Baseline projections envisage the BRICs overtaking the U.S. economy by 2018. As a result, a new mid-class is emerging within the population and the access to computers and e-commerce are advancing in the same wave, generating threats based on a large base for new cyber criminals and also new victims with little or no knowledge of computer security. This presentation will show how this scenario is being studied and the next steps for developing a more comprehensive analysis of the root causes and proposed actions to change the increase of cyber crime from these sources.
Eduardo Vianna de Camargo Neves
Eduardo has been an Information Security professional and enthusiast since 1997. His work experience includes extensive knowledge in meeting compliance requirements in large scale regulated organizations, business continuity planning and disaster recovery, risk assessment and management, team management, and security awareness for different audiences in the consumer goods market. After eight years in the corporate environment, Eduardo realized an old dream and founded his own consulting company. As an entrepreneur, he is working to deliver first class services in IT Security with specialized products and services for network and application security.
Threats from Economical Improvement: Why the Economy in Emerging Countries Can Pose as a Threat to Cyber Security
1. Threats from the Economical Improvement
Why the economy on emerging countries can pose as a threat to
cyber security and how to improve the protection through
continuous education
1
Eduardo Vianna de Camargo Neves
Conviso IT Security, Operations Manager
OWASP Global Education Committee Member
Monday, September 20, 2010
2. Overview
The increase of global economy and their reflections on BRIC countries,
are changing how these societies make business and interact with the
rest of the world
Companies from Brazil, India, Russia and China are not working only on
their own markets anymore
A new mid-class with access to credit lines and technology is impulsing
commerce on new markets and becoming one economic power
Cyber crime is raising in the same proportion, following the money and
profiling new opportunities with a lower risk
2Conviso IT Security | Threats from the Economical Improvement
Monday, September 20, 2010
3. Overview
This presentation will focus on Brazil and a proposal to contribute on
cyber crime prevention and reduction through education on computer
security for the society
This is an on-going project which are being improved and will be
presented with new data at OWASP AppSec DC, on November 2010
A white paper is being produced with collaboration from other
companies and independent researchers to improve content and allow
new deliveries
An OWASP Project will be launched on 2011 to support this initiative as
part of Global Education Committee efforts on Latin America, supporters
and contributors are welcome
3Conviso IT Security | Threats from the Economical Improvement
Monday, September 20, 2010
4. Changes on economy and society
4Conviso IT Security | Threats from the Economical Improvement
Monday, September 20, 2010
5. Welcome to a Brave New World
5
Brazil, Russian Federation, India and China had made impressive changes
on their economies and transform how their society are dealing with it
Brazil is a world-leader on agribusiness and lead specific high-tech
sectors such as airplane production and oil exploration
Russia is the world's second largest oil exporter and largest gas exporter
and the economy is growing since 2001
India is one of the fastest growing telecom markets in the world and
maintains a unemployment rate of 10.7% on 2009
China contributed 1/3 of global economic growth in 2004 and accounted
for half of global growth in metals demand
Source: The World Factbook by CIA
Conviso IT Security | Threats from the Economical Improvement
Monday, September 20, 2010
6. The Role of a New Society
According to the World Bank, developing countries' share in world trade
rose from 16% in 1990 to 30% in 2006, led by China and with Brazil and
India not far behind
The urban Chinese middle class will spend close to $2.3 trillion a year by
2025, while India's one should grow from 5 percent today to over 40
percent of the nation over the next 20 years
In Brazil, 10 million people gained Internet between 2005 and 2007,
making a total with access to nearly 40 million, or 29% of the population
Companies, Governments and the society in all those countries are
becoming stronger and using technology to support their grow
6Conviso IT Security | Threats from the Economical Improvement
Source: The World Bank
Monday, September 20, 2010
7. Reflections on cyber-crime
The ties between economics and information security was discussed by
Ross Anderson and other authors. The improvement of BRIC countries’
economies brings new topics
Governments are not ready to deal with a change on the society which is
creating millions of new users of Internet based services
Companies are dealing with new threats using old technologies, the
Market for Lemons is here
People are buying computers and smart phones to be on line but they
really don’t understand the risks and impacts of a connected world
7Conviso IT Security | Threats from the Economical Improvement
Monday, September 20, 2010
8. The results are on our sight
Cyber crime is increasing world-wide and besides the fact that numbers
are very complicated, there are some questions which can lead a
discussion on causes and solutions
Governments are not ready to deal with a change on the society which is
creating millions of new users of Internet based services
Companies are dealing with new threats using old technologies, the
Market for Lemons is here
People are buying computers and smart phones to be on line but they
really don’t understand the risks and impacts of a connected world
8Conviso IT Security | Threats from the Economical Improvement
Monday, September 20, 2010
10. Conviso IT Security | Threats from the Economical Improvement
The Economic Redemption
10
As a result of deep changes started on 1994 and maintained by all
Governments, Brazil is now watching a new and continuous social
improvement
Almost 52% of the population are in Mid-Class, comparing to a rate of
32% on 1992
10 million people gained Internet between 2005 and 2007, making a
total with access to nearly 40 million, or 29% of the population
The number of credit cards rose from 27 million on 2006 to 150 million in
2009
Source: BBC and Reuters
Monday, September 20, 2010
11. Conviso IT Security | Threats from the Economical Improvement
Timeline
Cyber crime are being conducted in Brazil since 2001. Attacks are
increasing, being more sophisticated and trending to client-side
approaches and target hosts in other countries
11
Year AttackTrend
Incidents on
CERT.BR
Fraud %
2001 • Initial deployment of rudimentary keyloggers
• Brute force attacks on bank sites
5,997 0%
2004 • Increase in sophisticated phishing
• DNS compromises widely used (“pharming”)
75,722 5%
2007 • Trojans delivered via drive-by downloads
• Malware modifying client’s hosts file
160,080 28%
2009 • Usage of XSS and CSRF
• IdentityTheft
358,343 69%
Source: CERT.BR
Monday, September 20, 2010
12. Conviso IT Security | Threats from the Economical Improvement
Cyber Crime Evolution
Fraud, are still the major issues, however a new trend is being observed
on the last three years
Social networks are being used to share criminal information, from child
pornography to kidnapping. The damage is affecting local and
international companies as co-responsible
Attacks are moving from trojans to exploration of common flaws on web
sites such as XSS and CSRF to support fraud and identity theft
Brazil’s electrical grid was supposed targeted by crackers, however data
leakage on Government web sites and systems are becoming a routine
12
Source: Safernet.org.br, Symantec and Conviso Security Labs
Monday, September 20, 2010
13. Why you should care about
USA is accounted for 19% of Internet based attacks but the BRIC
countries also compose a large slice of this problem
13Conviso IT Security | Threats from the Economical Improvement
Source: Internet Security Threat report, by Symantec
60%
8%
4%
3%
6%
19%
USA
Brazil
Russia
India
China
World
21%
And there are a lot
of space to grow
Monday, September 20, 2010
14. The Call for Education
14Conviso IT Security | Threats from the Economical Improvement
Monday, September 20, 2010
15. Education is the Key
We do not believe that education only for the community is enough to
transform this scenario. A more comprehensive approach must be
delivered for three major areas.
The Government must understand how fragile web security can be and
prepare their own strategies do deal with
Companies must understand how to buy, develop and maintain secure
applications for their customers
The academia must change their directions. Security is not optional and
all programers and managers must understand that as part of their
competencies
15Conviso IT Security | Threats from the Economical Improvement
Monday, September 20, 2010
16. The OWASP Role
There are several OWASP Projects ready to be used by anyone which
needs to make more secure software, so a“packing strategy”is required
to make them more palatable for different audiences
Governments must understand why application security matters and
must be a strategy for the country and an obligation to their citizens
Companies must promote security in all business areas and relate this
achievement on the executive agenda
The Academia must include computer security on several areas as a
common discipline like statistics and math. Specialization is great, but do
not achieve the responsible parties
16Conviso IT Security | Threats from the Economical Improvement
Monday, September 20, 2010
18. Next Steps
This is a simple but ambitious project which we believe will change how
people understand application security on the BRIC countries and several
complementary steps are required
Specific competencies to support delivery process
Effort allocation to adapt current content to the reality in each country
Leaders to support the overall development and achieve other countries
with similar situation than Brazil
18Conviso IT Security | Threats from the Economical Improvement
Monday, September 20, 2010
19. Acknowledgements
The following companies, organizations and individuals supported this
research and sponsored this presentation:
Conviso IT Security: Sponsored my travel and is supporting this research
(Disclaimer: I am one of the parters)
OWASP Connections Committee: Partially sponsored my expenses,
thank you very much Dinis!
Anchises Moraes Guimaraes De Paula: IT Security researcher working
with me on this development. You can tweet him at @anchisesbr
All images used in this presentation are licensed on Creative Commons
and the original sources can be reached clicking on them
19Conviso IT Security | Threats from the Economical Improvement
Monday, September 20, 2010
20. Threats from the Economical Improvement
Why the economy on emerging countries can pose as a threat to
cyber security and how to improve the protection through
continuous education
20
Eduardo Vianna de Camargo Neves
Conviso IT Security, Operations Manager
OWASP Global Education Committee Member
Monday, September 20, 2010