Wednesday, 02 April 2014 07:40
Written by Tracy Burrows
Charlie Miller, security engineer at Twitter
SA’s premier information security event, the ITWeb Security Summit, will be staged in May, with a focus on high-profile breaches and global surveillance.
Last year’s Snowden revelations and a number of high-profile breaches have shaken confidence in information
security, say stakeholders. In addition, a changing market and rush of new technology is posing new problems for the chief information
security officer (CISO). The solution: it’s time for information
security to get back to basics, say experts.
At the ITWeb Security Summit, to be staged at the Sandton Convention Centre from 27 – 29 May, local and international information
security experts will assess the repercussions of the Snowden revelations, the impact of a new technology environment, and strategies to safeguard the ‘new oil’ – enterprise data.
Addressing the top-of-mind issue of state surveillance,
Christopher Soghoian, principal technologist and senior policy analyst with the Speech, Privacy and Technology Project at the American Civil Liberties Union, and
Jacob Appelbaum, hacker and independent computer
security researcher, will analyse the issues of privacy and trust, and the role of Internet companies in state surveillance.
Haroon Meer, founder of Thinkst, says the Snowden revelations pointed to the vulnerable position technology consumers find themselves in. “South Africa is largely a technology consumer. So, we can hope that a realisation will grow that you cannot simply buy more imported technology to address vulnerabilities. The leaks point to the need for more home-grown technology and the need to grow local ecosystems.”
Amid the questions around state manipulation of the cyber world,
Jason Jordaan, head: cyber forensic laboratory: special investigating unit, SA, will outline the relationship between corruption and cyber crime, while Professor
Basie von Solms will assess the state of cyber counterintelligence.
Also on the agenda is a car hacking demonstration by
Charlie Miller,
security engineer at Twitter, and
Chris Valasek, director of
security intelligence at IOActive, who will prove it is possible to manipulate certain computer systems found in most cars to control the vehicle. “The more electronics in the car, the more we can do as attackers,” he told DefCon last year.
Privacy, reputational damage and control of vehicles aren’t all that is at stake in a world under siege by cyber criminals. Now, organised cyber crime networks are targeting revenue from high value individuals and businesses.
Mitigating the new risks takes a multi-pronged approach, say experts set to address the event.
“It’s time to get back to basics,” says
Brendan Kotze, MD of event sponsor Performanta’s Services division. “Rushing to adopt the next big thing does little to improve overall information
security if the basics are not in place. Local companies need to question their maturity around endpoint and
malware management. Enterprises should not blame the kit, they should blame the implementation,” he says.
Meanwhile,
Maiendra Moodley, divisional head (GM) of Financial Systems and Processes at
SITA, advises against misdirected information
security spending based on paranoia. Moodley says achieving the right levels of
security begins with a thorough risk assessment encompassing both information and physical
security, which combines a firm grasp of processes under the enterprise governance and risk banner. Moodley adds the role of the chief
security officer has to change in a changing environment. “Now, enterprises need a CSO with a background in both physical and information
security, who understands overall risk and governance and business issues.”
This view is echoed by
Andrew Mpofu, IT
security audit manager at the South African Post Office, who says enterprises are now wholly dependent on their IT systems, making the CISO a critical link between IT and business.
These experts will present in some of the more than 30 sessions in tracks designed for either senior business management or IT
security professionals.
This three-day event will also include in-depth training workshops and an expo area.