The South African Cyber Security Awareness Month
(SACSAM)
Prof Basie Von Solms
Academy for IT
University of Johannesburg
basievs@uj.ac.za
The Cyber Risk
The Symantec Internet Security Threat Report
(Symantec, April 2011)
Symantec recorded early 3 billion malware attacks in 2010
A 93% increase in Web attacks
260 000 Identities on average exposed per breach
42% more mobile vulnerabilities
Rustock, the largest botnet had well over one million bots under its control
10 000 could be rented for US$ 15 for Denial of Service attacks
The Cyber Risk
The Sophos Security Threat Report 2009
• 23
500 infected websites are discovered every day. That’s one every
3.6 seconds
• 15 new bogus anti-virus vendor websites are discovered every day.
• 89.7 % of all business email is spam
The report further makes the following very worrying statement:
‘The vast majority of infected websites are in fact legitimate sites that have
been hacked to carry malicious code. Users visiting the websites may be
infected by simply visiting affected websites, … The scope of these
attacks cannot be underestimated, since all types of sites – from
government departments and educational establishments to embassies
and poltical parties … - have been targeted.’
The Cyber Risk
"The Internet is the crime scene of the 21st
Century," (Wall Street Journal, 2010a)
The Cyber Risk
The CISCO White Paper, 2009
‘Internet users are under attack. Organized criminals methodically and
invisibly exploit vulnerabilities in websites and browsers and infect
computers, stealing valuable information (login credentials, credit card
numbers and intellectual property) and turning both corporate and
consumer networks into unwilling participants in propagating spam
and malware’
The major Countermeasure :
Cyber Security Awareness
• Like the anticrime, environmental awareness, and antismoking television
ad campaigns of recent years, a comprehensive and repeated program of
public awareness could help instill fundamental security principals
to make cyber space safer and more secure.
• Such awareness programs should point out that securing one’s own
computer not only lowers the risk for that individual but also helps
improve the security of cyber space and the country as a whole.
The major Countermeasure :
Cyber Security Awareness
• Thus, user awareness education is just as vital a tool in protecting cyber
space as the latest firewall or encryption technology
• The sorry state of information security awareness for the public at large is
an even bigger problem ……………
• The state of information security in cyber space can be significantly improved
by public service announcements and education campaigns
From SA’s Draft National Cyber Security Policy
6.
Proposed SA Initiative
Establish an annual Cyber Security Awareness Month/Week
Let us look at some examples relating to such
a Cyber Security Awareness Month/Week
Australia
• National Cyber Security Awareness Week
• an annual initiative held in partnership with
industry, community and consumer groups and
state and territory governments.
• The Week aims to help Australians understand
cyber security risks and educate home and small
business users on the simple steps they can take
to protect their personal and financial
information.
United Kingdom
Get Safe Online Week
• Get Safe Online, the UK’s national internet security awareness initiative
• Get Safe Online Week encourages web users to take time out of their
week to learn more about internet safety and to make sure that their
computer is properly protected.
•
It reaches out to consumers and small businesses through
competitions, events and PR activity.
Singapore
The Cyber Security Awareness Alliance I
Our Mission
The aim of the Alliance is to:
• Build a positive culture of cyber security in Singapore, where security becomes
second nature for all users; and
• Promote and enhance awareness and adoption of essential security practices for
both the private and public sectors.
The Alliance comprises representatives from the government, private enterprises,
trade associations and non-profit organisations.
America
What is National Cyber Security Awareness Month?
• National Cyber Security Awareness Month is an annual effort to increase awareness
and prevention of online security problems,
• spearheaded by the U.S. Department of Homeland Security and the National Cyber
Security Alliance (NCSA).
America
The National Cyber Security Alliance (NCSA)
Mission:
• NCSA's mission is to educate and therefore empower a digital society to use the
Internet safely and securely at home, work, and school,
• protecting the technology individuals’ use, the networks they connect to, and our
shared digital assets.
Vision:
• In a climate of persistent threats, securing cyber space is a responsibility we all
share.
• Securing the Internet and our shared global digital assets—cybersecurity—is critical
if we are to achieve the potential of an empowered digital society
NCSA builds strong public/private partnerships to create and implement broad reaching
education and awareness efforts to empower users at home, work and school with the
information they need to keep themselves, their organizations, their systems, and their
sensitive information safe and secure online and encourage a culture of cybersecurity.
Scope of these programs
•
•
•
•
Schools
Universities
Home Users
Enterprises
Topics
•
•
•
•
•
•
•
•
Identity fraud
Phishing
Viruses, spyware and malware
Mobile internet security
Online scams
Social networking
Online dating
Shopping and selling online
Tools
•
•
•
•
•
•
•
•
Posters
Cartoons
Flyers
Podcasts
Lectures
Videos
Advertisements
etc
NCSA Resource Library
SA Cyber Security Awareness Month
Step 1 : Create a SA Mandating Authority (MA) and invite supporters and endorsers
from the public and private sectors.
•
•
•
•
•
•
Department of Communications
Department of Education (Basic and Higher)
Financial Institutions
Telecommunications companies
Universiities
Etc
The Centre of Competency for Research in Cyber Security and Related Areas
(CCRCSRA) at UJ is offering to act as an initial vehicle to get such a MA
established.
Step 2 : Create an initial plan as far as content and distribution of
material and awareness for the first Cyber Security Awareness Month in
October 2011 is concerned
As initial concentration is on schools and Universities, the UNISA and NMMU
efforts can take responsibility for the schools area.
The CCRCSRA at UJ will concentrate on Universities.
In cooperation with the MA and sponsors (see later) some marketing material for
radio and TV can be developed.
The material of the NCSAM (US) can also be used with good effect.
Step 3 : Find sponsors
Part of establishing the MA (Step 1 above) will be to find
sponsorship to produce and distribute some of the material
mentioned in Step 2.
Step 4 : Roll out the first SA Cyber Security Awareness Month in October 2011
• initially be a small effort, but should grow in coming years.
• Without starting slow, we will never get anywhere.
• Although the initiative is directed towards SA, it can just as well be a Southern Africa
Cyber Security Awareness Month involving other countries from Southern Africa.
• The emphasis on SA in this case is just to ensure that we can kick off here in 2011.
• The main purpose of the SACSAM is therefore a sort of national public awareness
campaign to encourage everyone to protect their computers and our nation’s critical
cyber infrastructure.
Summary
• It will do SA good to have some concentrated effort to
expand awareness about Cyber Security risks amongst the
whole civil society. The planned SA National Cyber
Security Awareness Month may be the first coordinated
effort to do so.
• Interested parties are invited to contact me
Thanks