The South African Cyber Security Awareness Month (SACSAM)

greenpepperwhinnySecurity

Nov 3, 2013 (3 years and 9 months ago)

66 views

Prof Basie Von
Solms

Academy for IT

University of Johannesburg

basievs@uj.ac.za

The South African Cyber Security Awareness Month

(SACSAM)


The Cyber Risk



The
Symantec Internet Security Threat Report

(
Symantec, April 2011)



Symantec
recorded early 3 billion malware attacks in
2010


A 93% increase in Web
attacks


260 000 Identities on average exposed per
breach


42% more mobile
vulnerabilities


Rustock
, the largest botnet had well over one million bots under its control

10 000 could be rented for US$ 15 for Denial of Service attacks



The Cyber Risk


The
Sophos Security Threat Report 2009




23 500 infected websites are discovered every day. That’s one every


3.6 seconds



15 new bogus anti
-
virus vendor websites are discovered every day.



89.7 % of all business email is spam


The report further makes the following very worrying statement:


‘The vast majority of infected websites are in fact legitimate sites that have
been hacked to carry malicious code. Users visiting the websites may be
infected by simply visiting affected websites, … The scope of these
attacks cannot be underestimated, since all types of sites


from
government departments and educational establishments to embassies
and
poltical

parties …
-

have been targeted.’

"The Internet is the crime scene of the 21st
Century
,"
(Wall Street Journal, 2010a)



The Cyber Risk


The Cyber Risk




The
CISCO White Paper, 2009




‘Internet users are under attack. Organized criminals methodically and
invisibly exploit
vulnerabilities
in websites and browsers and infect
computers, stealing valuable information (login credentials, credit card
numbers and intellectual property) and turning both corporate and
consumer networks into unwilling participants in propagating spam
and malware’







Like the anticrime, environmental awareness, and antismoking television



ad campaigns
of recent years,
a
comprehensive and repeated program of


public awareness could help instill fundamental security principals


to make cyber space safer and more secure.




Such awareness programs should point out that securing one’s own


computer not only lowers the risk for that individual but also
helps


improve the
security of cyber space and the country as a whole.


The major Countermeasure :

Cyber Security Awareness



Thus, user awareness education is just as vital a tool in protecting cyber


space as the latest firewall or encryption technology




The sorry state of information security awareness for the public at large is


an even bigger problem ……………




The state of information security in cyber space can be significantly improved


by public service announcements and education campaigns




The major Countermeasure :

Cyber Security Awareness

6.

From SA’s Draft National Cyber Security Policy


Proposed SA Initiative




Establish an annual Cyber Security Awareness Month/Week

Let us look at
some examples
relating
to such

a

Cyber Security Awareness Month/Week



Australia



National Cyber Security Awareness Week


an annual initiative held in partnership with
industry, community and consumer groups and
state and territory governments.



The Week aims to help Australians understand
cyber security risks and educate home and small
business users on the simple steps they can take
to protect their personal and financial
information.




United Kingdom



Get Safe Online Week



Get Safe Online, the UK’s national internet security awareness initiative



Get Safe Online Week encourages web users to take time out of their
week to learn more about internet safety and to make sure that their
computer is properly protected.




It reaches out to consumers and small businesses through
competitions, events and PR activity.





Singapore



The
Cyber Security Awareness Alliance
I



Our
Mission


The
aim of the Alliance is to
:



Build a positive culture of cyber security in Singapore, where
security
becomes
second nature for all

users;
and


Promote
and enhance awareness and adoption of essential

security practices for
both the private and public sectors
.



The
Alliance comprises representatives from the government, private enterprises,
trade associations and non
-
profit organisations.


America




What is National Cyber Security Awareness Month?



National Cyber Security Awareness Month is an annual effort to increase awareness
and prevention of online security problems,



spearheaded by the
U.S. Department of Homeland Security

and the
National Cyber
Security Alliance

(NCSA).




The National Cyber Security Alliance (NCSA
)


Mission:



NCSA's
mission is to educate and therefore empower a digital society to use the
Internet safely and securely at home, work, and school,


protecting
the technology individuals’ use, the networks they connect to, and our
shared digital assets.


Vision
:


I
n
a climate of persistent threats, securing cyber space is a responsibility we all
share.


Securing
the Internet and our shared global digital assets

cybersecurity

is critical
if we are to achieve the potential of an empowered digital
society


NCSA builds strong public/private partnerships to create and implement broad reaching
education and awareness efforts to empower users at home, work and school with the
information they need to keep themselves, their organizations, their systems, and their
sensitive information safe and secure online and encourage a culture of
cybersecurity
.

America

Scope of these programs



Schools


Universities


Home Users


Enterprises


Topics



Identity
fraud


Phishing


Viruses, spyware and malware


Mobile internet security


Online scams


Social networking


Online dating


Shopping and selling online

Tools




Posters


Cartoons


Flyers


Podcasts


Lectures


Videos


Advertisements


etc

NCSA Resource Library

Step 1 : Create a SA Mandating Authority (MA) and invite supporters and endorsers
from the public and private sectors.




Department of Communications


Department of Education (Basic and Higher)


Financial Institutions


Telecommunications
companies


Universiities


Etc


The Centre of Competency for Research in Cyber Security and Related Areas
(CCRCSRA) at UJ is offering to act as an initial vehicle to get such a MA
established.

SA Cyber Security Awareness Month

Step 2 : Create an initial plan as far as content and distribution of
material and awareness for the first Cyber Security Awareness Month in
October 2011 is
concerned


As initial concentration is on schools and Universities, the UNISA

and NMMU
efforts can take
responsibility for the schools area.

The
CCRCSRA at UJ will concentrate on Universities.


In cooperation with the MA and sponsors (see later) some marketing material for
radio and TV can be developed.


The
material of the NCSAM (US) can also be used with good effect.

Step 3 : Find
sponsors


Part of establishing the MA (Step 1 above) will be to find
sponsorship to produce and distribute some of the material
mentioned in Step 2.



Step 4 : Roll out the first SA Cyber Security Awareness Month in October
2011




initially
be a small effort, but should grow in coming years
.


Without
starting slow, we will never get anywhere
.


Although
the initiative is directed towards SA, it can just as well be a Southern Africa
Cyber Security Awareness Month involving other countries from Southern Africa.


The
emphasis on SA in this case is just to ensure that we can kick off here in 2011.


The
main purpose of the SACSAM is therefore a sort of national public awareness
campaign to encourage everyone to protect their computers and our nation’s critical
cyber infrastructure.


Summary




It will do SA good to have some concentrated effort to
expand awareness about Cyber Security risks amongst the
whole civil society. The planned SA National Cyber
Security Awareness Month may be the first coordinated
effort to do so
.



Interested parties are invited to contact me

Thanks