1

E-Security

2

According to an FBI study, 90% of US

companies suffered a cyber security

incident in 2005

3

The FBI estimates that cyber crime cost US

companies an average of $24,000 last year,

down from $56,000 in 2004

4

However, they also estimate that the total cost of cyber

crime to the US was over $400 billion in

2005 alone

5

THE INTERNET

6

The Internet (ARPANET), was started in ’60s, established its first

connection in ’69, was spread across the US by ’71, and reached Europe

by ’73

7

ARPANET’s Legacy

• It all starts with a handshake– Transmission Control Protocol

(TCP) & Internet Protocol (IP)

• Well designed with many different paths to a destination, where routers constantly monitor the integrity and select the best path, making it robust in the face of severe physical damage

8

Despite its apparent good design, the Internet was not

originally conceived with internal security in

mind, making it vulnerable to cyber

attacks

9

Network Traffic

10

CYBER CRIME

11

“Criminal acts using computers and networks

as tools or targets”

“Traditional crimes conducted through the

use of computers”

12

Modern Computer Crimes

• Can be based on malicious code such as a virus, email virus, worm or Trojan horse.– a.k.a. Passive Attacks

• Or actively perpetrated by

knowledgeable individuals,

who attempt to exploit network,

computer, and software flaws– a.k.a. Active Attacks

13

Traditional Crimes• Pre-existing crimes facilitated by

the Internet or those which have found newlife on the Internet

– Theft, theft of information,financial crimes, fraud, copyrightinfringement, child pornography, scams, harassment, and terrorism

14

A Brief Word On “Phishing”

15

WHAT ARE WE UP AGAINST?

16

FIRST

We are faced with weak underlying technology

and inherently vulnerable software

17

Also improperly configured Internet

servers, firewalls and routers, and relying

primarily on firewalls for protection without

intrusion detection and prevention systems

18

SECOND

Issues such as users anonymity coupled with uninformed, misguided,

and malicious users contribute to the

problem

19

FINALLY

Weak or non-existent legal, regulatory, and

policy environments limit many countries’ ability to

tackle cyber crimes

20

CYBER CRIMINALS

21

Cyber criminals come in many forms. Most

harmful can be malicious insiders, and

disgruntled or uninformed employees

22

The Internet has its share of professional criminals like hackers, organized crime and pedophiles,

who make a living off of their well honed skills and

criminal endeavours

23

Competing businesses,

governments and terrorists will also

turn to the internet to undermine the

“competition” or further their cause

24

CAN ANYTHING BE DONE?

25

There is no one solution, be it technological or otherwise, to address

cyber crime. It exists for a multitude of reasons and requires a multifaceted

approach to combat

26

HUMAN FACTORS

Industry, government and educators must first

address human behaviour that allows cyber crime to thrive and/or undermine

security efforts

27

A significant number of security breaches are in part caused by human

actions, whether intentional or otherwise

28

Examples include:Use of weak passwords

Divulging passwordsUse of unauthorised software

Opening of unknown emailUnauthorised use of network

29

Breaches are not limited to novice or

inexperienced users. Incidents have been caused by network

administrators

30

Outlining acceptable network use, authorised

software, along with awareness campaigns and training, can help

mitigate against human errors

31

TECHNOLOGY FACTORS

Technology plays a key role in securing

computers and networks, but only if properly

deployed and maintained

32

There is a panoply of security tools at your

disposal. If used properly they will shield your

organization from many common cyber attacks

33

Security ranges from the basics like limiting access

to the network, forcing users to change

passwords at regular intervals, to physically

limiting access to certain computers

34

A step up would involve virus scanners that

inspect incoming files for viruses, to firewalls,

which limit incoming and outgoing network traffic

35

To sophisticated tools like intrusion detection systems,

which constantly analyze network traffic and send out alerts or shut off access in

the event of anomalies

36

If information must be sent over the Internet, encryption technology

can shield sensitive data when it must be

transmitted

37

POLICY FACTORS

Ensure laws, regulations and policies provide the necessary

support and focus that can complement cyber security

endeavours

38

It must also ensure that countries are able to

investigate, arrest and prosecute cyber

criminals

39

A strong legal framework sends a message that cyber

crime will be dealt with seriously and that limits on online conduct will be

imposed

40

A well articulated regulatory scheme will ensure that key players

such as TSPs, government and industry understand their roles in ensuring a

secure environment

41

Well articulated policies that outline the roles, responsibilities and

commitments of users, TSP and governments will

bring all this together

42

A FEW WORDS ABOUT SECURITY POLICIES

43

INDUSTRY POLICIES

Should address acceptable usage, minimum security

standards, and commitments by

organisation to educate and support users

44

GOVERNMENT POLICIES

Identify short and mid term security objectives, support to key players, investments in security technology and training, and awareness

initiatives