the integritas system to enforce integrity in academic environments prof basie von solms mr jaco du...

20
The Integritas System to enforce Integrity in Ac ademic Environments Prof Basie von Solm s Mr Jaco du Toit Prof Basie Von Solms Academy for IT University of Johannesburg [email protected] A Cyber Security Culture in Southern Africa

Upload: francesca-tansley

Post on 14-Dec-2015

217 views

Category:

Documents


2 download

TRANSCRIPT

The Integritas System to enforce Integrity in Academic Environments

Prof Basie von Solms

Mr Jaco du Toit

Prof Basie Von SolmsAcademy for ITUniversity of [email protected]

A Cyber Security Culturein

Southern Africa

The Growing use of the Internet

• more and more web based systems rolled out

• e-everything

• the web user became the target

• much easier to compromise the end user than hack into the company’s systems

• Information (Cyber) Security has to concentrate much more on the end (web) user providing ways to protect this end user

• Let us investigate some recent statistics concerning cyber incidents

The Growing Cyber risk to the user

The Symantec Internet Security Threat Report (Symantec, April 2011) • Symantec recorded nearly 3 billion malware attacks in 2010• 93% increase in Web attacks• 260 000 Identities on average exposed per breach• 42% more mobile vulnerabilities• Rustock, the largest botnet had well over one million bots under its control• 10 000 could be rented for US$ 15 for Denial of Service attacks The report also states : ‘The ability to research targets online has enabled hackers to create powerful social engineering attacks that easily fool even sophisticated users.’ 'A well-executed social engineering attack has become almost impossible to spot.’

The Sophos Security Threat Report 2009

• 23 500 infected websites are discovered every day. That’s one every 3.6 seconds • 15 new bogus anti-virus vendor websites are discovered every day. • 89.7 % of all business email is spam

The report further makes the following very worrying statement:

‘The vast majority of infected websites are in fact legitimate sites that have been hacked to carry malicious code. Users visiting the websites may be infected by simply visiting affected websites, … The scope of these attacks cannot be underestimated, since all types of sites – from government departments and educational establishments to embassies and political parties … - have been targeted.’

"The Internet is the crime scene of the 21st Century," (Wall Street Journal, 2010a)

The CISCO White Paper, 2009

‘Internet users are under attack. Organized criminals methodically and invisibly exploit vulnerabilities in websites and browsers and infect computers, stealing valuable information (login credentials, credit card numbers and intellectual property) and turning both corporate and consumer networks into unwilling participants in propagating spam and malware’

CISCO Annual Security Report 2009

‘as more individuals worldwide gain Internet access through mobile phones, Cyber criminals will have millions of inexperienced users to dupe with unsophisticated or well-worn scamming techniques that more savvy users grew wise to (or fell victim to) ages ago.’

Cyber Security Public Awareness Act, US, 2011

The damage caused by malicious activity in cyberspace is enormous and unrelenting. Every year, cyber attacks inflict vast damage on our Nation's consumers, businesses, and government agencies. This constant cyber assault has resulted in the theft of millions of Americans' identities; exfiltration of billions of dollars of intellectual property; loss of countless American jobs; vulnerability of critical infrastructure to sabotage; and intrusions into sensitive government networks.

Many countermeasures do exist, but one of the most important ones is to create a Culture of Cyber Security Awareness

• Essential to ensure that all users must be made aware of inherent risks involved when venturing into cyber space.

• Core to such awareness is the challenge to create a national culture of Cyber Security Awareness in SA.

Establish a Culture of Cyber Security

The International Telecommunications Union (ITU) is presently working on a toolkit to help to establish such a culture. The final product is not yet available, but some draft ideas are .

The following initiatives are suggested by this draft document

• Implement a cyber-security plan for government-operated systems• Implement security awareness programs and initiatives for users of systems and

networks• Encourage the development of a culture of security in business enterprises• Support outreach to civil society with special attention to the needs of children and

individual users• Promote a comprehensive national awareness program so that all participants –

businesses, the general public workforce and the general population – secure their own parts of cyber space

• Enhance Science and Technology (S&T) and Research and Development (R&D) activities

• Develop awareness of cyber risks and available results.

Establish a Culture of Cyber Security

The First Southern African Cyber Security Awareness Workshop (SACSAW 2011) is specifically adding value in establishing such a Culture of Cyber Security in the following areas suggested by the ITU

The International Telecommunications Union (ITU)

• Implement security awareness programs and initiatives for users of systems and networks

• Support outreach to civil society with special attention to the needs of children and individual users

• Promote a comprehensive national awareness program so that all participants – businesses, the general public workforce and the general population – secure their own parts of cyber space

• Enhance Science and Technology (S&T) and Research and Development (R&D) activities

Establish a Culture of Cyber Security

Establish a Culture of Cyber Security

This value added by SACSAW 2011 is not in the form of esoteric academic efforts, but in terms of real life, immediately usable projects and examples which can be rolled out in any country

Ladies and Gentlemen

Enjoy this special Workshop and ensure that you become part of rolling out such a Culture of Cyber Security in yourcountry, province and working environment.

Thanks