© Cyveillance, Inc. 2014 Cyveillance Confidential Who We Are Cyveillance has scoured the Web since 1997. Our mission is to identify online risks to our clients’ people, intellectual property, revenues and reputation. © Cyveillance, Inc. 2014 Cyveillance Confidential 2 The Problem These threats evolve on an ever-expanding attack surface of new sources, amid changing business and regulatory requirements. IP © Cyveillance, Inc. 2014 Cyveillance Confidential Threat Actors Who are the Pirates of Certification? • Individuals trying to make money by selling exams or exam-related content (illicit prep programs, enterprising “entrepreneurs” etc.) • Organized groups or individuals attempting to cheat on the exam for malicious reasons • Organized groups or individuals attempting to help each other pass the exam as perceived duty • Inadvertent disclosures by overly chatty test takers (especially in social media) © Cyveillance, Inc. 2014 Cyveillance Confidential 4 Is your ship safe? Organizations invest heavily in test development, who needs to worry about being compromised? • Organizations who administer certifications and exams using online testing environments • Organizations who test in many geographic locations (especially in multiple time zones) • Organizations who must accommodate a wide range of cultural groups (assisting your neighbors is not always perceived as cheating) • Organizations who administer to heavy social media users (especially teens and young adults) • Organizations who administer high stakes/high profile/barrier to entry exams © Cyveillance, Inc. 2014 Cyveillance Confidential 5 How do you right the ship? Who is taking advantage of online monitoring services? • Organizations where exam administration is their core competency and top revenue generator • Organizations who currently test outside of the US or plan on extending their reach overseas • Organizations that administer CBT’s or are looking to move to a CBT platform • Organizations that re-use item banks © Cyveillance, Inc. 2014 Cyveillance Confidential 6 The Technology for Catching Pirates Our platform combines collection, scoring and workflow tools to isolate relevant findings cost-effectively from a wide range of sources. ON A TYPICAL DAY FOR A LARGE CLIENT In The Wild: We screen billions of pages, posts and updates for client- and threat-related activity 20K (Ingested) -18K (Cleared by Scoring) 2K (Human Review) 1 Alert © Cyveillance, Inc. 2014 Initial Collection: The customer’s brand, CEO, addresses, and other Client Indicators bring in 10-30K new items Scoring: Threat lexicons, known bad actors & language algorithms pre-screen the raw take, reduce candidate findings by 90-95% Vetting & Validation: Analysts review candidate findings for true relevance Cyveillance Confidential Technology + People Our systems distill the data, so our analysts spend time analyzing, not searching for, useful findings. • Cyveillance technology is language agnostic to better address global threats • Analyst backgrounds are primarily in business, law and intelligence analysis • Fluency in nearly 20 languages © Cyveillance, Inc. 2014 Cyveillance Confidential 8 The Landscape Where do we find these pirates? • Social Media – Especially Twitter and Facebook. As new environments pop up they are often used as well. Over the past two years incident volume on Vine and Instagram saw spikes in volume • Message Boards – Particularly boards dedicated to the subject matter for the exam being administered • Document Sharing Sites – Sites like Scribd and Docstoc that allow users to post content for easy distribution. Some of these sites offer incentives for users to post content • Prep Programs and Exam Prep Material Sites – Prep sites that offer score increase or “Pass or your money back” guarantees • The “Dark” Web – The web doesn’t stop at Google… © Cyveillance, Inc. 2014 Cyveillance Confidential 9 What Does Monitoring Allow You to See? Suspicious Prep Courses offering guarantees. © Cyveillance, Inc. 2014 Cyveillance Confidential 10 What Does Monitoring Allow You to See? Exam Prep Material that may contain actual exam content, including potentially rogue mobile applications. © Cyveillance, Inc. 2014 Cyveillance Confidential 11 What Does Monitoring Allow You to See? Official test prep material put out by your organization that may not be eligible for third party distribution (Copyright Infringements). © Cyveillance, Inc. 2014 Cyveillance Confidential 12 What Does Monitoring Allow You to See? In some instances you may even find actual live test content or images taken during admins. © Cyveillance, Inc. 2014 Cyveillance Confidential 13 Can I handle the load? Incident volume is dependent upon multiple factors. • • • • Frequency of exam administrations Geographic reach of the exam Popularity of the exam Age and reach of your audience © Cyveillance, Inc. 2014 Cyveillance Confidential 14 What else can be done? Augment monitoring with other deterrents. • Educate test takers on the importance of the integrity of the exam • Work closely with third party test administrators (Pearson Vue, ETS, Prometric etc.) to ensure that proper security protocols are being met and followed • Prepare for breaches…they will happen • Ensure that your exam security departments work closely with your psychometricians and test content developers so you can identify compromised content efficiently © Cyveillance, Inc. 2014 Cyveillance Confidential 15 Q&A, Contact Information Richard Whitman rwhitman@cyveillance.com 703.351.1000 (Main Office) www.cyveillance.com https://blog.cyveillance.com/ http://www.linkedin.com/company/cyveillance https://twitter.com/Cyveillance http://www.brighttalk.com/channel/9865 © Cyveillance, Inc. 2014 Cyveillance Confidential