Advantages of Hiring UIUX Design Service Providers for Your Business
Network Security
1. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
Presentation at the
by:
Abdul-Hakeem Ajijola
info@consultancyss.com
Nicon Luxury Hotel, Abuja, FCT Nigeria
12 July 2017
2. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
▪Process of taking physical and software
preventative measures to protect the
underlying networking infrastructure
from unauthorized access, misuse,
malfunction, modification, destruction,
or improper disclosure, thereby
creating a secure platform for
computers, users and programs to
perform their permitted critical
functions within a secure environment.
NETWORK SECURITY
Source: https://www.sans.org/network-security/
3. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
▪ Cybersecurity
▪ Protection of assets against
risks within, & from, the
electronic environment
▪ Risk Management
▪ An Economic Problem
CYBERSECURITY VS. CYBER-CRIME
▪ Cyber-Crime
▪ Conduct prohibited by law, with
prescribed punishment, carried out
using digital systems like
computers, electronic, ancillary
devices, processes and/ or
procedures
CYBERSECURITY VS. CYBER-CRIME
4. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
DIGITAL
SOCIETY/
TECHNOLOGY
ADOPTION
Cloud
Computing Smart
Homes/
Offices/
Cities
Internet of
Things
(IoT)
Data
Analytics
Artificial
Intelligence
FinTech
E-
commerce/
Online
shopping
Mobile
Smart
Devices
Ubiquitous
data
sharing
Social
media
ARE WE SECURE?
Cyber-
criminals
operate at the
speed of light
while law
enforcement
moves at the
speed of law.
Barry Raveendran Greene
www.getit.org
5. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
CYBER “THREAT” SPACE
Cyberspace is an environment that
combines
• People, Processes & Technology
Cyberspace is not borderless:
• Perceived as borderless because its
borders are seamless to the end user.
• Every country has its own cyberspace
which is defined by its national
infrastructure.
Implications:
• Threat actors carry out their activities in
an apparently seamless environment,
• Law Enforcement Operatives are
constrained by issues of jurisdiction.
Nigeria through the 2015 National
Cybersecurity Policy & the National
Cybersecurity Strategy recognizes
cyberspace as the 5th domain of warfare
after Land, Sea, Air & Outer-space.
#Weaponisation
of #FakeNews
and #Hatespeech
6. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
CYBERCRIMES ARE EVOLVING
The More We’re Interconnected
to Cyber Space, The More We
Are At Risk To Cyber Threats …
Source: Dr. Zahri Yunos, http://zahriyunos.blogspot.my Chief Operating
Officer, CyberSecurity Malaysia
Large scale, wide spreading
incident (e.g. virus, worm
outbreak)
Specific targeted attack,
powerful tool e.g., Botnet,
Stuxnet, WannaCry,
NotPetya, Business Email
Compromise (BEC)
Script kiddies, crackers
Professionals, organized
Cyber-gangs
Motivation: for fun, peer
recognition, prestige
Specific Motivation: for
economic gain, industrial
espionage, cyber terrorism
▪ Cybercrime is fueled by:
▪ Opportunity
▪ Interconnectedness
▪ Ignorance
7. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
Business Email Compromise (BEC)
Source: INTERPOL Trend Micro survey “Cybercrime in West Africa: Poised for an Underground Market”
8. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
0.80% of Nigeria’s GDP is lost to cybercrime
http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf
N137 billion annual direct losses
GDP $450 Trading Economics http://www.tradingeconomics.com/nigeria/gdp
Exchange Rate @ ₦305 to $1: CBN 24 March 2017 www.cbn.gov.ng/rates/exchratebycurrency.asp
90,154,737 use the internet daily, April, 2017
Nigerian Communications Commission Internet Subscriber Data
http://www.ncc.gov.ng/index.php?option=com_content&view=article&id=68&Itemid=70
45.3% of internet users in Nigeria suffered attack in
the third quarter of 2015
Kaspersky Lab, 2015 survey, for Third quarter 2015 IT Threat Evolution report http://bizwatchnigeria.ng/nigerias-cyber-malware-
attacks-reach-45-3-in-q3-2015/
13 April 2015 and 01 Feb 2016: 3,599 breaches of
Nigeria (.ng) domains with 2,518 websites defaced.
Zone-H http://www.zone-h.org/archive/filter=1/fulltext=1/domain=Nigeria
Nigeria: #58 most attacked Country
https://cybermap.kaspersky.com/
.NG STATISTICS
9. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
▪ Developers create the virus
▪ Sell computers infected with their
virus without owners knowledge
▪ Banking Trojans – used for direct
theft
- when purchase made
they record everything you type is
sent to the criminals - online
purchase sessions:
▪ Name,
▪ Delivery address,
▪ Credit card (CC) #
▪ CC security codes
▪ CC dates etc.,
UNDERGROUND ECONOMY - ORGANISED CRIMINAL GANGS
Source: http://www.hackmageddon.com/category/security/cyber-attacks-statistics/
10. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
WHO ELSE IS USING CYBERSPACE?
– Daesh: Islamic State
– Boko Haram: Jama’atu Ahlis-Sunnah
Lid Da’awati Wal Jihad [People involved
in Call to Islam & Jihad]
– MEND: Movement for the Emancipation
of the Niger Delta
– FARC–EP & FARC: Revolutionary Armed
Forces of Colombia—People's Army
– Aum Shinrikyo Japanese doomsday cult
Values, Propaganda, Financing & Recruitment
Pentagon Manipulates Social Media for Propaganda Purposes
Source http://www.globalresearch.ca/pentagon-seeks-to-manipulate-social-media-for-propaganda-purposes/25719
Cyberspace as Tool, Medium & Target of Terrorism
11. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
Que
pouvons-
nous faire
O que
podemos
fazer
نستطيع ماذا
نفعل ان
12. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
CYBERCRIME MOTIVATIONS
Source: http://it.toolbox.com/people/kevjudge/
Financial
Make money
fraudulently or steal
money outright
Political
Cyber War: one
nation attacking
another
Hacktivist
Personal
Enjoy the
challenge & risk
Disgruntled
current or former
employees
13. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
7 Principles
of
Cybercrime
• Don't get caught -- stay untraceable
• Don't Work too hard -- take the easy
path
• Follow the money
• If you can't take out the target, move
the attack to a coupled dependency of
the target -- cause confusion/
misdirection
• Always build cross jurisdictional attack
vectors
• Attack people who won't/ can't
prosecute you
• Stay below the pain threshold – e.g.
below insurance limits
UNDERSTAND BAD ACTORS TO KNOW HOW TO PUSH BACK
Source: Barry Greene www.senki.org
14. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
Government
• Defence Space Agency (DSA)
• EFCC, Digital Forensics Laboratory
• Galaxy Backbone, ISO27001 Certification
• NITDA, Computer Emergency Readiness & Response Team of
Nigeria - CERRT.ng
• Office of the Attorney General of the Federation, Cybercrime
Prosecution Unit
• Office of the National Security Adviser (ONSA), – Nigeria
Computer Emergency Response Team (NGCERT)
Private/
NGO
• Computer Forensics Institute of Nigeria (CFIN), Professional Body
• Consultancy Support Services (CS2) Ltd, Digital Forensics
• Cyber Institute Ltd/ GTE, NGO, Capacity Building & Research
• Cybersecurity Experts Association of Nigeria (CSEAN),
Professional Body
• Digital Jewels Ltd. –- Research & Capacity Building
Academia
• Federal University of Technology (FUT), Minna, Dept. of
Cybersecurity
• Nassarawa State University, Keffi, Centre for Cyberspace Studies
COLLABORATION: DOMESTIC CYBERSECURITY PLAYERS
14
15. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.comSource: https://www.slideshare.net/JohnGilligan7/top-level-cyber-security-strategy
DEVELOP A PLAN
18. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
CYBERSECURITY RESILIENCE MATURITY FRAMEWORK
Source: John Gilligan, President and Chief Operating Officer at Schafer Corporation
Maturity
Descriptor
Employment of
Security Controls
Security Tailored
to Mission
Participate in
Information
Sharing (Threat/
Vulnerability)
Response to
Cyber Threats
Resilience to
Cyber Attacks
Level 5:
Resilient
Augment CSC
Based on
Mission
Mission
Assurance
Focused
Real-time
Response to
Inputs
Anticipate
Threats
Operate
through
Sophisticated
Attacks
Level 4:
Dynamic
Augment CSC
Based on
Mission
Mission
Focused
Real-time
Response to
Inputs
Rapid Reaction
to Threats
Able to
Respond to
Sophisticated
Attacks
Level 3:
Managed
CSC Integrated
and
Continuously
Monitored
Partially
Mission
Focused
Respond to
Information
Inputs
Respond to
Attacks After
the Fact
Protection
Against
Unsophisticated
Attacks
Level 2:
Performed
Foundational
Critical Security
Controls (CSC)
Implemented
Mission
Agnostic
Inconsistent
Response to
Information
Inputs
Respond to
Attacks After
the Fact
Some
Protection
Against
Unsophisticated
Attacks
Level 1:
No
Resilience
Inconsistent
Deployment of
Security
Controls
None None No Response Susceptible to
Unsophisticated
Attacks
Step1:CriticalSecurity
Controls(CSC)
Step2:Address
Sophisticated
Attacks
19. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
Draft 419 Letter/
e-mail
Communication Exchange
419
Perpetrator
Nigeria 419 Cyber-crime – Life Cycle
E-mail Harvester
Mass-mail
Solution
Targeted victim
Response
Fake Document
Transfer of Funds
Adapted from flowchart originally produced by Femi Oyesanya & Vesper Owei
Processing/
Storage
Discard
20. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
WannaCry Ransomware: Are you infected?
No
Run Windows
updates
Update and run
Antivirus
Regular (weekly)
updates and
backups
Be suspicious of
unsolicited e-mails
with attachments
or Web links.
Download and install the patch with --
MS17-010 -- File 1 GB: Use flash drives
manually distribute the patch to
Ministries, Departments and Agencies,
organisations, other users and
organisations to save time and
bandwidth costs:
Regular (weekly)
updates and
backups
Be suspicious of
unsolicited e-mails
with attachments
or Web links.
X64 --
http://download.wi
ndowsupdate.com/
d/msdownload/upd
ate/software/secu
/2017/03/windows
10.0-kb4013429-
x64_ddc8596f8857
7ab739cade1d3659
56a74598e710.msu
X86
http://download.wi
ndowsupdate.com/
c/msdownload/upd
ate/software/secu
/2017/03/windows
10.0-kb4013429-
x86_8b376e3d0bff
862d803404902c41
91587afbf065.msu
Yes
Run Windows
updates
Update and run
Antivirus
Download tools to remove the infection/ .WNCRY virus
Restore back-up
files, if any
Regular (weekly)
updates and
backups
Be suspicious of
unsolicited e-mails
with attachments
or Web links.
Download and run WannaCry
ransomware decryption tool:
Regular (weekly)
updates and
backups
Be suspicious of
unsolicited e-mails
with attachments
or Web links.
WannaKey:
https://github.com
/gentilkiwi/wanaki
wi/releases
WanaKiwi:
https://github.com
/gentilkiwi/wanaki
wi/releases
https://howtoremove.guide/wncry-
virus-file-ransomware-remove/
https://malwaretips.com/blogs/rem
ove-wncry-virus/
https://malwaretips.com/blogs/rem
ove-wana-decrypt0r-2-0-virus/
https://forums.techguy.org/threads
/how-to-remove-wncry-
files.1189855/
Do NOT pay-off
Hackers
Reset your computer and lose
everything. Unless you have
backups
21. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
CORE ORGANIZATIONAL STRATEGY
Source: UK Government Cyber Essentials Scheme https://www.itgovernance.co.uk/cyber-essentials-scheme
APPROACH
• Ensure your cyber security is as effective as
possible without compromising the usability
of your systems.
• Ensure you have robust business continuity
plans in place that cover your information
assets so that you can resume normal
operations as soon as possible if an attack
is successful.
Follow
International
Standards as
guides
• ISO27001: Implementation of an
Information Security Management System
(ISMS);
• ISO22301: Implementation of a Business
Continuity Management System (BCMS).
• ISO27031, Applies specifically to
information and communication technology
business continuity, and the requirements
of ISO27001 and ISO22301 are mutually
compatible.
22. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
GLOBAL COMMISSION ON THE STABILITY OF CYBERSPACE (#THEGCSC)
▪ #theGCSC Research Advisory Group (RAG) is recruiting !!!
https://cyberstability.org/news/the-research-advisory-group-
is-recruiting/
▪ International Peace and Security of Cyberspace (RAG-P)
▪ Internet Governance (RAG-I)
▪ Law (RAG-L)
▪ Technical and Information Security (RAG-T)
▪ Developing proposals for norms and policies to
enhance international security and stability and
guide responsible state and non-state behavior
in cyberspace.
▪ Supporting information exchange and capacity
building,
▪ Research, and
▪ Advocacy.
Prospective African researchers (voices) should apply.
23. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
CYBERSECURITY AND CYBERCRIME ADVISORS NETWORK (CYAN)
▪ An international not-for-profit association
established in 2015, based in Paris, France.
▪ Strengthen cybersecurity
▪ Fight against cybercrime
through multi-
disciplinary collaboration
▪ Exchange of good
practices, expertise,
linkages, cooperation
and assistance in any
circumstances.
▪ Capacity development
▪ Stopping Child Abuse
Materials Online
(StopCAM)
25. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
2017 Hacking Competition: 28-29 April 2017
Register for FREE @:
https://cs2.workable.com/
Powered by Consultancy Support Services (CS2) Limited, Abuja
+234-802-939-6059 www.cs2.com.ng info@consultancyss.com @CSNigeria
6th Floor, Ogun State House, Plot 74, Ralph Shodeinde Street, Central Business District, Abuja, FCT, Nigeria 90001.
Get Noticed by
Potential Employers
Prizes:
1st: N 1,000,000
2nd:N 250,000
3rd: N 150,000
#HACKBOSSNIGERIA 2017
26. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
Antimalware:
•"Malware are malevolent software such as viruses, worms, spyware, &
others that are designed to cause harm to computer based systems
including stealing information
•Antivirus is a software that detects & destroys computer viruses"
Data loss prevention
(DLP):
•A strategy to ensure that users do not send unauthorised information
outside a given network
DDOS Mitigation:
•A set of practices for countering distributed denial-of-service (DDoS)
attacks on Internet facing networks by protecting the target &
intermediary networks.
Disaster Recovery &
Business Continuity:
•Processes that help organizations prepare for disruptive events including
backing up data & having alternate platforms & operational sites.
Encryption:
•A process of encoding messages or information so that only those
authorized can read it
Firewall:
•Like the wall around a building/ compound a Computer/ Network Firewall
blocks unauthorized access while permitting legitimate communication
Identity Management
Access (IAM):
•Framework for the management of electronic identities
Intrusion prevention
systems (IPS):
•Monitor network and/or system activities for malicious activity
Risk & Compliance
Management:
•Ways to approach IT Governance, risk management, & compliance with
standards
Security/ Vulnerability
Management:
•The cycle of identifying, classifying, prioritising, reporting, remediating, &
mitigating computer/ network vulnerabilities
Unified Threat Management
(UTM)/ Unified Security
Management (USM):
•Comprehensive & often cost-effective set of network gateway protection
solutions
Web Filtering:
•A filtering tool that screens incoming web pages to determine if all or part
of it should be displayed
AFRICA CYBER SECURITY MARKET WORTH $0.92 BILLION IN 2015 & $3.6 BILLION BY 2018
Source: http://www.marketsandmarkets.com/PressReleases/africa-cyber-security.asp
27. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
Heather Adkins,
director, information
security, Google
Ann Barron-DiCamillo,
director of US-CERT,
U.S. Department of
Homeland Security
Lara Nwokedi, Head of
Information Security
management First Bank
Plc.
Kathy Fithen, Chief
Privacy Officer (CPO),
Coca-Cola
Roxane Divol, General
Manager (GM) of
Symantec’s Trust
Services
Rakiya Shuaibu-
Mohammed, Deputy
Director IT & oversees
Cybersecurity CBN
Melinda Rogers, CISO,
Department of Justice
Latha Maripuri, SVP &
global CISO, News Corp.
Funke Opeke, a founder
& CEO MainOne
Julie Cullivan, senior
vice president of
business operations &
chief information
officer, FireEye
Eva Chen, CEO, Trend
Micro
Zareefa Mustapha PhD.,
Lecturer, Cloud
Forensics Baze
University
WOMEN IN IT SECURITY: POWER PLAYERS
Source: http://www.scmagazine.com/women-in-it-security-10-power-players/printarticle/421364/
Source: https://www.csc.tntech.edu/wicys/
28. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
Get Ready to Counter growing cybersecurity and cyber Crime Challenges
• Education:
• Primary, Secondary, Vocational and Tertiary
• Lay Digital Society’s foundation’s:
• Cyber-hygiene and Network Security Imperatives
• Positive regulation,
• Tax Incentives
• Ease of doing business
• Some Government investment in specific areas
• Create Centers of Knowledge:
• Educational and/ or Research Institutes
Year 2020 an MSME based Cybersecurity Solutions economic sub-sector
that enables a Cyber Resilient Digital Society should be in place,
principally driven by suitably empowered young knowledge workers
• Highly skilled Cybersecurity knowledge workers will constitute a
cyber-guard that the nation will leverage, in times of national cyber
emergencies
• We can succeed by working together
CONCLUSION: PROPOSITION FOR ADOPTION
29. Abdul-Hakeem Ajijola (.AhA) info@consultancyss.com
for
your
attention
Merci de
votre
attention
Obrigado
pela sua
atenção
على شكرا
االهتمام
info@consultancyss.com