Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa

3,435 views

Published on

Description of cyber crime threats facing the higher education environment in South Africa.

Published in: Education, Travel
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,435
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa

  1. 1. www.pwc.comCyber Crime 101: TheImpact of Cyber Crimeon Higher Education inSouth Africa Higher Education Conference 2011 5 September 2011 Adv Jacqueline Fick
  2. 2. AgendaMeet Jack le HackCyber crime definedThe online entrepreneurHow to protect dataImplementing a pro-active strategy in your organisationPractical guidelines and tipsClosing remarksCyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 2
  3. 3. Meet Jack le HackCyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 3
  4. 4. Meet Jack le HackThird year student : University of CyberfuciousPutting knowledge into practiceIt is Monday afternoon after a rough weekend for Jack. He is sure hefailed the test he wrote that morning as the beers he consumed madehim suffer from memory loss and he forgot to study. His finances arealso shot as he had to sponsor some of his friends for their socialactivities. To boot his professor also made some comments about thequality of his work which Jack felt was not appropriate. Jack alsoassists with some classes for first year students and realises that he stillhas to prepare for a lecture for the next day.He goes to the office that was assigned to him. He shares the office withone of the admin clerks of the faculty. When he walks past her desk, henotices that she did not log of her computer. Jack decides that it is timeto put his master plan into action...Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 4
  5. 5. Meet Jack le HackThird year student : University of CyberfuciousPutting knowledge into practice ...Jack has a fair knowledge of computers and has long since been toyingwith the idea of putting this knowledge to good use.He firstly uses the admin clerks’ mailbox to send the offendingprofessor a message, stating that his day will come and that he knowswhere he lives and has intimate knowledge of the professor’s family. Healso stated that a bomb will go off within the next week in theprofessor’s classroom.Secondly, he logs into the shared folders of the faculty where he knowsthe results of the test he wrote are kept. Jack decides that he certainlydeserves a better mark than he received that morning.Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 5
  6. 6. Meet Jack le HackThird year student : University of CyberfuciousPutting knowledge into practice ...When studying the test results, he sees that he was not the only one thatfailed. Jack realises that this could present an opportunity to deal withhis financial difficulties. He phones some of the other students andoffers a deal to them to change their marks for a small donation.A few days pass and Jack’s business kicks off beyond his ownexpectations. He is also approached by students that have financialdifficulties and cannot pay their class fees. With a little research andquestions posed in chat rooms, he acquires the necessary information tohack into the financial system of the university. He installs a key loggeron one of the financial clerk’s computer and so gains access to hispassword. He once again accesses the system from the admin clerk’scomputer.Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 6
  7. 7. Meet Jack le HackThird year student : University of CyberfuciousPutting knowledge into practice ...Jack is so impressed with his own efforts that he posts this informationon Facebook and Twitter and also uses Skype to tell his friends in theUK about his endeavours. Because his data bundle expired, he poststhis information from a computer connected to the university networkand also installed Skype on the computer. He did, however, removeSkype from the computer later.Life is good for our Jack le Hack.Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 7
  8. 8. Cyber crime definedCyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 8
  9. 9. Cyber crime defined• Move in South African law to the use of the term cyber crime which is wide enough to encompass all illegal activities in respect of computers, information networks and cyberspace.• Most important legislation is the Electronic Communications and Transactions Act 25 of 2002.• access includes the actions of a person who, after taking note of any data, becomes aware of the fact that he or she is not authorised to access that data and still continues to access that data. • data message means data generated, sent, received or stored by electronic means and includes- (a) voice, where the voice is used in an automated transaction; and (b) a stored record;Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 9
  10. 10. Cyber crime definedCommon types of cyber crime• Unauthorised access (s86(1))• Unauthorised modification of data and various forms of malicious code (s86(2))• Denial of Service Attacks (S86(5))• Devices used to gain unauthorised access to data (s86(4))• Child pornography, cyber obscenity and cyber stalking• Computer-related fraud• Copyright infringement• Industrial espionage• Piracy• Online gamblingCyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 10
  11. 11. Cyber crime definedCommon types of cyber crime (cont.)• For 15 consecutive months South Africa has been amongst the top three target countries in the world for mass phishing attacks.• Identity theft remains the most common type of cyber crime in South Africa.• “ Identity theft is a serious crime. It occurs when your personal information (name, social security number, date of birth, credit card number, or bank account number) is stolen and used without your knowledge to commit fraud or other crimes. Identity theft can cost you time and money. It can destroy your credit and ruin your good name.” USA Federal Trade CommissionCyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 11
  12. 12. The online entrepreneurCyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 12
  13. 13. The online entrepreneurPossible cyber crimes identified from Jack le Hack• Unauthorised access to data• Unauthorised modification of data• Computer-related fraud• False bomb threat, intimidation• Using a device to gain unauthorised access to data• Furthermore: - Exposing network to vulnerabilities – chat rooms, Skype. - Reputational risk to university and publicity about what Jack had done. - Possible loss of investors.Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 13
  14. 14. How to protect your dataCyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 14
  15. 15. How to protect your data• Protecting data starts with each user of a computer on your campus and is not only related to the functions and responsibilities of the IT department.• Your responsibilities include: - Protecting the university property stored on your computer, including information about staff, faculty, students, and alumni. - Accessing only that information which you are authorised to access in the course of your duties. Your ability to access other information does not imply any right to view, change, or share information. - Not establishing access privileges for yourself or others outside of formal approval processes.Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 15
  16. 16. How to protect your data - Adhering to procedures and business rules governing access and changes to the data for which you are a custodian. - Expect all stewards and custodians of administrative data to manage, access, and utilise this data in a manner that is consistent with the need for security and confidentiality.• Correlation between physical and network security. (Computer Security at Cornell: Secure your Computer on and off Campus 2009 (http://www.cit.cornell.edu))Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 16
  17. 17. Implementing a pro-active strategy in yourorganisationCyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 17
  18. 18. Implementing a pro-active strategy in yourorganisation• Cyber security is just as important as physical security. • Relationship between physical and network security.• Know and understand your organisation: • This includes an understanding of the external environment and the threats facing the organisation. It also refers to a thorough understanding of the internal environment and the way the organisation operates – its employees, levels of staff morale, business partners of the organisation, service providers, etc.Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 18
  19. 19. Implementing a pro-active strategy in yourorganisation• Define security roles and responsibilities: • Although security should be everyone within an organisation’s concern, ownership of information security should be assigned to specific individuals, coupled with the necessary levels of authority and accountability. To assist with the process it is recommended that security roles and responsibilities be incorporated into job descriptions and that performance in terms of these areas be measured accordingly.• Ensure that you have proper policies and procedures in place for the use of IT.• Establish clear processes to enable end-users to report suspected cyber crimes.Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 19
  20. 20. Implementing a pro-active strategy in yourorganisation• Effective public private partnerships.• Value of intelligence: Exchange information with law enforcement agencies and other organisations. Know your opponent and use the information to develop and update security policies. Think like a hacker.Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 20
  21. 21. Implementing a pro-active strategy in yourorganisation• Stay up to date: • Maintain awareness of new developments in both technology and services. Use a risk-based approach to determine when it would be necessary to upgrade or adapt current systems and processes to accommodate new developments.• Continuous auditing and assessment of process: • It is recommended that a process of continuous auditing be implemented to ensure that the strategy remains aligned to business objectives, adapts to changes in technology or identified threats, and to allow for the analysis of information that is gathered from the different implemented controls.Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 21
  22. 22. Practical guidelines and tips “The vast majority of computer breaches that we have investigated over the past few years have been the result of poor personal choices, weak computer practices, and less-than-satisfactory data-handling procedures.” Steve Shuster, director of IT Security at CornellCyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 22
  23. 23. Practical guidelines and tips• Email is more than messages. It contains personal information, contact lists, sensitive company information, etc. Email policies: • Do not open suspicious emails. • Use spam filters.• Encrypt important files or records.• Choose complex passwords and change your password regularly. The Post-it problem.• Back up regularly.• Install powerful anti-virus and firewall software and keep it up to date. Regularly update security patches.Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 23
  24. 24. Practical guidelines and tips• Create good habits such as deleting your temporary internet files and cookies. This protects against hackers who can access your accounts from where you have been on the internet.• Turn off your computer and modem/disconnect from the internet when not in use.• Know what information you have, where it is stored and who has access thereto.• Be wary to provide personal information via a website you are not familiar with.• Never allow strange or unfamiliar individuals to use your computer, not even if they say they are from the IT department!Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 24
  25. 25. Practical guidelines and tips• Where practicable, do not grant administrative or root/super user privileges to end-users.• Educate users: • Teach IT users how to identify cyber threats and how to respond. • Share security information with all users of IT in the organisation. • Read up on the latest ways hackers create phishing scams to gain access to your personal information.Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 25
  26. 26. Practical guidelines and tips• Campus executives and data stewards should know: - What/where is my data? - How sensitive is it? - Who is responsible for it? - Who has access to it? - Do I need to keep it? - What if it gets into the wrong hands?Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 26
  27. 27. Closing remarks• Need to realise the true value of information.• Cyber criminals steal INFORMATION.• We can only effectively combat cyber crime if we share information and collaborate.• Know your opponent.• Be pro-active and not re-active.• Implement good information governance principles in your organisation.• Educate all IT users.• Protect your information with the same vigour as you protect physical property, brand names, money, etc!Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011PwC 27
  28. 28. “It takes more than anti-virus software to safeguard your computing resources and data. It takes you. Taking steps to secure your computer not only helps keep your data safe, it demonstrates your commitment to protecting the university network and all data created, stored, and shared over the network by the campus community.”This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not actupon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) isgiven as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PwC, its members,employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, orrefraining to act, in reliance on the information contained in this publication or for any decision based on it.© 2011 PricewaterhouseCoopers (“PwC”), the South African firm. All rights reserved. In this document, “PwC” refers to PricewaterhouseCoopers inSouth Africa, which is a member firm of PricewaterhouseCoopers International Limited (PwCIL), each member firm of which is a separate legal entityand does not act as an agent of PwCIL.

×