Upload
majaliwa-emmanuel-mkinga
View
221
Download
0
Embed Size (px)
Citation preview
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
1/54
1
E-Security and the Evolution
of Crime in a Networked
Africa7th IWG Meeting of the
East African Community Secretariat
Kampala, Uganda April 24-29, 2006
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
2/54
2
According to an FBI study,90% of US companies
suffered a cyber securityincident in 2005
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
3/54
3
The FBI estimates thatcyber crime cost US
companies an average of$24,000 last year, down
from $56,000 in 2004
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
4/54
4
However, they alsoestimate that the total
cost of cyber crime to theUS was over $400 billion
in 2005 alone
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
5/54
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
6/54
6
The Internet (ARPANET), wasstarted in 60s, established its
first connection in 69, wasspread across the US by 71,and reached Europe by 73
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
7/54
7
ARPANETs Legacy
It all starts with a handshake
Transmission Control Protocol (TCP) &
Internet Protocol (IP)
Well designed with many different
paths to a destination, where routers
constantly monitor the integrity and
select the best path, making it robust
in the face of severe physical damage
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
8/54
8
Despite its apparent gooddesign, the Internet was not
originally conceived withinternal security in mind,making it vulnerable to cyber
attacks
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
9/54
9
Network Traffic
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
10/54
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
11/54
11
Criminal acts using computersand networks as tools or
targets
Traditional crimes conducted
through the use of computers
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
12/54
12
Modern Computer Crimes
Can be based on malicious code such as a virus,
email virus, worm or Trojan horse.
a.k.a. Passive Attacks
Or actively perpetrated by
knowledgeable individuals,
who attempt to exploit network,
computer, and software flaws a.k.a. Active Attacks
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
13/54
13
Traditional Crimes
Pre-existing crimes facilitated by the
Internet or those which have found new
life on the Internet
Theft, theft of information,
financial crimes, fraud, copyright
infringement, child pornography, scams,
harassment, and terrorism
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
14/54
14
A Brief Word On Phishing
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
15/54
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
16/54
16
FIRST
We are faced with weak
underlying technology andinherently vulnerable
software
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
17/54
17
Also improperly configuredInternet servers, firewalls and
routers, and relying primarilyon firewalls for protection
without intrusion detection and
prevention systems
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
18/54
18
SECOND
Issues such as users
anonymity coupled withuninformed, misguided, andmalicious users contribute to
the problem
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
19/54
19
FINALLY
Weak or non-existent legal,
regulatory, and policyenvironments limit manycountries ability to tackle
cyber crimes
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
20/54
20
CYBERCRIMINALS
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
21/54
21
Cyber criminals come inmany forms. Most harmful
can be malicious insiders,and disgruntled or
uninformed employees
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
22/54
22
The Internet has its share ofprofessional criminals like
hackers, organized crime andpedophiles, who make a living
off of their well honed skills
and criminal endeavours
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
23/54
23
Competing businesses,governments and
terrorists will also turn tothe internet to undermine
the competition or
further their cause
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
24/54
24
IS AFRICA A TARGET?
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
25/54
25
Ongoing analysis by leadingsecurity firms Symantec and
McAfee, indicate that Africa isNOT a major source or target
of cyber attacks
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
26/54
26
Limited connectivity, fewappealing targets and a small
number of users, are factorsthat currently shield potentialAfrican targets from most
attacks
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
27/54
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
28/54
28
A shift from active topassive attacks will
probably accelerate theproblem, negating anyprotection limited
connectivity provides
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
29/54
29
CAN ANYTHING BEDONE?
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
30/54
30
There is no one solution, be ittechnological or otherwise, to
address cyber crime. It existsfor a multitude of reasons andrequires a multifaceted
approach to combat
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
31/54
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
32/54
32
A significant number ofsecurity breaches are in part
caused by human actions,whether intentional or
otherwise
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
33/54
33
Examples include:
Use of weak passwords
Divulging passwordsUse of unauthorised softwareOpening of unknown email
Unauthorised use of network
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
34/54
34
Breaches are not limited tonovice or inexperienced
users. Incidents have beencaused by network
administrators
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
35/54
35
Outlining acceptable networkuse, authorised software,
along with awarenesscampaigns and training, canhelp mitigate against human
errors
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
36/54
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
37/54
37
There is a panoply of securitytools at your disposal. If used
properly they will shield yourorganization from manycommon cyber attacks
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
38/54
38
Security ranges from the basicslike limiting access to the
network, forcing users tochange passwords at regularintervals, to physically limiting
access to certain computers
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
39/54
39
A step up would involve virusscanners that inspect
incoming files for viruses, tofirewalls, which limitincoming and outgoing
network traffic
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
40/54
40
To sophisticated tools likeintrusion detection systems,
which constantly analyze networktraffic and send out alerts or shutoff access in the event of
anomalies
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
41/54
41
If information must be sentover the Internet, encryption
technology can shieldsensitive data when it must
be transmitted
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
42/54
42
POLICY FACTORS
Ensure laws, regulations and
policies provide the necessarysupport and focus that cancomplement cyber security
endeavours
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
43/54
43
It must also ensure that
countries are able toinvestigate, arrest andprosecute cyber criminals
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
44/54
44
A strong legal frameworksends a message that cyber
crime will be dealt withseriously and that limits ononline conduct will be
imposed
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
45/54
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
46/54
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
47/54
47
A FEWWORDS ABOUTSECURITYPOLICIES
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
48/54
48
INDUSTRYPOLICIES
Should address acceptable
usage, minimum securitystandards, and commitments by
organisation to educate and
support users
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
49/54
49
GOVERNMENTPOLICIES
Identify short and mid term
security objectives, support tokey players, investments in
security technology and training,
and awareness initiatives
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
50/54
50
WHAT ARE AFRICAS CYBERSECURITYPRIORITIES
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
51/54
51
Raise awareness of the growingproblem of cyber crime, which
must be addressed with aconcerted effort by all, byhighlighting the consequences
of poor information security
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
52/54
52
Undertake the necessarylegislative and regulatory
initiatives to criminalize most
cyber crime, and ensure thatkey players such as law
enforcement are trained to
investigate cyber attacks
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
53/54
53
FINAL COMMENTS
8/6/2019 E-Security and Evoulrion of Crime in a Network Afica by Mike
54/54