The Integritas System to enforce Integrity in Academic Environments Prof Basie von Solms Mr Jaco du Toit Prof Basie Von Solms Academy for IT University of Johannesburg A Cyber Security Culture in Southern Africa

The Growing use of the Internet more and more web based systems rolled out e-everything the web user became the target much easier to compromise the end user than hack into the company’s systems

Information (Cyber) Security has to concentrate much more on the end (web) user providing ways to protect this end user Let us investigate some recent statistics concerning cyber incidents The Growing Cyber risk to the user

The Symantec Internet Security Threat Report (Symantec, April 2011) Symantec recorded nearly 3 billion malware attacks in % increase in Web attacks Identities on average exposed per breach 42% more mobile vulnerabilities Rustock, the largest botnet had well over one million bots under its control could be rented for US$ 15 for Denial of Service attacks The report also states : ‘The ability to research targets online has enabled hackers to create powerful social engineering attacks that easily fool even sophisticated users.’ 'A well-executed social engineering attack has become almost impossible to spot.’

The Sophos Security Threat Report infected websites are discovered every day. That’s one every 3.6 seconds 15 new bogus anti-virus vendor websites are discovered every day % of all business is spam The report further makes the following very worrying statement: ‘The vast majority of infected websites are in fact legitimate sites that have been hacked to carry malicious code. Users visiting the websites may be infected by simply visiting affected websites, … The scope of these attacks cannot be underestimated, since all types of sites – from government departments and educational establishments to embassies and political parties … - have been targeted.’

"The Internet is the crime scene of the 21st Century," (Wall Street Journal, 2010a)

The CISCO White Paper, 2009 ‘Internet users are under attack. Organized criminals methodically and invisibly exploit vulnerabilities in websites and browsers and infect computers, stealing valuable information (login credentials, credit card numbers and intellectual property) and turning both corporate and consumer networks into unwilling participants in propagating spam and malware’

CISCO Annual Security Report 2009 ‘as more individuals worldwide gain Internet access through mobile phones, Cyber criminals will have millions of inexperienced users to dupe with unsophisticated or well-worn scamming techniques that more savvy users grew wise to (or fell victim to) ages ago.’

Cyber Security Public Awareness Act, US, 2011 The damage caused by malicious activity in cyberspace is enormous and unrelenting. Every year, cyber attacks inflict vast damage on our Nation's consumers, businesses, and government agencies. This constant cyber assault has resulted in the theft of millions of Americans' identities; exfiltration of billions of dollars of intellectual property; loss of countless American jobs; vulnerability of critical infrastructure to sabotage; and intrusions into sensitive government networks.

Many countermeasures do exist, but one of the most important ones is to create a Culture of Cyber Security Awareness

From SA’s Draft National Cyber Security Policy

6. From SA’s Draft National Cyber Security Policy

Essential to ensure that all users must be made aware of inherent risks involved when venturing into cyber space. Core to such awareness is the challenge to create a national culture of Cyber Security Awareness in SA. Establish a Culture of Cyber Security

The International Telecommunications Union (ITU) is presently working on a toolkit to help to establish such a culture. The final product is not yet available, but some draft ideas are. The following initiatives are suggested by this draft document Implement a cyber-security plan for government-operated systems Implement security awareness programs and initiatives for users of systems and networks Encourage the development of a culture of security in business enterprises Support outreach to civil society with special attention to the needs of children and individual users Promote a comprehensive national awareness program so that all participants – businesses, the general public workforce and the general population – secure their own parts of cyber space Enhance Science and Technology (S&T) and Research and Development (R&D) activities Develop awareness of cyber risks and available results. Establish a Culture of Cyber Security

The First Southern African Cyber Security Awareness Workshop (SACSAW 2011) is specifically adding value in establishing such a Culture of Cyber Security in the following areas suggested by the ITU

The International Telecommunications Union (ITU) Implement security awareness programs and initiatives for users of systems and networks Support outreach to civil society with special attention to the needs of children and individual users Promote a comprehensive national awareness program so that all participants – businesses, the general public workforce and the general population – secure their own parts of cyber space Enhance Science and Technology (S&T) and Research and Development (R&D) activities Establish a Culture of Cyber Security

This value added by SACSAW 2011 is not in the form of esoteric academic efforts, but in terms of real life, immediately usable projects and examples which can be rolled out in any country

Ladies and Gentlemen Enjoy this special Workshop and ensure that you become part of rolling out such a Culture of Cyber Security in your country, province and working environment.

Thanks