Cyber security is important to protect networks, computers, programs and data from unauthorized access and cyber attacks which cost businesses billions globally each year. The document discusses factors that influence cyber security costs such as company size, type of sensitive data, security products/services used, and professional audits. It also explains Tanzania's position in the cyber security index, where it ranks 5th among African countries in the "maturing stage" of cyber security commitment and readiness based on its improving legal framework and regulations over the past three years.

1. QN. 01
Review cyber-security and its cost
to the world economy.

2. PART 1. INTRODUCTION
 Cyber security Is the body of technologies,
processes, and practices designed to protect
networks, computers, programs and data from
attack, damage or unauthorized access.

3. SECURITY FUNDAMENTALS.
Confidentiality
 Is about preventing the disclosure of data to
unauthorized parties.
Its Standard measures to establish confidentiality
include:
 Data encryption
 Two-factor authentication
 Biometric verification
 Security tokens

4. Integrity:
 Refers to protecting information from being
modified by unauthorized parties. Standard
measures to guarantee integrity include:
Cryptographic checksums, Using file permissions
Uninterrupted power supplies, Data backups

5. Availability
 Is making sure that authorized parties are able to
access the information when needed.
 Standard measures to guarantee availability
include:
 Backing up data to external drives
 Implementing firewalls
 Having backup power supplies
 Data redundancy

6. Why is cyber security
important?
 This is due to Cyber-attacks which can be
extremely expensive for businesses to endure.
 Cyber-attacks can be classified into the following
categories:
 Web-based attacks
 System-based attacks

7.  Web-based attacks
1. Injection attacks
 It is the attack in which some data will be
injected into a web application to manipulate the
application and fetch the required information.
 Example- SQL Injection, code Injection, log
Injection, XML Injection etc

8. Web-based attacks cont….
2. Phishing
 Phishing is a type of attack which attempts to
steal sensitive information like user login
credentials and credit card number. It occurs
when an attacker is masquerading as a
trustworthy entity in electronic communication

9. Web-based attacks cont.….
3. Denial of Service.
 It is an attack which meant to make a server or
network resource unavailable to the users. It
accomplishes this by flooding the target with
traffic or sending information that triggers a
crash.
 It uses the single system and single internet
connection to attack a server

10. Web-based attacks cont….
4. Man in the middle attacks.
 It is a type of attack that allows an attacker to
intercepts the connection between client and
server and acts as a bridge between them. Due to
this, an attacker will be able to read, insert and
modify the data in the intercepted connection.

11. System-based attacks
1. Virus
 It is a type of malicious software program that
spread throughout the computer files without the
knowledge of a user.

12. System-based attacks
cont…
2. Worm.
 It is a type of malware whose primary function is
to replicate itself to spread to uninfected
computers.
 It works same as the computer virus. Worms
often originate from email attachments that
appear to be from trusted senders.

13. System-based attacks
cont…
3. Trojan horse.
 It is a malicious program that occurs unexpected
changes to computer setting and unusual activity,
even when the computer should be idle.
 It misleads the user of its true intent.
 It appears to be a normal application but when
opened/executed some malicious code will run in the
background.

14. System-based attacks
cont…
4. Backdoors.
 It is a method that bypasses the normal
authentication process.
 A developer may create a backdoor so that an
application or operating system can be accessed
for troubleshooting or other purposes.

15. System-based attacks
cont…
5. Bots
 A bot (short for "robot") is an automated process
that interacts with other network services.
 Some bots program run automatically, while
others only execute commands when they receive
specific input.
 Common examples of bots program are the
crawler, chatroom bots, and malicious bots.

16. PART 2. The above mentioned cyber-
security attacks cost the world economy
as follows.
1.Size of company
 The more employees you have the more opportunities for a cyber-attack to
occur (more computers, workstations, and devices are vulnerable to attacks).
 Larger organizations tend to require more in their cyber security spending than
smaller businesses.
 Example, Large enterprises like Microsoft spend $1 billion to drive
cybersecurity initiatives
 The financial industry spends 10% of its information Technology (IT) budget
average on cybersecurity.
 Cyber-crime cost businesses in the United States more than $3.5 billion in
internet-related cyber crimes and damages according to a 2019 FBI report.

17. Cyber security cost factors Cont.…
2. Type of data
Businesses that collect more sensitive data will need additional security
layers to ensure they are compliant with industry-standard legal
compliance.
 More money will be required to protect data that comes under
compliance
 For example, you need a bigger budget if your data falls under Health
Insurance Portability and Accountability act (HIPAA) or Businesses in
commerce, Payment Card Industry (PCI) to ensure privacy and
prevent breaches
 General business may need to allocate 0.2% to 0.9% of its annual
revenues to drive cybersecurity initiatives.

18. Cyber security cost factors Cont.…
3. Products and Services
 The more protection you have in the form of products and services,
the higher the cost. Example Firewalls range in prices between $400
and $6,000.
 Businesses that choose both cyber security products and services
should expect to pay more than if they just select products. For
example, a bank may need 24/7 monitoring to identify and track
threats.
 Example , The volume of cyber security services you use, like
antivirus, will determine your cost. According to Kaspersky, such a
setup can cost a business $54,300 on average per year. In addition,
companies also need to pay one-time costs of around $3,000.
 Using cloud-based security solutions can incur $33,500 annually on
cybersecurity

19. Cyber security cost factors Cont.…
4. Self-Install vs. Professional Install
 Cyber security companies can sell security products to set up
yourselves, or to contact a security vendor to help install the product
(usually for additional setup fees).
 A dedicated chief information security officer (CISO) can increase
prices/cost
 An average firewall configuration costs between $450 and $2,500.
 Expected cost for a vulnerability assessment: $1,500 – $6,000 for a
network with 1-3 servers and $5,000 – $10,000 for a network with 5-8
servers.

20. Cyber security cost factors Cont.…
5. Professional Audits
 Organizations can periodically conduct third-party audits to ensure they are
updated with the latest security and compliance standards.
 this involve hire personnel or rely on cybersecurity provider for added costs.
 Audit reveal that, the latest forecast is for global ransomware damage costs
to reach $20 billion by 2021 .

21. QN. 02
Explain Cyber security index, ranking of African
Countries and position of Tanzania.

22. THE CYBER SECURITY INDEX
 Is a sentiment-based measure of the risk to the corporate, industrial, and
governmental information infrastructure from a spectrum of cybersecurity
threats.
 To raise awareness of the importance and different dimensions of the issues
has classified African’s Member States into three categories:-
i. Leading stage: refers to the 6 countries (i.e., GCI score in the 50th percentile
and higher) that demonstrate high commitment.
ii. Maturing stage: refers to the 11 countries (i.e., GCI score between the 20th
and 49th percentile) that have developed complex commitments, and engage
in cybersecurity programs and initiatives.
iii. Initiating stage: refers to the 27 countries (i.e., GCI score less than the 20th
percentile) that have started to make commitments in cybersecurity.

23. TANZANIA POSITION IN
CYBERSECURITY INDEX
 Cyber security has improved dramatically in Tanzania
over the last three years apparently due to a conducive
legal and regulatory framework, according to the 2018
Global Cyber Security Index. Tanzania is now one of the
11 leading African countries; ranking 5th in the maturing
stage; up from being 12th in 2017.
 The table below show the Global Cyber Security
Index for Africa states ;-

25. To wind up , Better accounting for cybersecurity
will be essential for the digital world into which we
are moving to ensure return of technological
investment
THE END