Documente Academic
Documente Profesional
Documente Cultură
The FBI also estimates that cyber crime cost US companies an average of $24,000 last year, down from $56,000 in 2004
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
But, they estimate that the total cost of cyber crime to the US was over $400 billion in 2005 alone
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
THE INTERNET
The Internet (ARPANET), was started in 1960s, established its first connection in 1969, was spread across the US by 1971, and reached Europe by 1973
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
ARPANETs Legacy
Well designed with many different paths to a destination, where routers constantly monitor the integrity and select the best path, making it robust in the face of severe physical damage
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
Despite its apparent good design, the Internet was not originally conceived with internal security in mind, making it vulnerable to attacks
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
Network Traffic
10
CYBER CRIME
11
Criminal acts using computers and networks as tools or targets Traditional crimes conducted through the use of computers
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
12
Can be based on malicious code such as a virus, email virus, worm or Trojan horse.
a.k.a. Passive Attacks
Or actively perpetrated by knowledgeable individuals, who attempt to exploit network, computer, and software flaws
a.k.a. Active Attacks
13
Traditional Crimes
Pre-existing crimes that are facilitated by the Internet or ones that have found new life because the Internet has made them lucrative endeavours.
Theft, theft of information, financial crimes, fraud, copyright infringement, child pornography, scams, harassment, and terrorism
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
14
15
16
FIRST
We are faced with weak underlying technology and inherently vulnerable software
17
SECOND Issues such as users anonymity coupled with uninformed, misguided, and malicious users contribute to the problem
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
18
FINALLY
Weak or non-existent legal, regulatory, and policy environments limit many countries ability to tackle cyber crimes
19
CYBER CRIMINALS
20
Cyber criminals come in many forms. The most harmful can be malicious insiders, and disgruntled or uninformed employees
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
21
The Internet also has its share of professional criminals like hackers, organized crime and pedophiles, who make a living off of their well honed skills and criminal endeavours
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
22
Finally, competing business, governments and terrorists will also use the internet to improve their position or further their cause
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
23
IS AFRICA A TARGET?
24
Ongoing analysis by Symantec and McAfee indicate that Africa is not a major source or target of cyber attacks
25
Limited connectivity, few appealing targets and a small number of users, are factors that currently shield potential African targets from most attacks
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
26
As the African e-environment evolves, so to will its cyber crime environment Most likely for the worse
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
27
A shift from active to passive attacks will probably accelerate the problem, negating any protection limited connectivity provides
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
28
29
There is no one solution, be it technological or otherwise, to address cyber crime. It exists for a multitude of reasons and requires a multifaceted approach to combat
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
30
HUMAN FACTORS Industry, government and educators must first address human behaviour that allows cyber crime to thrive and/or undermine security efforts
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
31
A significant number of security breaches are in part caused by human actions, whether intentional or otherwise
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
32
Examples include:
Use of weak passwords Divulging passwords Use of unauthorised software Opening of unknown email Unauthorised use of network
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
33
Breaches are not limited to novice or inexperienced users. Incidents have been caused by network administrators
34
Outlining acceptable network use, authorised software, along with awareness campaigns and training, can help mitigate against human errors
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
35
TECHNOLOGY FACTORS
Technology plays a key role in securing computers and networks, but only if properly deployed and maintained
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
36
There are a panoply of security tools at your disposal. If used properly they will shield your organization from most attacks
37
Security ranges from the basics like limiting access to the network, forcing users to change passwords at regular intervals, to physically limiting access to certain computers
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
38
A step up would involve virus scanners that inspect incoming files for viruses, to firewalls, which limit incoming and outgoing network traffic
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
39
To sophisticated tools like intrusion detection systems, which constantly analyze network traffic and send out alerts or shut off access in the event of anomalies
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
40
If information must be sent over the Internet, encryption technology can shield sensitive data when it must be transmitted
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
41
POLICY FACTORS
Ensure laws, regulations and policies provide the necessary support and focus that can complement cyber security endeavours
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
42
A strong legal framework sends a message that cyber crime will be dealt with seriously and that limits on online conduct will be imposed.
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
43
It must also ensure that countries are able to investigate, arrest and prosecute cyber criminals
44
A well articulated regulatory scheme will ensure that key players such as TSPs, government and industry understand their roles in ensuring a secure environment
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
45
Well articulated policies that outline the roles, responsibilities and commitments of users, TSP and governments will bring all this together
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
46
47
INDUSTRY POLICIES
Should address acceptable usage, minimum security standards, and commitments by organisation to educate and support users
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
48
GOVERNMENT POLICIES
Identify short and mid term security objectives, support to key players, investments in security technology and training, and awareness initiatives
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA
49
FINAL COMMENTS
50
Michael Bitz
e-Security & Cyber Crime Consulting
Dar es Salaam, Tanzania michaelbitz@rogers.com (+255) 746 77 64 76
UNITED NATIONS ECONOMIC COMMISSION FOR AFRICA