The problem of cyber crime in Uganda is a reality. Every time you connect to the Internet, you get exposed to risks of cyber crime including hacking. In this presentation, Mustapha Mugisa explains the common cyber crime scheme and countermeasures
Comments
Content
ISACA event
26 June 2013, Hotel Africana, Kampala.
Cybercrime in Uganda
are you prepared?
The extent of the problem, and way forward Mustapha B. Mugisa, CFE, CHFI, CISA, MBA
Founder & CEO, Summit Consulting Ltd.
www.summitcl.com Forensic. Advisory. Fraud.
Perspective
How much do you estimate is the risk of cyber crime to Uganda today?
Image credit, ACFE.com
Forensic. Advisory. Fraud
Why care? Perspective
…
“Cybercrime and espionage are the top two challenges to USA national security today and in the future”,
President Barak Obama, March 2013.
What does this mean to Uganda?
www.summitcl.com Forensic. Advisory. Fraud.
Are you safe online..
If your security was breached, do you have the tools and expertise to proof it?
Forensic. Advisory. Fraud
Photo credit: UNCTAD photo
Image credit, ACFE.com
Let’s talk cybercrime cases are sensitive…
Are you getting value for money from your pen tests?
www.summitcl.com Forensic. Advisory. Fraud.
Why care?
Cyber crime vectors • Computer related offenses • Content related offenses • Copyright related offenses • Attack on security (CIA) is denial
www.summitcl.com Forensic. Advisory. Fraud.
Why care?
Internet photo.
The problem is huge for Africa, and Uganda. Not even mechanisms exists to quantify it!
www.summitcl.com Forensic. Advisory. Fraud.
Why care?
Lots of attack vectors; Ugandans highly exposed…
www.summitcl.com
The URA hacking case is still fresh…
www.summitcl.com
Why care? Cyber attack on Uganda … Non-official websites come
top on the search of the word “museveni”. How can NITA let this be!!!!
www.summitcl.com
Forensic. Advisory. Fraud.
Why care? content… Unacceptable
www.summitcl.com
Forensic. Advisory. Fraud.
Why attacks care? in many ways… Cyber
1. Spam 2. Viruses, including key loggers – common attack 3. Hacking; m-i-m attacks 4. Intellectual property theft 5. Phishing & identity theft 6. Denial of service – most common 7. Data harvesting.
www.summitcl.com Forensic. Advisory. Fraud.
Why attacks care? in many ways… Cyber
1. Over 20 cases involving computer and mobile phones reported weekly to Uganda Police CID department:
• Cases of anonymous email
investigations; Facebook identify theft, Bank fraud; Hacking into computer Systems esp on-line banking; and intellectual property theft
Forensic. Advisory. Fraud.
www.summitcl.com
Why attacks care? in many ways… Cyber
• All crimes reported at Police now involve use of computers or mobile phones • Recent cases involve cyber stalking; cyber harassment and fraud
www.summitcl.com
Forensic. Advisory. Fraud.
Recommended solutions…
Are you getting value for money from your pen tests?
www.summitcl.com Forensic. Advisory. Fraud.
Laws are in place, can you use them? “Uganda Cyber Laws” are three currently: 1. Computer Misuse Act, 2011 2. Electronic Transactions Act, 2011 3. Electronic Signatures Act, 2011
Forensic. Advisory. Fraud
All laws commenced in April 2011.
Image credit, ACFE.com
E.g. computer misuse long tittle
“Unauthorized access to private computers and network systems, deliberate corruption or destruction of other people’s data, disrupting the network or systems, introduction of viruses or disrupting the work of others; the creation and forwarding of defamatory material, infringement of copyright, as well as the transmission of classified data or other material to outside organizations… etc… any crime involving a computer.”
Forensic. Advisory. Fraud
Image credit, ACFE.com
Total ICT security…
#2. Empowering you to be secure! • 96% of Government staff are not IT trained. • Only 4% of are IT security professionals • Where is your weakest link?
For 96% of staff --- they must become Certified Secure Computer User (CSCU).
www.summitcl.com Forensic. Advisory. Fraud.
Total ICT security…
#2. Empowering you to be secure!
For your 4% of staff --- they must attain Certified Ethical Hacker (CEH); Computer Hacking Forensic Investigator (CHFI); Certified Fraud Examiner (CFE) and Licensed Pen Tester (LPT).
www.summitcl.com
www.eccouncil.org
Forensic. Advisory. Fraud.
Our solution to you…
#3. Partner with our forensic lab Don’t be held by staff at ransom!
Know the smallest thing that was the source of the problem… who, what, when, where and how & why – and let us take care of all the legal issues involved. That is the objective of a forensic investigation
Social Networking posts Blog Postings Removal Articles Removal website Removal
• Tracing suspected websites, blogs, forums abusers • Getting information of people behind websites, blogs, forums • Removal Actions for such websites
• Reduction in rankings of defaming content by positive SEO • Reduction in rankings of defaming content by proprietary methods • Increasing Positive content with right SEO techniques Forensic. Advisory. Fraud.
#3.3 Total reactive solution
Data Leakage Prevention
Cyber Reputation Management
Cyber Solutions to government
Cyber Crime Investigations
Smartphone, Laptops Security
#3.4 Total security solution
Regulatory Intelligence
Cyber weaponry & defense
Political Intelligence and cyber surveillance
We can set up a lab to create, use and manage cyber weaponry for uplifting CIRT system Uganda’s set up national security.
Ensure effective investigations
Digital forensic solutions –investigations: Anything digital, we’ve the solutions.
Specialized Training in fraud, IT security and forensic & risk management
www.summitcl.com
Forensic. Advisory. Fraud.
Next steps…
You should 1. Sponsor staff for training in ethical hacking, digital forensics and CSCU 2. Require all staff using computers to be CSCU, to avoid data leakage and ensure accountability 3. Set a forensic services fund – and we train all law enforcement as a PPPs – something's are better centralized 4. Coopt private sector players to advise on key implementations e.g. CIRT, CWDS (cyber weaponry & defense system) etc…
www.summitcl.com Forensic. Advisory. Fraud.
Next steps…
SCL productivity solutions • Unified secure messaging system • ERP • Incident reporting and whistleblowing system • E-Learning platform for in-house training
Call us today
www.summitcl.com Forensic. Advisory. Fraud.
Q&A
We take pride in doing the right thing, rather than what is right for the profitability of SCL.