This document provides an overview of a half-day conference on blockchain and cybersecurity for CFOs and controllers. It includes summaries of presentations on blockchain technology and how it enables distributed ledgers and smart contracts. Cybersecurity topics discussed include notable data breaches, vulnerability assessments, penetration testing, and social engineering. Contact information is provided for the speaker, Jason Cope, and details are given on the sponsor and agenda for the CFO and Controller conference focused on helping financial leaders gain a broader business perspective.
28. What Is Blockchain?
A technology that:
• Permits transactions to be gathered into
blocks and recorded
• Cryptographically chains blocks in
chronological order creating a “Trustless
system”
• Allows the resulting ledger to be accessed
by different servers (i.e. a distributed
ledger)
29. What Is A Distributed Ledger?
Centralized Ledger Distributed Ledger
• There are multiple ledgers, but Bank holds the “Master
Copy”
• Each client must reconcile its own ledger against that of
the Bank, and must convince Bank of the “true state” of
the Bank ledger if discrepancies arise
• There is one ledger. All Nodes have some level of access
to that ledger.
• All Nodes agree to a protocol that determines the “true
state” of the ledger at any point in time. The application of
this protocol is sometimes called “achieving consensus”
30. Trustless System?
• Doesn’t mean it’s a system you can’t trust
• No trust is required between participants in
a transaction
• How is this accomplished?
– Data is mined into blocks
– Together these blocks form a chain
– Each block in the chain includes data from the
previous block
– The resulting “blockchain” is a ledger of
transactions that automatically verifies itself
32. Using Blockchains
Smart contracts
• Flexible mechanism that serves as the
middleman for all manner of agreements and
data exchanges
– Identity management
– Voting
– Digital rights management
– Supply chain management
– Point-of-sale applications
– Healthcare
– Currency exchange
– Ride sharing
33. How Is Blockchain
RelatedTo Bitcoin?
•Blockchain enables the existence of
cryptocurrency
•There are more than 1,600 cryptocurrencies
today
•Bitcoin is the name of the best-know
cryptocurrency
•Facebook is actively working on creating a
cryptocurrency
34. Cryptocurrency
Benefits and Issues
Benefits:
• Offers cheaper and faster peer-to-peer
payment options
• No need to provide personal details
• Gaining acceptance as a payment option
Issues:
• Price volatility
– Less buying and selling of goods and services
– More speculative trading of the currency itself
35. Benefits of Blockchain
• Increased transparency
• Accurate tracking
• Permanent unmodifiable ledger
• Cost reduction
38. Notable Breaches
• Target (2013)
– 110 million customers credit/debit card
information compromised
– Hackers gained access through a third-party
HVAC vendor to the point-of-sale card readers
– Cost the company $18.5 million, plus additional
compliance requirements
39. Notable Breaches
• Uber (2016)
– 57 million Uber users and 600 thousand drivers
personal information exposed
– Uber failed to disclose the breach for more than
one year
– Paid the hackers a “bug bounty” fee of $100
thousand to destroy the data with no way to
verify the destruction occurred
– Valuation dropped from $68 billion to $48 billion
40. Notable Breaches
• Equifax (2017)
– Personal information (including Social Security
Numbers, birthdates, addresses, drivers’ license
numbers) of 143 million consumers compromised
– Caused by a website application vulnerability; using old
outdated systems
– Setup a dedicated website to take care of consumers
– Provided free credit monitoring for one year for all
consumers affected
– Cost the Company $700 million after reaching a
settlement with the government
41. Notable Breaches
• Capital One (July 30, 2019)
– Personal information of 100 million consumers
compromised (names, addresses, phone numbers,
email addresses, dates of birth, annual income
disclosures)
– Outside individual gained access to the network
by exploiting a misconfigured web application
firewall
– Will provide free credit monitoring for one year
for all consumers affected
42. Local Incidents
• Texas Lawbook survey states four out of five law
firms operating in Texas in 2017 and 2018 were
victimized by a cyber attack.
• 40% of small and mid-sized companies that
experience data breaches are out of business
within six months.
• Smaller businesses that devote fewer resources
to cybersecurity end up with information that is
more accessible to cyber attacks
43. Vulnerability Assessment
• Intended to identify and assign a criticality
rating to potential security weaknesses in an
organization’s technical environment, but not
to exploit the weaknesses
• External
• Internal
44. Vulnerability Assessment
• External
– Checks for vulnerabilities between the external
network and the internet.
• Internal
– In-depth analysis of the organization’s internal
network.
– Estimated that approximately 80% of security
breaches occur from inside the internal network.
46. PenetrationTesting
• Identifies the ease and likelihood with which a
malicious attacker could compromise the
target environment
• Finds weaknesses in the target environment
and attempts to exploit them.
47. Social Engineering Assessment
• Consist of various methods to determine
susceptibility to common people-based attacks
to obtain credentials, convince users to
circumvent security controls, install
unauthorized software, disclose sensitive
information, or enable assess to unauthorized
areas.
• Focus is on humans rather than weaknesses in
the IT infrastructure.
50. CONTACT US
Jason R. Cope
Goldin Peiser & Peiser, LLP
(214) 635-2508
Jcope@GPPcpa.com
51. 51
Goldin, Peiser & Peiser, LLP
CFO & Controller Conference
Helping Financial Leaders Gain a
Broader Perspective on Their Business
November 6, 2019
63. 63
100% Strong
❑ Core Values
❑ Accountability Chart
❑ People Analyzer
▪ Core Values (Right People)
▪ GWC (Right Seat)
❑ Two Issues –
▪ Right Person, Wrong Seat
▪ Right Seat, Wrong Person
64. 64
GWC
Get It
Want It
Capacity to Do It
G
W
C
Function
Name
• ––––––––––––––––––––––––––––––
• ––––––––––––––––––––––––––––––
• ––––––––––––––––––––––––––––––
• ––––––––––––––––––––––––––––––
• ––––––––––––––––––––––––––––––
65. 65
THE PEOPLE ANALYZER
Name
The Bar
Sally Jones
John Smith
George Wilson
+ + + + +
– – – – –
+/– +/– +/– +/– +/–
+ + + +/– +/– Y Y Y
77. 77
THE LEVEL 10 MEETING
Good News 5 Mins
Scorecard 5 Mins
Rock Review 5 Mins
People Headlines 5 Mins
To-Do List 5 Mins
IDS 60 Mins
Conclude 5 Mins
78. 78
● 8 Questions
● Shared By All
● Scorecard
● Measurables
● Documented
● Followed By All
● Rocks
● Meetings
● Issues List
● IDS
● Right People
● Right Seats
80. 80
THANK YOU!
Email me at
david@boyettmanagement.com and I
will send you a free E-Book- “Decide”
Draft Your First Scorecard
Let me know how I can help!
81. Tax & Accounting Update
Panel Discussion
Allan Peiser
Moderator
Angie Walters Kevin Harris Richard Stepler