Upload
jacqueline-fick
View
55
Download
0
Embed Size (px)
Citation preview
Understanding and preventing cyber crime and its impact on your organisation
Adv Jacqueline FickPwC
16 November 2010
www.pwc.com
PwC
Contents
1.Understanding the origins and characteristics of South Africa’s most prevalent cyber crime categories.
2.Exploring the five pillars of information assurance and the Electronic Communications and Transactions Act, 2002.
3.Defining and implementing a defence-in-depth strategy in your organisation.
4.The layered defence approach for dealing with cyber crime in your organisation.
5.The value of good information governance.
Understanding and preventing cybercrime and its impact on your organisation
2
16 November 2010
PwC
Understanding the origins and characteristics of South Africa’s most prevalent cyber crime categories
Cyber crime defined
• “…computer crime encompasses the use of a computer as a tool in theperpetration of a crime, as well as situations in which there has beenunauthorised access to the victim’s computer, or data. Computercrime also extends to physical attacks on the computer and/or relatedequipment as well as illegal use of credit cards and violations ofautomated teller machines, including electronic fund transfer theftsand the counterfeit of hardware and software.” (Credo and Michels)
• …computer crime covers all sets of circumstances where electronicdata processing forms the means for the commission and/or theobject of an offence and represents the basis for the suspicion that anoffence has been committed.” (Van der Merwe)
Understanding and preventing cybercrime and its impact on your organisation
3
16 November 2010
PwC
Understanding the origins and characteristics of South Africa’s most prevalent cyber crime categories
Cyber crime defined (cont.)
• Move in South African law to the use of the term cyber crime whichis wide enough to encompass all illegal activities in respect ofcomputers, information networks and cyberspace.
• Watney uses the term cyber crime and defined it as all illegalactivities pertaining to a computer system, irrespective of whetherthe computer is the object of the crime or the instrument with whichthe crime is committed.
• Can be described as crimes that are related to a computer and crimescommitted using a computer e.g. hacking or where information abouta crime was stored on a computer.
• 'access' includes the actions of a person who, after taking note ofany data, becomes aware of the fact that he or she is not authorised toaccess that data and still continues to access that data (ECT Act).
Understanding and preventing cybercrime and its impact on your organisation
4
16 November 2010
PwC
Understanding the origins and characteristics of South Africa’s most prevalent cyber crime categories
Types of cyber crime in South Africa
• Unauthorised access (s86(1))
• Unauthorised modification of data and various forms of malicious code (s86(2))
• Denial of service attacks (S86(5))
• Devices used to gain unauthorised access to data (s86(4))
• Computer-related extortion, fraud and forgery (s87)
• Child pornography, cyber obscenity and cyber stalking
• Copyright infringement
• Industrial espionage
• Piracy
• Online gamblingUnderstanding and preventing cybercrime and its impact on your organisation
5
16 November 2010
PwC
Understanding the origins and characteristics of South Africa’s most prevalent cyber crime categories
What statistics show
RSA Online Fraud Reports show that South Africa does not fall withinthe top ten countries hosting phishing attacks, but features high on thelist of top ten countries by attack volume:
• In August 2010 South Africa endured 9 % of the world’s phishingattacks by volume.
• In September 2010 attacks by volume increased to 20 %.
• In October 2010 attacks increased to 21 %.
Understanding and preventing cybercrime and its impact on your organisation
6
16 November 2010
PwC
What statistics show: Phishing attacks
Slide 7
Source: RSA Anti-Fraud Command Centre, RSA
Online Fraud Reports for August, September and
October 2010
August 2010 September 2010
October 2010
PwC
Understanding the origins and characteristics of South Africa’s most prevalent cyber crime categories
The world of cyber crime
• An underground cybercrime economy and cyber black market existswhere the cybercriminal can buy, sell, barter or trade criminal skills,tools and your private information, you can buy IDs, credit cardsbotnet kits.
• Cybercriminals are now less hackers and more like offline crimesyndicates, such as the Mafia or urban gangs.
• One can buy a keystroke logger for about $23 or pay $10 to havesomeone host a phishing scam, pick up a botnet for just $225, or get atool that exploits a vulnerability on a banking site for $740 to $3 000.(Cybercrime Exposed Marian Merritt)
• What happened in South Africa…
• “It’s grown to become a flourishing industry with internationalsyndicates, just like the Mafia” (Pres Jacob Zuma)
Understanding and preventing cybercrime and its impact on your organisation
8
16 November 2010
PwC
Information Assurance
Understanding and preventing cyber crime and its impact on your organisation
9
16 November 2010
PwC
Information Assurance
Definitions
• The practice of managing information-related risks.
• Seeks to protect and defend information and information systems byensuring confidentiality, integrity, authentication, availability andnon-repudiation (five pillars of Information Assurance)(Wikipedia).
• The process of ensuring that the right users have access to the rightinformation at the right time.
• An umbrella concept bringing together issues of informationsecurity and dependability. It must always be borne in mind that“absolute security” is an unachievable goal.
• Information Assurance proposes providing organisations with anacceptable level of assurance that even when there are attempts tointerfere with the security, availability and reliability of networksand systems, there will still be an acceptable level of functionality.
Understanding and preventing cybercrime and its impact on your organisation
10
16 November 2010
PwC
Information Assurance
Understanding and preventing cyber crime and its impact on your organisation
11
16 November 2010
Five pillars make up a specific information assurance strategy that ensures the highest level of success for organisation that applies it to their daily operations. Information Assurance focuses on:
• Access controls (physical and logical)
• Individual Accountability
• Audit trails
INFORMATION ASSURANCE
AU
TH
EN
TIC
ITY
NO
N-R
EP
UD
IAT
ION
CO
NF
IDE
NT
IAL
ITY
AV
AIL
AB
ILIT
Y
INT
EG
RIT
Y
PwC
Information Assurance
Defence in Depth strategy
Strategy that can be implemented to achieve Information Assurance in today’s highly networked environments (NSA). Also defined as systematic security management of people, processes and technologies in a holistic risk-management approach (TISN):
• “Best practices” strategy in that it relies on the intelligent application of techniques and technologies.
• Based on balancing protection capability and cost, performance and operational considerations.
• Delivers:
- Effective risk-based decisions;
- Enhanced operational effectiveness;
- Reduced overall cost and risk; and
- Improved information security.Understanding and preventing cybercrime and its impact on your organisation
12
16 November 2010
PwC
Information Assurance
Threats
To protect an organisations’ information and information systems against cyber attacks, it is necessary to determine who the enemy is, why they would want to launch an attack and how they would attack the organisation. Threats can be internal and external and can be as a result of intentional and unintentional actions.
Understanding and preventing cybercrime and its impact on your organisation
13
16 November 2010
People Trading Partners
Disgruntled employees
Financially troubled employees
Corporate espionage
Uneducated/uninformed users
Business partners with poor data
security
Physical access to shared systems
Misunderstanding of allowed access
Competitive environment
External Threats Technological Innovation
Hackers
Organised crime
Changes in regulatory framework
Faster networks
More storage in smaller devices
Technological convergence
Increasingly mobile workforce
PwC
Information Assurance
Understanding and preventing cybercrime and its impact on your organisation
14
16 November 2010
Achieving Information Assurance requires a balanced focus on:
• People
• Processes
• Technology
• Governance
INFORMATION ASSURANCE
PEOPLEPROCESSES/
OPERATIONSTECHNOLOGY
DEFENCE IN DEPTH STRATEGY
GOVERNANCE
PwC
Information Assurance
Implementing a Defence in Depth strategy
• Requires a shift in paradigm: IT security/Information Assurance cannot be viewed as stand-alone issues, but must become part of business planning, overall strategy, governance and operations.
• Reasons for implementing strategy:
- Expanding organisational boundaries.
- Mobile workforce.
- Decentralisation of services.
- Increasing value of information.
Understanding and preventing cybercrime and its impact on your organisation
15
16 November 2010
PwC
Information Assurance
Layered defence/controls
• The most effective way to secure information within modern day parameters would be through implementing different layers of control as part of Defence in Depth strategy (Murali 2007). Controls include both technical and process control mechanisms.
Understanding and preventing cybercrime and its impact on your organisation
16
16 November 2010
Physical Security
OS Security
Network Security
Database Security
Application Security
User Security
INFORMATION
Physical Security
OS Security
Network Security
Database Security
Application Security
User Security
INFORMATION
PwC
Information Assurance
Practical guidelines for maintaining and improving on the strategy
• Know and understand your organisation.
• Define security roles and responsibilities: security is everyone’s concern but assign ownership to specific individuals with the necessary levels of authority and accountability.
• Adopt appropriate policies and procedures and update regularly.
• Continuous auditing and assessment of process.
• Stay up to date.
• Effective public private partnerships.
Understanding and preventing cybercrime and its impact on your organisation
17
16 November 2010
PwC
Information Governance
Understanding and preventing cyber crime and its impact on your organisation
18
16 November 2010
PwC
Information Governance
Information Governance defined
• King III: … an emerging discipline with an evolving definition.
• Wikipedia: … a set of multi-disciplinary structures, policies,procedures, processes and controls implemented to manageinformation on all media in such a way that it supports theorganisations immediate and future regulatory, legal, risk,environmental and operational requirements.
• …an enterprise-wide strategy and framework that establishes thepolicies, responsibilities and decision-making processes controllingthe use of information owned, or accessed by a business. The goalshould be to balance risk avoidance, cost reduction and increasedbusiness value. Information Governance should also be structuredin such a way as to easily adapt to organisational demands, changesin technology and be flexible to provide for new information.
Understanding and preventing cybercrime and its impact on your organisation
19
16 November 2010
PwC
Information Governance
Importance of Information Governance
• IT is the foundation on which we operate our businesses.
• Information is fast becoming the most valuable asset an organisationhas.
• Value of information has also led to businesses focusing more on theinformation or data they host, process or use than on the technologyemployed to perform these functions.
• Need for risk management
• IT risk environment is influenced by both internal and externalfactors and measures must be put in place to ensure the protection,confidentiality, availability and authenticity of information, to governthe use of external service providers to host/process data, to regulatethe access to company networks from remote locations and to besensitive to the threat of cyber attacks.
Understanding and preventing cybercrime and its impact on your organisation
20
16 November 2010
PwC
Closing remarks
• Effectively and efficiently addressing cyber crime requires a shift inparadigm.
• Protect information as a valuable asset.
• Pro-active vs re-active approach: prevention is better thanprosecution.
• Don’t just throw money at IT.
• Understand your organisation, your data and the value of IT.
• Have appropriate policies and enforcement monitoring in place.
• Value of intelligence and integrated systems in the prevention ofcyber crime.
• Commitment from senior management (Board).
Understanding and preventing cybercrime and its impact on your organisation
21
16 November 2010
It is widely accepted that in today’s technology-driven environment, information is worth a king’s ransom;
successful businesses know how to protect and capitalise on it. Information is fast becoming the biggest contributor
to the bottom-line and an asset that should be jealously guarded with the same vigour as financial assets. The best
of the best employ information technology (IT) and information resources to create competitive advantage and
ensure the good governance thereof.
Thank you
This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon
the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to
the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers Inc, its
members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or
refraining to act, in reliance on the information contained in this publication or for any decision based on it.
© 2010 PricewaterhouseCoopers (“PwC”), a South African firm, PwC is part of the PricewaterhouseCoopers International Limited (“PwCIL”) network that
consists of separate and independent legal entities that do not act as agents of PwCIL or any other member firm, nor is PwCIL or the separate firms
responsible or liable for the acts or omissions of each other in any way. No portion of this document may be reproduced by any process without the written
permission of PwC.