected individuals notified. Ongoing containment of breach. Get client
back to business (BI!).

9/19/2023 31
Thank you….