Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security in Emerging Markets © 2012 Imperva, Inc. All rights reserved. Haiko Wolberink – Regional Director.

Published byKathryn Wilkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Cyber Security in Emerging Markets © 2012 Imperva, Inc. All rights reserved. Haiko Wolberink – Regional Director."— Presentation transcript:

1 Cyber Security in Emerging Markets © 2012 Imperva, Inc. All rights reserved. Haiko Wolberink – Regional Director

2 © 2012 Imperva, Inc. All rights reserved. About Imperva  Founded in 2003 + Active in Africa since 2009 + 500 employees  2500+ customers worldwide + 50+ customers in Africa  Dedicated to monitor and protect + Users – external and internal + Data – Databases, Files + Datacenter Applications – Web, ERP etc.  100% Complementary to Network Firewall and Anti-Virus CONFIDENTIAL 2

3 © 2012 Imperva, Inc. All rights reserved. External Risks Wide Variety: + Website –DDoS and Defacement –SQL injection / Hacking –XSS attacks + Identity Theft + Credit Card fraud + Client attacks –Phishing, Spearphising –Malware injection 3 Cyber Attacks – an overview (1/2)

4 © 2012 Imperva, Inc. All rights reserved. Insider Threat: A 3 rd party who gains access and acquires intellectual property/data in excess via client infection. The client, often employees in government, military or private industry, are unknowing accomplices and have no malicious motivation. 4 Cyber Attacks – an overview (1/2) Internal Risks

5 © 2012 Imperva, Inc. All rights reserved. 5 Cyber Security different in Emerging Markets? 5 Fraud Africa has an ‘internet population’ of 167m / 15% penetration 7% of internet fraud origins from Africa (Nigeria, Ghana) Technical Attacks Due to the infrastructural challenges in Africa there is a relatively low number of technical attacks 167m African internet users (Q2’12)

6 © 2012 Imperva, Inc. All rights reserved. Relatively low does’t mean it doesn’t happen... CONFIDENTI AL 6

7 © 2012 Imperva, Inc. All rights reserved. 7 Reasons for the high fraud percentage 7 Lack of Legislation Limited legal framework for (international) investigation and prosecution Lack of security awarenes Financially motivated people $245m was lost in banking cyber fraud in Kenya, Ruanda, Uganda, Tanzania and Zambia alone E-waste Lots of Personal Identifyable information on old computers

8 © 2012 Imperva, Inc. All rights reserved. 8 Does this make Africa a Cyber Crime safe haven? 8 African initiatives East African Cyber Security Management Taskforce Local Computer Emergency and Response Teams (CERT) in Kenya, South Africa, Nigeria etc. West African Cyber Crime Summit International co-operation with law enforcement and policy makers: Interpol, European Union, ECOWAS Example Nigeria 419-scam made Nigeria more famous than the national soccer team Nigerian Cybercrime Working Group Computer Crime Prosecution Unit

9 © 2012 Imperva, Inc. All rights reserved. International Journal of Cyber Criminology study Cyber Attacks and defense strategies in India – 2013 study The potential threat to secure enormous volumes of data with a varied community of cyber criminals is a challenge in the current digital era In detail – banks in India “SQLinjection and Brute Force attacks are the preferred way to attack organisations” 62% of all attacks based on SQLinjection 80% of indetity deception used to access DB 86% of all Indian banks have licensed Anti Virus

10 © 2012 Imperva, Inc. All rights reserved. Who Does the Hacking? Governments - Stealing Intellectual Property (IP) and raw data, as well as, espionage. - Motivated by politics and nationalism. Private hackers - Stealing IP and data. - Motivated by profit. Hacktivists - Exposing IP and data, but also compromising infrastructure. - Motivated by almost anything - have attacked, nations, people, religion, commerce, etc… 10

11 © 2012 Imperva, Inc. All rights reserved. Multimillion dollar datacenter 11 Where Do They Attack? Desktop and the user Well protected Not well protected Both access the same data

12 © 2012 Imperva, Inc. All rights reserved. #1 How Does It work?

13 © 2012 Imperva, Inc. All rights reserved. Social Network LinkedIn offers a comprehensive “advanced” search modus of 225 million users. - search for job title - search for company name - search for country - etc 13 With LinkedIn, Targeted Cyber Attacks are easy LinkedIn

14 © 2012 Imperva, Inc. All rights reserved. 14 With LinkedIn, Targeted Cyber Attacks are easy

15 © 2012 Imperva, Inc. All rights reserved. 15 Industrialized Approach Specialized Frameworks and Hacking tools such as BlackHole 2.0 and others, allow easy setup for Host Hijacking and Phishing. How easy is it ? For 700 USD, A 3 Month license for BlackHole available online. Includes support!

16 © 2012 Imperva, Inc. All rights reserved. 16 Is This Real ? Recent “iPhone 5 Images Leak” was a Trojan Download Drive-By.

17 © 2012 Imperva, Inc. All rights reserved. 17 Is This Real ? “Once compromised, keyloggers and RATs installed on the financial institution employee's computer provided the criminals with "complete access“. “Unauthorized transactions were preceded by unauthorized logins that occurred outside of normal business hours” "The DDoS attacks were likely used as a distraction” “Once compromised, keyloggers and RATs installed on the financial institution employee's computer provided the criminals with "complete access“. “Unauthorized transactions were preceded by unauthorized logins that occurred outside of normal business hours” "The DDoS attacks were likely used as a distraction” Sep 24 th 2012, FBI Issued a warning of Targeted Scams

18 © 2012 Imperva, Inc. All rights reserved.  12 pre-paid bank cards  10 hours  36.000 ATM transaction What happened?  Hack in card issuers Databases and increased balance and limits  Create and distribute cloned bank cards in 27 countries 18 This is real : Digital bank robbery - $40m

19 © 2012 Imperva, Inc. All rights reserved. 19 The Bad news is: This is Old News....

20 © 2012 Imperva, Inc. All rights reserved. #2 But Antivirus Will Stop It!

21 © 2012 Imperva, Inc. All rights reserved. “Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn’t. We were out of our league, in our own game.” Source: http://www.wired.com/threatlevel/2012/06/internet-security-fail/http://www.wired.com/threatlevel/2012/06/internet-security-fail/

22 © 2012 Imperva, Inc. All rights reserved. The Hackers View An entire industry exists to bypass antivirus. Today, antivirus stops between 6-27% of viruses. Source: http://adamonsecurity.com/?p=323

23 © 2012 Imperva, Inc. All rights reserved. 23 Protect and Monitor the Cheese Problem: Most organizations chase the mice and don’t focus enough on protecting the cheese. Much of security budgets spent on: Malware detection Virus prevention Front-line/end-user defenses must be 100% accurate, since if only 1 mouse gets past them the cheese is gone.

24 © 2012 Imperva, Inc. All rights reserved. #3 What Will Stop Hackers?

25 © 2012 Imperva, Inc. All rights reserved.  Classify Sensitive Information + Identifying the information within the corporate databases and file servers allows understanding of risk and severity of data access.  Persistent Security Policy + A good security policy will allow you to put compensating controls in place while not disrupting business needs and maintaining security.  User Rights + Map your user’s rights. Understand who has access to what and why, are there dormant accounts ?  Analyze, Alert and Audit on Activity + By keeping track over access and access patters, it becomes very easy to understand who accessed your data, what was accessed and why. 25 Hackers Steal Data: Know What Users Do With Data

26 © 2012 Imperva, Inc. All rights reserved.  What: Weirdness probably means trouble.  How + Profile normal, acceptable usage and access to sensitive items by –Volume –Access speed –Privilege level + Put in place monitoring or “cameras in the vault.” 26 Look for Unusual Behavior

27 © 2012 Imperva, Inc. All rights reserved. 27 Protect your data, not just your network  Check the entry method. Legitimate individuals should, typically, access data through a main door.  Monitor the activity of the individuals. If employees have been granted miscellaneous access permissions, you should monitor what they are doing. Malware from spear phishing typically causes unusual behavior  Monitor the activity of privileged users. Database controls should track the activity of the privileged users and monitor what are these privileged users accessing.

28 © 2012 Imperva, Inc. All rights reserved.  Cybercrime challenges are globally the same  Africa needs more legislation and prosecution capabilities + Only 5 African countries have laws passed  Cybercrime is an international issue + Work closely together with international law enforcement peers + Learn from western law enforcement and legislation  Cybercrime is a cat-and-mouse game + Protect the cheese + Does your auditing and security focus represent this? With only 15% of all Africans connected on the Internet expect African Cybercrime to double in the next few years 28 Summary

29 © 2012 Imperva, Inc. All rights reserved. Questions

Download ppt "Cyber Security in Emerging Markets © 2012 Imperva, Inc. All rights reserved. Haiko Wolberink – Regional Director."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.

Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
Geneva, Switzerland, 15-16 September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Similar presentations

Ads by Google