VIRTUAL PRESS OFFICESTM   (011) 807 3294   itnews@itweb.co.za | Advertise on ITWeb   Sat, 20 Dec, 05:47:41 AM
You are here Home

Security Summit 2014 wrap-up: rebuilding trust

The security world has been rocked by Edward Snowden's revelations concerning the activities of the Western powers' spy agencies, and large-scale security breaches like Target and eBay.

Against this backdrop of malicious activity, this week's ninth annual ITWeb Security Summit, in Sandton, gathered over 500 senior executives responsible for IT security, with over 40 speakers discussing the most pressing concerns facing security professionals.

The overarching theme for enterprise security experts at Security Summit 2014 was one of evolution – away from point products and towards more effective security policies and practices. Whether the adversary is a well-funded intelligence agency, a criminal gang, or an insider, the focus was firmly on helping security execs to improve their ability to detect and mitigate threats as effectively as possible.

A-list speakers

International speakers included big names such as Jacob Appelbaum, Charlie Miller, Christopher Soghoian, and Josh Thomas – security luminaries well-known to every local practitioner.

Jacob Appelbaum, independent international hacker and researcher.

Jacob Appelbaum, independent international hacker and researcher.

Appelbaum, who co-authored Cypherpunks with Julian Assange, of WikiLeaks fame, and has worked closely with Edward Snowden in revealing NSA documents to the world, exposed the realities facing companies and individuals in the era of surveillance and espionage. "What is needed is freedom for everybody, without exception, and obtaining that freedom will mean a push for open standards, free software, legal reform and open hardware, he concluded.

Christopher Soghoian, a privacy advocate at the American Civil Liberties Union.

Christopher Soghoian, a privacy advocate at the American Civil Liberties Union.

Christopher Soghoian, a well-known privacy advocate at the American Civil Liberties Union, brought the topics home, exploring the privacy risks and liabilities to which we are exposed.

Later in the day, a standing-room-only panel discussion, chaired by Appelbaum, delved into the details of SA's Protection of Personal Information Act and its implications for business.

The focus on privacy, liability, and governance formed one cornerstone of the summit, giving executives high-level views of the issues involved, as well as immediate action plans to improve security management within their organisations.

Charlie Miller, Twitter's top security engineer.

Charlie Miller, Twitter's top security engineer.

Charlie Miller, an American hacker renowned for his exploits against Apple mobile devices and his recent demonstration of vehicle hacking, now Twitter's top security engineer, highlighted the ongoing inadequacies of security products. However, he ended on a positive note by identifying signs of improvement, both in the technologies sold and the ways they are deployed and used.

His second session, demonstrating security exploits against cars, set the scene for further technical presentations, including sessions on phone hacking, insider attacks, and investigations into the technologies underpinning criminal hacking tools – and how to detect and disrupt them.

Haroon Meer, one of SA's internationally recognised security experts.

Haroon Meer, one of SA's internationally recognised security experts.

Haroon Meer, one of SA's internationally recognised security experts, used the Security Summit to issue a call for investment in security skills, reducing local dependence on international skills and products, and developing local expertise and technology to counter threats.

Piet Pieterse, head of the cyber crime unit at the SAPS.

Piet Pieterse, head of the cyber crime unit at the SAPS.

Meer's sentiments were echoed by other speakers, including Piet Pieterse, head of the cyber crime unit at the SAPS. His insider view of the SAPS roadmap for combatting cyber crime was one of several sessions analysing the nation's readiness for thwarting online threats.

Much is lost in translation when it comes to communicating information security, noted Steve Jump, head of corporate information security governance at Telkom. "Business wants to know how information security breaches will affect their bottom line, what it means to them, and who will know or care, and it is all in the words we use."

Six words are often used in a manner that scares business, warned Jump.

Steve Jump, head of corporate information security governance at Telkom.

Steve Jump, head of corporate information security governance at Telkom.

With corruption prevalent in SA, criminals can easily access networks with no hacking tools needed, noted Jason Jordaan, head of SA's cyber forensic laboratory special investigating unit. Organised crime simply makes use of the human element, he said, noting that where social engineering fails, it is relatively simple to use corruption to gain access to enterprise networks and data.

"You need to know your people well, and be alert to changes in their behaviour or lifestyle. You also need to keep them happy, and strive to instil a strong culture of ethics throughout the organisation."

* Read more coverage of ITWeb's Security Summit 2014.

 
Governments subvert trust
NSA aims for absolute surveillance
Multiple versions of the truth
Signature-based security obsolete
Changing the malware economy
Signature-based security obsolete
Governments subvert trust
Piet Pietersen: SAPS intensifies cybercrime battle
Haroon Meer: SA not part of the 'inner circle'
Jason Jordaan: Corruption fuels SA cyber crime
Nader Henein: Mobile apps demand 'too much' info
Kevin Kennedy: Changing the malware economy
Matteo Michelini: Companies disregard need for response teams
Cyber resilience demands strategic action
Interest grows in cyber insurance
Information insecurity
Mobile apps demand 'too much' info
SA not part of the 'inner circle'
Multiple versions of the truth
NSA aims for absolute surveillance
Mai Moodley: Owning security beyond the job title
Charlie Miller: Serious lack of consequences for insecurity
Jason Jordaan: Hacking: no tools required
Natalie van de Coolwijk: Interest grows in cyber insurance
Antonio Forzieri: Cyber resilience demands strategic action

Click here to view the Security Summit 2014 gallery

 
EVENT SPONSOR
PLATINUM SPONSOR
JUNIPER
GOLD SPONSORS
BlackBerry
SILVER SPONSORS
Cyberoam Maxtec
authorised distributor of
Fortinet
Networks Unlimited Trend Micro
BRONZE SPONSORS
MyDBA Spectrami SYNAQ
DISPLAY SPONSORS
Craison
 
SPONSORS

Palo Alto Networks
ENDORSED BY

Video




 

Home
Security Summit 2014 in the news
Press office
Speakers
Sponsors
Contacts
Advisory board
Video
Infosec insiders
Industry insiders
Security Summit 2014
View picture gallery
View Facebook album

EVENT SPONSOR

Performanta - a global and local leader in Information Security - provides both a personalized approach and pragmatic solutions to a broad spectrum of Information Security controls. Our class-leading technologies and practical implementation approach have continually expedited effective mitigation, presenting us with ample local and international awards and accolades.
With 60 employees and over 400 amalgamated years of experience, we specialise in data privacy, endpoint management, privileged identity and access management, SIEM solutions and data centre security. Practical. Trust. Performanta.
www.performanta.co.za

PLATINUM SPONSOR

JUNIPER

TWITTER

Follow us on twitter and join the discussion at #itwebsec


TECHNICAL COMMITTEE
Sensepost is an independent company that provides services in the Information Security Services area. Combining experience and knowledge, SensePost specialises in Information Security Consulting, Training, Security Assessment Services and IT Vulnerability Management.


MEDIA PARTNERS


Muggie van Staden

CLOUD COMPUTING

Cloud nine