Last year's Snowden revelations and a number of high-profile breaches have shaken confidence in information security, say stakeholders. In addition, a changing market and rush of new technology is posing new problems for the CISO. The solution: it's time for information security to get back to basics, say experts.
At the ITWeb Security Summit, local and international information security experts will assess the repercussions of the Snowden revelations, the impact of a new technology environment, and strategies to safeguard the "new oil" - enterprise data.
Addressing the top-of-mind issue of state surveillance, Christopher Soghoian, principal technologist and senior policy analyst of the Speech, Privacy and Technology Project at the American Civil Liberties Union, and Jacob Appelbaum, hacker and independent computer security research, will analyse the issues of privacy and trust, and the role of internet companies in state surveillance.
Haroon Meer, founder of Thinkst, says the Snowden revelations pointed to the vulnerable position technology consumers find themselves in. "South Africa is largely a technology consumer. So, we can hope that a realisation will grow that you cannot simply buy more imported technology to address vulnerabilities. The leaks point to the need for more home-grown technology and the need to grow local ecosystems."
Amid the questions around state manipulation of the cyber world, Jason Jordaan, head: cyber forensic laboratory: special investigating unit, South Africa, will outline the relationship between corruption and cyber-crime, while Professor Basie von Solms will assess the state of cyber counterintelligence.
Also on the agenda is a car-hacking demonstration by Charlie Miller, security engineer of Twitter, and Chris Valasek, director of security intelligence of IOActive, who will prove that it is possible to manipulate certain computer systems found in most cars to control the vehicle. "The more electronics in the car, the more we can do as attackers," he told DefCon last year.
Privacy, reputational damage and control of vehicles aren't all that is at stake in a world under siege by cyber criminals. Now, organised cyber-crime networks are targeting revenue from high-value individuals and businesses.
Mitigating the new risks takes a multi-pronged approach, say experts set to address the event.
"It's time to get back to basics," said Brendan Kotze, MD of event sponsor Performanta's Services division. "Rushing to adopt the next big thing does little to improve overall information security if the basics are not in place. Local companies need to question their maturity around end-point and malware management. Enterprises should not blame the kit, they should blame the implementation," he said.
Meanwhile, Maiendra Moodley, divisional head (GM) financial systems and processes of SITA, advises against misdirected information security spending based on paranoia. Moodley says achieving the right levels of security begins with a thorough risk assessment encompassing both information and physical security, which combines a firm grasp of processes under the enterprise governance and risk banner. Moodley adds that the role of the chief security officer has to change in a changing environment. "Now, enterprises need a CSO with a background in both physical and information security, who understands overall risk and governance and business issues."
This view is echoed by Andrew Mpofu, IT security audit manager of the South African Post Office, who says enterprises are now wholly dependent on their IT systems, making the chief information security officer (CISO) a critical link between IT and business.
These experts will present in some of the more than 30 sessions in tracks designed for either senior business management or IT security professionals.
The three-day event will also include in-depth training workshops and an expo area.
For more, go to www.securitysummit.co.za.
