SlideShare une entreprise Scribd logo

Threats from Economical Improvement: Why the Economy in Emerging Countries Can Pose as a Threat to Cyber Security

Rochester Security Summit
Rochester Security Summit

Baseline projections envisage the BRICs overtaking the U.S. economy by 2018. As a result, a new mid-class is emerging within the population and the access to computers and e-commerce are advancing in the same wave, generating threats based on a large base for new cyber criminals and also new victims with little or no knowledge of computer security. This presentation will show how this scenario is being studied and the next steps for developing a more comprehensive analysis of the root causes and proposed actions to change the increase of cyber crime from these sources. Eduardo Vianna de Camargo Neves Eduardo has been an Information Security professional and enthusiast since 1997. His work experience includes extensive knowledge in meeting compliance requirements in large scale regulated organizations, business continuity planning and disaster recovery, risk assessment and management, team management, and security awareness for different audiences in the consumer goods market. After eight years in the corporate environment, Eduardo realized an old dream and founded his own consulting company. As an entrepreneur, he is working to deliver first class services in IT Security with specialized products and services for network and application security.

TechnologieBusiness
1  sur  20
Télécharger pour lire hors ligne
Threats from the Economical Improvement Why the economy on emerging countries can pose as a threat to cyber security and how to improve the protection through continuous education 1 Eduardo Vianna de Camargo Neves Conviso IT Security, Operations Manager OWASP Global Education Committee Member Monday, September 20, 2010
Overview The increase of global economy and their reflections on BRIC countries, are changing how these societies make business and interact with the rest of the world Companies from Brazil, India, Russia and China are not working only on their own markets anymore A new mid-class with access to credit lines and technology is impulsing commerce on new markets and becoming one economic power Cyber crime is raising in the same proportion, following the money and profiling new opportunities with a lower risk 2Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
Overview This presentation will focus on Brazil and a proposal to contribute on cyber crime prevention and reduction through education on computer security for the society This is an on-going project which are being improved and will be presented with new data at OWASP AppSec DC, on November 2010 A white paper is being produced with collaboration from other companies and independent researchers to improve content and allow new deliveries An OWASP Project will be launched on 2011 to support this initiative as part of Global Education Committee efforts on Latin America, supporters and contributors are welcome 3Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
Changes on economy and society 4Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
Welcome to a Brave New World 5 Brazil, Russian Federation, India and China had made impressive changes on their economies and transform how their society are dealing with it Brazil is a world-leader on agribusiness and lead specific high-tech sectors such as airplane production and oil exploration Russia is the world's second largest oil exporter and largest gas exporter and the economy is growing since 2001 India is one of the fastest growing telecom markets in the world and maintains a unemployment rate of 10.7% on 2009 China contributed 1/3 of global economic growth in 2004 and accounted for half of global growth in metals demand Source: The World Factbook by CIA Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
The Role of a New Society According to the World Bank, developing countries' share in world trade rose from 16% in 1990 to 30% in 2006, led by China and with Brazil and India not far behind The urban Chinese middle class will spend close to $2.3 trillion a year by 2025, while India's one should grow from 5 percent today to over 40 percent of the nation over the next 20 years In Brazil, 10 million people gained Internet between 2005 and 2007, making a total with access to nearly 40 million, or 29% of the population Companies, Governments and the society in all those countries are becoming stronger and using technology to support their grow 6Conviso IT Security | Threats from the Economical Improvement Source: The World Bank Monday, September 20, 2010
Reflections on cyber-crime The ties between economics and information security was discussed by Ross Anderson and other authors. The improvement of BRIC countries’ economies brings new topics Governments are not ready to deal with a change on the society which is creating millions of new users of Internet based services Companies are dealing with new threats using old technologies, the Market for Lemons is here People are buying computers and smart phones to be on line but they really don’t understand the risks and impacts of a connected world 7Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
The results are on our sight Cyber crime is increasing world-wide and besides the fact that numbers are very complicated, there are some questions which can lead a discussion on causes and solutions Governments are not ready to deal with a change on the society which is creating millions of new users of Internet based services Companies are dealing with new threats using old technologies, the Market for Lemons is here People are buying computers and smart phones to be on line but they really don’t understand the risks and impacts of a connected world 8Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
The Brazilian Scenario 9Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
Conviso IT Security | Threats from the Economical Improvement The Economic Redemption 10 As a result of deep changes started on 1994 and maintained by all Governments, Brazil is now watching a new and continuous social improvement Almost 52% of the population are in Mid-Class, comparing to a rate of 32% on 1992 10 million people gained Internet between 2005 and 2007, making a total with access to nearly 40 million, or 29% of the population The number of credit cards rose from 27 million on 2006 to 150 million in 2009 Source: BBC and Reuters Monday, September 20, 2010
Conviso IT Security | Threats from the Economical Improvement Timeline Cyber crime are being conducted in Brazil since 2001. Attacks are increasing, being more sophisticated and trending to client-side approaches and target hosts in other countries 11 Year AttackTrend Incidents on CERT.BR Fraud % 2001 • Initial deployment of rudimentary keyloggers • Brute force attacks on bank sites 5,997 0% 2004 • Increase in sophisticated phishing • DNS compromises widely used (“pharming”) 75,722 5% 2007 • Trojans delivered via drive-by downloads • Malware modifying client’s hosts file 160,080 28% 2009 • Usage of XSS and CSRF • IdentityTheft 358,343 69% Source: CERT.BR Monday, September 20, 2010
Conviso IT Security | Threats from the Economical Improvement Cyber Crime Evolution Fraud, are still the major issues, however a new trend is being observed on the last three years Social networks are being used to share criminal information, from child pornography to kidnapping. The damage is affecting local and international companies as co-responsible Attacks are moving from trojans to exploration of common flaws on web sites such as XSS and CSRF to support fraud and identity theft Brazil’s electrical grid was supposed targeted by crackers, however data leakage on Government web sites and systems are becoming a routine 12 Source: Safernet.org.br, Symantec and Conviso Security Labs Monday, September 20, 2010
Why you should care about USA is accounted for 19% of Internet based attacks but the BRIC countries also compose a large slice of this problem 13Conviso IT Security | Threats from the Economical Improvement Source: Internet Security Threat report, by Symantec 60% 8% 4% 3% 6% 19% USA Brazil Russia India China World 21% And there are a lot of space to grow Monday, September 20, 2010
The Call for Education 14Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
Education is the Key We do not believe that education only for the community is enough to transform this scenario. A more comprehensive approach must be delivered for three major areas. The Government must understand how fragile web security can be and prepare their own strategies do deal with Companies must understand how to buy, develop and maintain secure applications for their customers The academia must change their directions. Security is not optional and all programers and managers must understand that as part of their competencies 15Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
The OWASP Role There are several OWASP Projects ready to be used by anyone which needs to make more secure software, so a“packing strategy”is required to make them more palatable for different audiences Governments must understand why application security matters and must be a strategy for the country and an obligation to their citizens Companies must promote security in all business areas and relate this achievement on the executive agenda The Academia must include computer security on several areas as a common discipline like statistics and math. Specialization is great, but do not achieve the responsible parties 16Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
Conclusions 17Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
Next Steps This is a simple but ambitious project which we believe will change how people understand application security on the BRIC countries and several complementary steps are required Specific competencies to support delivery process Effort allocation to adapt current content to the reality in each country Leaders to support the overall development and achieve other countries with similar situation than Brazil 18Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
Acknowledgements The following companies, organizations and individuals supported this research and sponsored this presentation: Conviso IT Security: Sponsored my travel and is supporting this research (Disclaimer: I am one of the parters) OWASP Connections Committee: Partially sponsored my expenses, thank you very much Dinis! Anchises Moraes Guimaraes De Paula: IT Security researcher working with me on this development. You can tweet him at @anchisesbr All images used in this presentation are licensed on Creative Commons and the original sources can be reached clicking on them 19Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
Threats from the Economical Improvement Why the economy on emerging countries can pose as a threat to cyber security and how to improve the protection through continuous education 20 Eduardo Vianna de Camargo Neves Conviso IT Security, Operations Manager OWASP Global Education Committee Member Monday, September 20, 2010

Recommandé

5 Emerging US Public Finance Models 2009
5 Emerging US Public Finance Models 20095 Emerging US Public Finance Models 2009
5 Emerging US Public Finance Models 2009Glenn Klith Andersen
 
Humanitarian Aid To Emerging Economy Proposal 01 10a
Humanitarian Aid To Emerging Economy Proposal 01 10aHumanitarian Aid To Emerging Economy Proposal 01 10a
Humanitarian Aid To Emerging Economy Proposal 01 10adaust
 
Citizen Engagement in an Emerging Economy: An Example of Technology Platform ...
Citizen Engagement in an Emerging Economy: An Example of Technology Platform ...Citizen Engagement in an Emerging Economy: An Example of Technology Platform ...
Citizen Engagement in an Emerging Economy: An Example of Technology Platform ...Anup Kumar Das
 
Presentación del Ministro de Economía en la Universidad de Chicago (En inglés)
Presentación del Ministro de Economía en la Universidad de Chicago (En inglés)Presentación del Ministro de Economía en la Universidad de Chicago (En inglés)
Presentación del Ministro de Economía en la Universidad de Chicago (En inglés)Ministerio de Economía y Finanzas Públicas de Bolivia
 
An emerging economy in the great recession
An emerging economy in the great recessionAn emerging economy in the great recession
An emerging economy in the great recessionNorthAmericanMgtSoc
 
Indonessia emerging economy
Indonessia emerging economyIndonessia emerging economy
Indonessia emerging economyraman109
 
Spotlight on an Emerging Economy: The case of Cameroon
Spotlight on an Emerging Economy: The case of CameroonSpotlight on an Emerging Economy: The case of Cameroon
Spotlight on an Emerging Economy: The case of CameroonHonorine Budji Vebem
 
Infrastructural development financil
Infrastructural development financil Infrastructural development financil
Infrastructural development financil Ayub Ali
 

Recommandé

5 Emerging US Public Finance Models 2009
5 Emerging US Public Finance Models 20095 Emerging US Public Finance Models 2009
5 Emerging US Public Finance Models 2009Glenn Klith Andersen
 
Humanitarian Aid To Emerging Economy Proposal 01 10a
Humanitarian Aid To Emerging Economy Proposal 01 10aHumanitarian Aid To Emerging Economy Proposal 01 10a
Humanitarian Aid To Emerging Economy Proposal 01 10adaust
 
Citizen Engagement in an Emerging Economy: An Example of Technology Platform ...
Citizen Engagement in an Emerging Economy: An Example of Technology Platform ...Citizen Engagement in an Emerging Economy: An Example of Technology Platform ...
Citizen Engagement in an Emerging Economy: An Example of Technology Platform ...Anup Kumar Das
 
Presentación del Ministro de Economía en la Universidad de Chicago (En inglés)
Presentación del Ministro de Economía en la Universidad de Chicago (En inglés)Presentación del Ministro de Economía en la Universidad de Chicago (En inglés)
Presentación del Ministro de Economía en la Universidad de Chicago (En inglés)Ministerio de Economía y Finanzas Públicas de Bolivia
 
An emerging economy in the great recession
An emerging economy in the great recessionAn emerging economy in the great recession
An emerging economy in the great recessionNorthAmericanMgtSoc
 
Indonessia emerging economy
Indonessia emerging economyIndonessia emerging economy
Indonessia emerging economyraman109
 
Spotlight on an Emerging Economy: The case of Cameroon
Spotlight on an Emerging Economy: The case of CameroonSpotlight on an Emerging Economy: The case of Cameroon
Spotlight on an Emerging Economy: The case of CameroonHonorine Budji Vebem
 
Infrastructural development financil
Infrastructural development financil Infrastructural development financil
Infrastructural development financil Ayub Ali
 
Emerging Economy should Consume More & Save Less Developed Economy Should...
Emerging Economy should Consume More & Save Less Developed Economy Should...Emerging Economy should Consume More & Save Less Developed Economy Should...
Emerging Economy should Consume More & Save Less Developed Economy Should...TICS
 
Challenges of the Interaction Economy
Challenges of the Interaction EconomyChallenges of the Interaction Economy
Challenges of the Interaction EconomyThei Geurts
 
Emerging economies
Emerging economiesEmerging economies
Emerging economiesInfosys
 
The Emerging Collaborative Economy in Australia
The Emerging Collaborative Economy in AustraliaThe Emerging Collaborative Economy in Australia
The Emerging Collaborative Economy in AustraliaCollaborative Lab
 
Humanitarian Aid To Emerging Economy 01 10
Humanitarian Aid To Emerging Economy 01 10Humanitarian Aid To Emerging Economy 01 10
Humanitarian Aid To Emerging Economy 01 10daust
 
Emerging Economies of the World: A Study | November 2016
Emerging Economies of the World: A Study | November 2016Emerging Economies of the World: A Study | November 2016
Emerging Economies of the World: A Study | November 2016Suhel Goel
 
Emerging Markes [SAV Lecture Notes]
Emerging Markes [SAV Lecture Notes]Emerging Markes [SAV Lecture Notes]
Emerging Markes [SAV Lecture Notes]Fan DiFu, Ph.D. (Steve)
 
Understanding emerging markets
Understanding emerging marketsUnderstanding emerging markets
Understanding emerging marketsTim Wilson
 
Business Perspectives on Emerging Markets 2012-2017
Business Perspectives on Emerging Markets 2012-2017 Business Perspectives on Emerging Markets 2012-2017
Business Perspectives on Emerging Markets 2012-2017 M-Brain (previously Global Intelligence Alliance)
 
Emerging markets finalpresentation
Emerging markets finalpresentationEmerging markets finalpresentation
Emerging markets finalpresentationibc-emerging-markets
 
Business & Emerging Markets
Business & Emerging MarketsBusiness & Emerging Markets
Business & Emerging Marketstutor2u
 
Emerging markets presentation
Emerging markets presentationEmerging markets presentation
Emerging markets presentationdavvy75
 
Emerging Markets
Emerging MarketsEmerging Markets
Emerging Marketsguestbaefb5
 
Chap 1 introduction to management
Chap 1 introduction to managementChap 1 introduction to management
Chap 1 introduction to managementKardan University Kabul AFG
 
IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredRochester Security Summit
 
Radio Reconnaissance in Penetration Testing
Radio Reconnaissance in Penetration TestingRadio Reconnaissance in Penetration Testing
Radio Reconnaissance in Penetration TestingRochester Security Summit
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!Rochester Security Summit
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleRochester Security Summit
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingRochester Security Summit
 
Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)Rochester Security Summit
 
Dissecting the Hack: Malware Analysis 101
Dissecting the Hack: Malware Analysis 101 Dissecting the Hack: Malware Analysis 101
Dissecting the Hack: Malware Analysis 101 Rochester Security Summit
 
GRC– The Way Forward
GRC– The Way ForwardGRC– The Way Forward
GRC– The Way ForwardRochester Security Summit
 

Contenu connexe

En vedette

Emerging Economy should Consume More & Save Less Developed Economy Should...
Emerging Economy should Consume More & Save Less Developed Economy Should...Emerging Economy should Consume More & Save Less Developed Economy Should...
Emerging Economy should Consume More & Save Less Developed Economy Should...TICS
 
Challenges of the Interaction Economy
Challenges of the Interaction EconomyChallenges of the Interaction Economy
Challenges of the Interaction EconomyThei Geurts
 
Emerging economies
Emerging economiesEmerging economies
Emerging economiesInfosys
 
The Emerging Collaborative Economy in Australia
The Emerging Collaborative Economy in AustraliaThe Emerging Collaborative Economy in Australia
The Emerging Collaborative Economy in AustraliaCollaborative Lab
 
Humanitarian Aid To Emerging Economy 01 10
Humanitarian Aid To Emerging Economy 01 10Humanitarian Aid To Emerging Economy 01 10
Humanitarian Aid To Emerging Economy 01 10daust
 
Emerging Economies of the World: A Study | November 2016
Emerging Economies of the World: A Study | November 2016Emerging Economies of the World: A Study | November 2016
Emerging Economies of the World: A Study | November 2016Suhel Goel
 
Understanding emerging markets
Understanding emerging marketsUnderstanding emerging markets
Understanding emerging marketsTim Wilson
 
Emerging markets finalpresentation
Emerging markets finalpresentationEmerging markets finalpresentation
Emerging markets finalpresentationibc-emerging-markets
 
Business & Emerging Markets
Business & Emerging MarketsBusiness & Emerging Markets
Business & Emerging Marketstutor2u
 
Emerging markets presentation
Emerging markets presentationEmerging markets presentation
Emerging markets presentationdavvy75
 
Emerging Markets
Emerging MarketsEmerging Markets
Emerging Marketsguestbaefb5
 

En vedette (14)

Emerging Economy should Consume More & Save Less Developed Economy Should...
Emerging Economy should Consume More & Save Less Developed Economy Should...Emerging Economy should Consume More & Save Less Developed Economy Should...
Emerging Economy should Consume More & Save Less Developed Economy Should...
 
Challenges of the Interaction Economy
Challenges of the Interaction EconomyChallenges of the Interaction Economy
Challenges of the Interaction Economy
 
Emerging economies
Emerging economiesEmerging economies
Emerging economies
 
The Emerging Collaborative Economy in Australia
The Emerging Collaborative Economy in AustraliaThe Emerging Collaborative Economy in Australia
The Emerging Collaborative Economy in Australia
 
Humanitarian Aid To Emerging Economy 01 10
Humanitarian Aid To Emerging Economy 01 10Humanitarian Aid To Emerging Economy 01 10
Humanitarian Aid To Emerging Economy 01 10
 
Emerging Economies of the World: A Study | November 2016
Emerging Economies of the World: A Study | November 2016Emerging Economies of the World: A Study | November 2016
Emerging Economies of the World: A Study | November 2016
 
Emerging Markes [SAV Lecture Notes]
Emerging Markes [SAV Lecture Notes]Emerging Markes [SAV Lecture Notes]
Emerging Markes [SAV Lecture Notes]
 
Understanding emerging markets
Understanding emerging marketsUnderstanding emerging markets
Understanding emerging markets
 
Business Perspectives on Emerging Markets 2012-2017
Business Perspectives on Emerging Markets 2012-2017 Business Perspectives on Emerging Markets 2012-2017
Business Perspectives on Emerging Markets 2012-2017
 
Emerging markets finalpresentation
Emerging markets finalpresentationEmerging markets finalpresentation
Emerging markets finalpresentation
 
Business & Emerging Markets
Business & Emerging MarketsBusiness & Emerging Markets
Business & Emerging Markets
 
Emerging markets presentation
Emerging markets presentationEmerging markets presentation
Emerging markets presentation
 
Emerging Markets
Emerging MarketsEmerging Markets
Emerging Markets
 
Chap 1 introduction to management
Chap 1 introduction to managementChap 1 introduction to management
Chap 1 introduction to management
 

Plus de Rochester Security Summit

Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleRochester Security Summit
 
Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)Rochester Security Summit
 
A Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudA Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudRochester Security Summit
 
State Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltState Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltRochester Security Summit
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…Rochester Security Summit
 
A Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT BudgetA Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT BudgetRochester Security Summit
 
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Rochester Security Summit
 

Plus de Rochester Security Summit (17)

IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
 
Radio Reconnaissance in Penetration Testing
Radio Reconnaissance in Penetration TestingRadio Reconnaissance in Penetration Testing
Radio Reconnaissance in Penetration Testing
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation Style
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)
 
Dissecting the Hack: Malware Analysis 101
Dissecting the Hack: Malware Analysis 101 Dissecting the Hack: Malware Analysis 101
Dissecting the Hack: Malware Analysis 101
 
GRC– The Way Forward
GRC– The Way ForwardGRC– The Way Forward
GRC– The Way Forward
 
A Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudA Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public Cloud
 
Finding Patterns in Data Breaches
Finding Patterns in Data BreachesFinding Patterns in Data Breaches
Finding Patterns in Data Breaches
 
State Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltState Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork Quilt
 
It's All About the Data!
It's All About the Data!It's All About the Data!
It's All About the Data!
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…
 
A Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT BudgetA Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT Budget
 
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
Firewall Defense against Covert Channels
Firewall Defense against Covert Channels Firewall Defense against Covert Channels
Firewall Defense against Covert Channels
 

Dernier

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Dernier (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Threats from Economical Improvement: Why the Economy in Emerging Countries Can Pose as a Threat to Cyber Security

  • 1. Threats from the Economical Improvement Why the economy on emerging countries can pose as a threat to cyber security and how to improve the protection through continuous education 1 Eduardo Vianna de Camargo Neves Conviso IT Security, Operations Manager OWASP Global Education Committee Member Monday, September 20, 2010
  • 2. Overview The increase of global economy and their reflections on BRIC countries, are changing how these societies make business and interact with the rest of the world Companies from Brazil, India, Russia and China are not working only on their own markets anymore A new mid-class with access to credit lines and technology is impulsing commerce on new markets and becoming one economic power Cyber crime is raising in the same proportion, following the money and profiling new opportunities with a lower risk 2Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
  • 3. Overview This presentation will focus on Brazil and a proposal to contribute on cyber crime prevention and reduction through education on computer security for the society This is an on-going project which are being improved and will be presented with new data at OWASP AppSec DC, on November 2010 A white paper is being produced with collaboration from other companies and independent researchers to improve content and allow new deliveries An OWASP Project will be launched on 2011 to support this initiative as part of Global Education Committee efforts on Latin America, supporters and contributors are welcome 3Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
  • 4. Changes on economy and society 4Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
  • 5. Welcome to a Brave New World 5 Brazil, Russian Federation, India and China had made impressive changes on their economies and transform how their society are dealing with it Brazil is a world-leader on agribusiness and lead specific high-tech sectors such as airplane production and oil exploration Russia is the world's second largest oil exporter and largest gas exporter and the economy is growing since 2001 India is one of the fastest growing telecom markets in the world and maintains a unemployment rate of 10.7% on 2009 China contributed 1/3 of global economic growth in 2004 and accounted for half of global growth in metals demand Source: The World Factbook by CIA Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
  • 6. The Role of a New Society According to the World Bank, developing countries' share in world trade rose from 16% in 1990 to 30% in 2006, led by China and with Brazil and India not far behind The urban Chinese middle class will spend close to $2.3 trillion a year by 2025, while India's one should grow from 5 percent today to over 40 percent of the nation over the next 20 years In Brazil, 10 million people gained Internet between 2005 and 2007, making a total with access to nearly 40 million, or 29% of the population Companies, Governments and the society in all those countries are becoming stronger and using technology to support their grow 6Conviso IT Security | Threats from the Economical Improvement Source: The World Bank Monday, September 20, 2010
  • 7. Reflections on cyber-crime The ties between economics and information security was discussed by Ross Anderson and other authors. The improvement of BRIC countries’ economies brings new topics Governments are not ready to deal with a change on the society which is creating millions of new users of Internet based services Companies are dealing with new threats using old technologies, the Market for Lemons is here People are buying computers and smart phones to be on line but they really don’t understand the risks and impacts of a connected world 7Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
  • 8. The results are on our sight Cyber crime is increasing world-wide and besides the fact that numbers are very complicated, there are some questions which can lead a discussion on causes and solutions Governments are not ready to deal with a change on the society which is creating millions of new users of Internet based services Companies are dealing with new threats using old technologies, the Market for Lemons is here People are buying computers and smart phones to be on line but they really don’t understand the risks and impacts of a connected world 8Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
  • 9. The Brazilian Scenario 9Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
  • 10. Conviso IT Security | Threats from the Economical Improvement The Economic Redemption 10 As a result of deep changes started on 1994 and maintained by all Governments, Brazil is now watching a new and continuous social improvement Almost 52% of the population are in Mid-Class, comparing to a rate of 32% on 1992 10 million people gained Internet between 2005 and 2007, making a total with access to nearly 40 million, or 29% of the population The number of credit cards rose from 27 million on 2006 to 150 million in 2009 Source: BBC and Reuters Monday, September 20, 2010
  • 11. Conviso IT Security | Threats from the Economical Improvement Timeline Cyber crime are being conducted in Brazil since 2001. Attacks are increasing, being more sophisticated and trending to client-side approaches and target hosts in other countries 11 Year AttackTrend Incidents on CERT.BR Fraud % 2001 • Initial deployment of rudimentary keyloggers • Brute force attacks on bank sites 5,997 0% 2004 • Increase in sophisticated phishing • DNS compromises widely used (“pharming”) 75,722 5% 2007 • Trojans delivered via drive-by downloads • Malware modifying client’s hosts file 160,080 28% 2009 • Usage of XSS and CSRF • IdentityTheft 358,343 69% Source: CERT.BR Monday, September 20, 2010
  • 12. Conviso IT Security | Threats from the Economical Improvement Cyber Crime Evolution Fraud, are still the major issues, however a new trend is being observed on the last three years Social networks are being used to share criminal information, from child pornography to kidnapping. The damage is affecting local and international companies as co-responsible Attacks are moving from trojans to exploration of common flaws on web sites such as XSS and CSRF to support fraud and identity theft Brazil’s electrical grid was supposed targeted by crackers, however data leakage on Government web sites and systems are becoming a routine 12 Source: Safernet.org.br, Symantec and Conviso Security Labs Monday, September 20, 2010
  • 13. Why you should care about USA is accounted for 19% of Internet based attacks but the BRIC countries also compose a large slice of this problem 13Conviso IT Security | Threats from the Economical Improvement Source: Internet Security Threat report, by Symantec 60% 8% 4% 3% 6% 19% USA Brazil Russia India China World 21% And there are a lot of space to grow Monday, September 20, 2010
  • 14. The Call for Education 14Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
  • 15. Education is the Key We do not believe that education only for the community is enough to transform this scenario. A more comprehensive approach must be delivered for three major areas. The Government must understand how fragile web security can be and prepare their own strategies do deal with Companies must understand how to buy, develop and maintain secure applications for their customers The academia must change their directions. Security is not optional and all programers and managers must understand that as part of their competencies 15Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
  • 16. The OWASP Role There are several OWASP Projects ready to be used by anyone which needs to make more secure software, so a“packing strategy”is required to make them more palatable for different audiences Governments must understand why application security matters and must be a strategy for the country and an obligation to their citizens Companies must promote security in all business areas and relate this achievement on the executive agenda The Academia must include computer security on several areas as a common discipline like statistics and math. Specialization is great, but do not achieve the responsible parties 16Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
  • 17. Conclusions 17Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
  • 18. Next Steps This is a simple but ambitious project which we believe will change how people understand application security on the BRIC countries and several complementary steps are required Specific competencies to support delivery process Effort allocation to adapt current content to the reality in each country Leaders to support the overall development and achieve other countries with similar situation than Brazil 18Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
  • 19. Acknowledgements The following companies, organizations and individuals supported this research and sponsored this presentation: Conviso IT Security: Sponsored my travel and is supporting this research (Disclaimer: I am one of the parters) OWASP Connections Committee: Partially sponsored my expenses, thank you very much Dinis! Anchises Moraes Guimaraes De Paula: IT Security researcher working with me on this development. You can tweet him at @anchisesbr All images used in this presentation are licensed on Creative Commons and the original sources can be reached clicking on them 19Conviso IT Security | Threats from the Economical Improvement Monday, September 20, 2010
  • 20. Threats from the Economical Improvement Why the economy on emerging countries can pose as a threat to cyber security and how to improve the protection through continuous education 20 Eduardo Vianna de Camargo Neves Conviso IT Security, Operations Manager OWASP Global Education Committee Member Monday, September 20, 2010