Dewald Nolte, VP business development and co-founder of Entersekt, discusses information security ahead of the ITWeb Security Summit.
What do you see as the single biggest information security risk this year?
Edge access devices (mobile phones, tablets) are increasingly being deployed outside the enterprise perimeter, and access to sensitive company resources is controlled through weak authentication practices such as static usernames and passwords.
What is the one key risk mitigation step enterprises need to take this year?
Start moving away from "weak" authentication (such as username, password and one-time-password) to an appropriate "strong" authentication technique.
What, in your view, was the biggest security breach of the past year?
The LinkedIn breach, where 6.5 million unsalted SHA-1 password hashes were leaked.
What is the biggest information security weak spot in the enterprise?
Many users "recycle" passwords, which means a breach on one site potentially means a breach on many. Instead of expecting users to remember hundreds of unique passwords, we should end the reliance on passwords as an authentication mechanism.
In a nutshell, how has cyber crime changed in the past year?
Attackers have become systematic - not directly breaching financial institutions, but going after unregulated services (LinkedIn, HotMail, Twitter) in order to get pieces of information required to orchestrate attacks at these primary services.
What are cyber criminals targeting now, and what will they target in future?
The number one reason for cyber criminals' activity is still monetary gain - I don't think that's going to change anytime soon, unless we stop it by introducing better defences.
* Dewald Nolte holds a Bachelor's degree in electrical and electronic engineering with computer science from the University of Stellenbosch (SA). He completed the degree with an internship at the 'Ecole centrale d''electronique (France). Nolte has been involved in several projects further afield than Entersekt, including the A-Darter missile programme for Denel Dynamics.
Entersekt will participate at this year's ITWeb Security Summit, taking place from 7 to 9 May 2013 at the Sandton Convention Centre. For further information, click here.
Share