Wednesday, 21 May 2014 00:00
Written by Tracy Burrows
Basie von Solms
Information security experts set to present at the upcoming ITWeb Security Summit in Sandton say the risks of cyber war, data theft, hacking and fraud in the cybersphere cannot be understated. In fact, the risks are greater than ever before, they say, and the information security industry is losing the battle against cyber crime.
Cyber crime is a lucrative global industry, and even everyday criminals can now buy ‘idiot-proof’ hacking toolkits for a few hundred rand online. Nobody is safe and the majority of end-users are still oblivious, say the experts. Withstanding the onslaught means getting back to basics and doing them right, involving the entire enterprise in cyber
security, and even looking to the Cold War for new tactics, the experts say.
Prof
Basie von Solms, director of the Centre for Cyber Security at the University of Johannesburg, says the time has come for legitimate co-operative action by state and private sector role players in breaking the traditional
security mould, which “is proving so ineffective against sophisticated adversaries”.
“Taking a traditional ‘fortress’ approach to cyber
security is an exercise in futility,” he says. “The traditional approach to cyber
security has been mainly a defensive one. Now, we need to be more proactive – and possibly even slightly aggressive – in our approach. We need to go to the next level and gather counter-intelligence that allows us to know our enemy and plan our defences accordingly.”
Guy Golan, CEO of the Performanta Group, says South African enterprises often lack an understanding of practical steps to mitigate risk. “Recent high-profile international events and actual breaches with associated financial losses have renewed the focus on information
security. For years, the information
security industry has been warning of the risk of industrial espionage and hacking, but only now that we see actual incidents resulting in substantial financial losses, are companies taking the risk seriously.”
However, he believes there is a shortage of practical information available to guide local enterprises on the tools and strategies needed to mitigate risk.
“Business management in particular tends to be faced with a great deal of highly technical information. What they need is an overview that speaks to business language. CISOs and CIOs, on the other hand, need to be empowered to communicate effectively with business management on information
security issues,” he says.
Von Solms, Golan and a host of international and local experts will participate in the ITWeb Security Summit at the Sandton Convention Centre from 27 May, to discuss the threat landscape and new defence strategies for information
security. Because business management has become accountable for data
security, this premier event will include tracks designed to update non-technical business management.
Among the experts to speak at the ITWeb Security Summit are:
·
Jacob Appelbaum, independent international hacker and researcher, who will elaborate on global surveillance and privacy issues.
·
Charlie Miller,
security engineer at Twitter and four-time winner of the CanSecWest Pwn2Own
competition, who will assess the failure of the infosec industry and demonstrate how cars can potentially be hacked.
·
Christopher Soghoian, principal technologist and senior policy analyst with the Speech, Privacy and Technology Project at the American Civil Liberties Union, who will give insights into government surveillance and trust issues.
· Nader Henein, regional director: advanced
security solutions – advisory division, BlackBerry, who will shed light on how legitimate mobile apps ‘leak’ vast amounts of information.
·
Natalie van de Coolwijk, MD of Cygeist, will provide an overview of cyber crime and the growing need for cyber insurance.
· Prof
David Taylor, admitted attorney and former associate professor of ICT law and legal consultant, who will discuss legal obligations in reporting IT
security compromises.
· Dianne Stigling, independent IT and information
security consultant, who will talk on POPI readiness. This year’s
security summit agenda will also feature three half-day workshops, as well as an exhibition area showcasing the latest information
security solutions.