The document discusses cyber crime and its impact on higher education in South Africa. It introduces a hypothetical case study of "Jack le Hack", a university student who engages in various cyber crimes like unauthorized access of data, computer-related fraud, and intimidation. The document then defines cyber crime and common types seen in South Africa. It outlines strategies for organizations to protect their data and implement proactive cyber security practices. The document concludes with practical cyber security tips for users.
4.18.24 Movement Legacies, Reflection, and Review.pptx
Cyber Crime Impact on Higher Education
1. www.pwc.com
Cyber Crime 101: The
Impact of Cyber Crime
on Higher Education in
South Africa
Higher Education Conference 2011
5 September 2011
Adv Jacqueline Fick
2. Agenda
Meet Jack le Hack
Cyber crime defined
The online entrepreneur
How to protect data
Implementing a pro-active strategy in your organisation
Practical guidelines and tips
Closing remarks
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 2
3. Meet Jack le Hack
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 3
4. Meet Jack le Hack
Third year student : University of Cyberfucious
Putting knowledge into practice
It is Monday afternoon after a rough weekend for Jack. He is sure he
failed the test he wrote that morning as the beers he consumed made
him suffer from memory loss and he forgot to study. His finances are
also shot as he had to sponsor some of his friends for their social
activities. To boot his professor also made some comments about the
quality of his work which Jack felt was not appropriate. Jack also
assists with some classes for first year students and realises that he still
has to prepare for a lecture for the next day.
He goes to the office that was assigned to him. He shares the office with
one of the admin clerks of the faculty. When he walks past her desk, he
notices that she did not log of her computer. Jack decides that it is time
to put his master plan into action...
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 4
5. Meet Jack le Hack
Third year student : University of Cyberfucious
Putting knowledge into practice ...
Jack has a fair knowledge of computers and has long since been toying
with the idea of putting this knowledge to good use.
He firstly uses the admin clerks’ mailbox to send the offending
professor a message, stating that his day will come and that he knows
where he lives and has intimate knowledge of the professor’s family. He
also stated that a bomb will go off within the next week in the
professor’s classroom.
Secondly, he logs into the shared folders of the faculty where he knows
the results of the test he wrote are kept. Jack decides that he certainly
deserves a better mark than he received that morning.
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 5
6. Meet Jack le Hack
Third year student : University of Cyberfucious
Putting knowledge into practice ...
When studying the test results, he sees that he was not the only one that
failed. Jack realises that this could present an opportunity to deal with
his financial difficulties. He phones some of the other students and
offers a deal to them to change their marks for a small donation.
A few days pass and Jack’s business kicks off beyond his own
expectations. He is also approached by students that have financial
difficulties and cannot pay their class fees. With a little research and
questions posed in chat rooms, he acquires the necessary information to
hack into the financial system of the university. He installs a key logger
on one of the financial clerk’s computer and so gains access to his
password. He once again accesses the system from the admin clerk’s
computer.
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 6
7. Meet Jack le Hack
Third year student : University of Cyberfucious
Putting knowledge into practice ...
Jack is so impressed with his own efforts that he posts this information
on Facebook and Twitter and also uses Skype to tell his friends in the
UK about his endeavours. Because his data bundle expired, he posts
this information from a computer connected to the university network
and also installed Skype on the computer. He did, however, remove
Skype from the computer later.
Life is good for our Jack le Hack.
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 7
8. Cyber crime defined
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 8
9. Cyber crime defined
• Move in South African law to the use of the term cyber crime which
is wide enough to encompass all illegal activities in respect of
computers, information networks and cyberspace.
• Most important legislation is the Electronic Communications and
Transactions Act 25 of 2002.
• 'access' includes the actions of a person who, after taking note of
any data, becomes aware of the fact that he or she is not authorised to
access that data and still continues to access that data.
• 'data message' means data generated, sent, received or stored by
electronic means and includes-
(a) voice, where the voice is used in an automated transaction; and
(b) a stored record;
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 9
10. Cyber crime defined
Common types of cyber crime
• Unauthorised access (s86(1))
• Unauthorised modification of data and various forms of malicious
code (s86(2))
• Denial of Service Attacks (S86(5))
• Devices used to gain unauthorised access to data (s86(4))
• Child pornography, cyber obscenity and cyber stalking
• Computer-related fraud
• Copyright infringement
• Industrial espionage
• Piracy
• Online gambling
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 10
11. Cyber crime defined
Common types of cyber crime (cont.)
• For 15 consecutive months South Africa has been amongst the top
three target countries in the world for mass phishing attacks.
• Identity theft remains the most common type of cyber crime in South
Africa.
• “ Identity theft is a serious crime. It occurs when your personal
information (name, social security number, date of birth, credit card
number, or bank account number) is stolen and used without your
knowledge to commit fraud or other crimes. Identity theft can cost
you time and money. It can destroy your credit and ruin your good
name.” USA Federal Trade Commission
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 11
12. The online entrepreneur
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 12
13. The online entrepreneur
Possible cyber crimes identified from Jack le Hack
• Unauthorised access to data
• Unauthorised modification of data
• Computer-related fraud
• False bomb threat, intimidation
• Using a device to gain unauthorised access to data
• Furthermore:
- Exposing network to vulnerabilities – chat rooms, Skype.
- Reputational risk to university and publicity about what Jack had
done.
- Possible loss of investors.
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 13
14. How to protect your data
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 14
15. How to protect your data
• Protecting data starts with each user of a computer on your campus
and is not only related to the functions and responsibilities of the IT
department.
• Your responsibilities include:
- Protecting the university property stored on your computer,
including information about staff, faculty, students, and alumni.
- Accessing only that information which you are authorised to access
in the course of your duties. Your ability to access other
information does not imply any right to view, change, or share
information.
- Not establishing access privileges for yourself or others outside of
formal approval processes.
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 15
16. How to protect your data
- Adhering to procedures and business rules governing access and
changes to the data for which you are a custodian.
- Expect all stewards and custodians of administrative data to
manage, access, and utilise this data in a manner that is consistent
with the need for security and confidentiality.
• Correlation between physical and network security.
(Computer Security at Cornell: Secure your Computer on and off
Campus 2009 (http://www.cit.cornell.edu))
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 16
17. Implementing a pro-active strategy in your
organisation
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 17
18. Implementing a pro-active strategy in your
organisation
• Cyber security is just as important as physical security.
• Relationship between physical and network security.
• Know and understand your organisation:
• This includes an understanding of the external environment and
the threats facing the organisation. It also refers to a thorough
understanding of the internal environment and the way the
organisation operates – its employees, levels of staff morale,
business partners of the organisation, service providers, etc.
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 18
19. Implementing a pro-active strategy in your
organisation
• Define security roles and responsibilities:
• Although security should be everyone within an organisation’s
concern, ownership of information security should be assigned to
specific individuals, coupled with the necessary levels of authority
and accountability. To assist with the process it is recommended
that security roles and responsibilities be incorporated into job
descriptions and that performance in terms of these areas be
measured accordingly.
• Ensure that you have proper policies and procedures in place for the
use of IT.
• Establish clear processes to enable end-users to report suspected
cyber crimes.
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 19
20. Implementing a pro-active strategy in your
organisation
• Effective public private partnerships.
• Value of intelligence: Exchange information with law enforcement
agencies and other organisations. Know your opponent and use the
information to develop and update security policies. Think like a
hacker.
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 20
21. Implementing a pro-active strategy in your
organisation
• Stay up to date:
• Maintain awareness of new developments in both technology and
services. Use a risk-based approach to determine when it would
be necessary to upgrade or adapt current systems and processes to
accommodate new developments.
• Continuous auditing and assessment of process:
• It is recommended that a process of continuous auditing be
implemented to ensure that the strategy remains aligned to
business objectives, adapts to changes in technology or identified
threats, and to allow for the analysis of information that is
gathered from the different implemented controls.
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 21
22. Practical guidelines and tips
“The vast majority of computer breaches that we have investigated
over the past few years have been the result of poor personal choices,
weak computer practices, and less-than-satisfactory data-handling
procedures.”
Steve Shuster, director of IT Security at Cornell
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 22
23. Practical guidelines and tips
• Email is more than messages. It contains personal information,
contact lists, sensitive company information, etc. Email policies:
• Do not open suspicious emails.
• Use spam filters.
• Encrypt important files or records.
• Choose complex passwords and change your password regularly.
The Post-it problem.
• Back up regularly.
• Install powerful anti-virus and firewall software and keep it up to
date. Regularly update security patches.
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 23
24. Practical guidelines and tips
• Create good habits such as deleting your temporary internet files
and cookies. This protects against hackers who can access your
accounts from where you have been on the internet.
• Turn off your computer and modem/disconnect from the internet
when not in use.
• Know what information you have, where it is stored and who has
access thereto.
• Be wary to provide personal information via a website you are not
familiar with.
• Never allow strange or unfamiliar individuals to use your computer,
not even if they say they are from the IT department!
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 24
25. Practical guidelines and tips
• Where practicable, do not grant administrative or root/super user
privileges to end-users.
• Educate users:
• Teach IT users how to identify cyber threats and how to respond.
• Share security information with all users of IT in the organisation.
• Read up on the latest ways hackers create phishing scams to gain
access to your personal information.
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 25
26. Practical guidelines and tips
• Campus executives and data stewards should know:
- What/where is my data?
- How sensitive is it?
- Who is responsible for it?
- Who has access to it?
- Do I need to keep it?
- What if it gets into the wrong hands?
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 26
27. Closing remarks
• Need to realise the true value of information.
• Cyber criminals steal INFORMATION.
• We can only effectively combat cyber crime if we share information
and collaborate.
• Know your opponent.
• Be pro-active and not re-active.
• Implement good information governance principles in your
organisation.
• Educate all IT users.
• Protect your information with the same vigour as you protect
physical property, brand names, money, etc!
Cyber crime 101: The impact of cyber crime on Higher Education in South Africa September 2011
PwC 27