Meer says the information security industry needs to change. "We are in pretty bad shape considering that some of us have actually been trying and investing in security for the better part of a decade. I think admitting we are broken and need fresh approaches is a critical first step. We desperately need to inject honesty, and some knowledge, into the vendor space because as an industry, information security is still largely driven by vendor supply."
Problems arise because vendors simply sell the products they have, even if they don't address problems that customers actually have. In addition, many consultants sell consulting without ever necessarily having been in the trenches, so they often dole out impractical advice. Meer adds that growing numbers of 'green' consultants are entering the field to meet expanding demand.
Meer says the biggest computer security threat facing South African businesses may be the attempt by many to over-simplify the problem. "This leads to solutions that are potentially neat and simple (while being unuseful and unhelpful)," he says.
Meer's talk at the ITWeb Security Summit aims to highlight aspects of information the industry tends to gloss over. "We gloss over them because we don't know that they matter, or because we know that they matter, but don't yet know how to solve them."
