Information security 2.0 is a central part of any business wishing to remain relevant in today's changing threat landscape.
These are the words of Pat Pather, director of the Standard Bank Global Security Office, who spoke yesterday at ITWeb's three-day Security Summit at the Sandton Convention Centre.
“The traditional technology-centric view of security has been historically relegated to IT,” said Pather. “However, this has changed. The new information security manager now has to expect and understand every technology revolution, such as social networks, and analyse risk early.”
Banks and large enterprises traditionally address security vulnerabilities by deploying anti-virus solutions, patching system weaknesses, and building a fortress around the periphery of an organisation. But they tend to ignore internal threats, noted Pather.
He explained that justifying for a security budget is one of the biggest hurdles faced by chief information officers, because security cannot be simply quantified in terms of value.
“If we don't align business strategy with security, we will always fall behind,” Pather warned.
He pointed out that there needs to be a shift in security culture, so security professionals work with the business side. “Some technologies will become as ubiquitous as the telephone and must be assimilated into business, not just denied. The chief information security officer has to pick his battles carefully, control what has to be secured, and manage the risk where control is impossible.
“Banks may think of a customer's cash as data, but at the end of the day it's ultimately the customer's cash we need to protect. Banks and businesses need to build security for the future so no matter what the threat or attack mechanism is; the bank will be able to protect the crown jewels, which is the customer's data.”
Pather said the ability to measure the business value that security brings will provide the necessary assurance for the business and customers. He claimed the answer lies in creating a culture of change and awareness.
“The first line of security defence is the staff. Generally, security threats stem from negligence of staff members; for example, bringing in a USB infected with malware that propagates throughout the organisation. This creates the necessary arsenal to move away from a control centre environment.
According to Pather, the Standard Bank Global Security Office is gearing up to drive security technology that enables its customers to bank whenever and wherever they are. “Mobile banking is the future, but end-user security concerns are inhibiting its growth. User authentication technology needs to be refined.”
Pather added: “By 2013, over three billion of the world's adult population will be able to transact electronically via a mobile device or through Internet technology.” In the same year, he noted, mobile phones will overtake PCs as the most common Web access device worldwide.”
Share