Johannesburg, 05 Apr 2013
1) Cyanre - Danny Myburgh, Managing Director of Cyanre
Mobile security essential
While having the Web available on devices that fit into the palm of your hand certainly has many benefits and perks - such as providing you with the ability to work without having to go to the office - it has a distinct downside as well.
Mobile phone security is fast becoming a bigger worry for consumers than viruses on their PCs. Devices no longer connect to a single network. Instead, mobile devices connect to multiple provider and WiFi networks.
But, while smartphone viruses are still fairly rare, text-messaging attacks are becoming more common. Text-message attacks aimed at smartphone operating systems are becoming more common. It's not just consumers who are at risk from these attacks. Any employee who falls for a text-message ruse using a company smartphone can jeopardise the business's network and data, and perhaps cause a compliance violation.
With the increasing ability of smartphones and tablets to store sensitive data and documents, conduct financial transactions and access corporate networks, both consumers and corporations should be increasingly concerned with the security of their mobile devices.
Few users are aware of the potential security risks these devices pose. A recent survey conducted by Harris Interactive found that, while 82% of those surveyed have anti-virus software installed on their home PCs and laptops, less than half of all tablets and barely a quarter of mobile phones have any security solutions installed, even though mobile devices are generally less protected from unauthorised access than desktops or laptops.
This is worrying for companies which have to deal with the threats posed by the mobile devices they have provisioned themselves in addition to the devices their employees bring into the workplace with them. Trying to stop the waves of new, powerful consumer devices for employees and business partners from being used is hopeless. Instead, organisations need to focus their efforts on containing the threat through effective security protocols.
A live demonstration of the ease with which a mobile device can be hacked, like the one I will conduct at the ITWeb Security Summit, in Sandton, in May, will convince anyone of the importance of securing a mobile device properly.
2) ERPScan: Alexander Polyakov, chief technical officer, ERPScan
I want to talk a little about the security of big companies. There are some areas which are underestimated by many companies. While a lot of buzz exists about mobile, SCADA, cloud and cyber attacks, we forget about key elements of IT infrastructure that store and process all corporate data.
I'm speaking about enterprise business applications, like ERPs, CRMs, etc. The IT infrastructure of every big company consists of different big systems, like ERPs, where all the business processes go on. The different business applications are connected with each other by enterprise service bus solutions to process critical data (HR, financial, material, customer, etc). Looking at this scheme, it is clear that the security of those business applications is one of the main topics of corporate security.
The biggest business application is SAP. Years ago, the topic of SAP security was not very popular, but now we see more than 30 unique papers per year discussing new attacks, and the number of vulnerabilities closed by SAP is more than 2 500. More and more companies begin to focus on this area.
Nowadays, this threat has become much more realistic after the news about Anonymous, which said the Greek Ministry of Finance was hacked using a zero-day in SAP, and that critical data was leaked. While this is still neither approved nor declined, we must understand that this scenario is more than possible. Every month, our researchers receive acknowledgments from SAP for helping to find and close different vulnerabilities. Some of them are very critical and allow any anonymous user to gain access to all data stored in SAP systems.
We will present some of those issues at ITWeb Security Summit, in May. For example, we will show how to break SAP Portal and anonymously gain access to all critical data inside the company, and how to prevent it manually. Those who are interested in automatic security assessment of SAP systems, preventing cyber attacks, and performing forensics, should visit our booth, where we will present our new version of the award-winning solution: ERPScan Security Monitoring Suite for SAP.
3) Alan Hammond: Senior Security Analyst at Performanta - Event Sponsor of the ITWeb SecuritySummit
When my opinion on the state of information security within the African continent was asked, I began thinking of countries likeSudan,MaliandLibya. I recalled images in the news of people armed with AK-47s, and craters the size of small passenger vehicles. Although this is the content served to us by the media, what of the rest ofAfrica?
ExcludingSouth Africa, the African continent has much to offer in the way of technology and infrastructure capabilities.
Looking at various sources across the Web and print arenas, one trend does seem to appear - African states, although low on score, are slowly but surely appearing on the various technology ratings indexes.
This brings me back to the real question at hand - is there enough IT in Africa to warrant an investment in IT security - and to pursue IT security opportunities in Africa?
Well... yes... and no....
With telecoms operations being expanded more and more feverishly into the "African market", access to Internet services via these facilities is becoming increasingly more commonplace.
Business, in one form or another, will continue to rely more and more heavily on IT infrastructure services to ensure interaction with global markets.Africais a rich continent with much to offer the global market, and as IT facilities become more commonplace and accessible to all, so too will the need for IT security become commonplace. I would even risk saying that IT security is required more in the emerging African market than ever before, as just like a vaccination for a child, prevention is key to continued and sustained growth.
Our key challenges faced, in my opinion, are those of funding and investment (primarily) caused by civil unrest - if we can all get along, these will be a concern of the past.
Once the pitfalls of infrastructure development have been overcome, with many projects to increase connectivity already on the go, a connected mess, a gigantic, continent-sized botnet of denial of service miscreants will be the only output if proper IT security systems have not grown with the connective capacities.
Meet Performanta's team of experts at the ITWeb Security Summit from 7-9 May, at the Sandton Convention Centre. www.securitysummit.co.za
4) Mimecast - Heino Gevers, security specialist at Mimecast SouthAfrica, investigates BYOD
BYOD - It's not about policing the user
There's no questioning the fact that the mobile connectivity and the emergence of new technologies such as tablet devices and long-term evolution (LTE) networks have profoundly altered the way in which professionals go about their daily business.
Today, even in emerging markets, the vast majority of employees have come to regard access to sensitive corporate information via the device of their choosing as a prerequisite for job satisfaction.
Be it a laptop, BlackBerry or iPad, professionals are demanding the option to respond to business e-mail, pull up sales data or dive into proprietary CRM systems on the road.
This places the CIO and IT managers in a precarious position. Is the solution to simply open up the corporate infrastructure to any device without control, or to crack down on employee expectations and tighten the grip on intellectual property?
Opting out and choosing not to embrace change can often be more harmful than giving in.
Increasingly, an employee who is forced to access work-related information via a portal they are uncomfortable with will begin to investigate alternatives.
These may include automatically forwarding all corporate e-mail to a Gmail address, using large file sending services like DropBox or subverting the system via a mobile hack. In any event, potentially sensitive information has found its way onto platforms over which the IT department has no influence.
Although many CIOs are slowly beginning to allow employees access to information channels such as e-mail on their mobile devices, these permissions are often accompanied by strict MDM (mobile device management) controls, which are accompanied by unreasonable password or usage restrictions.
In my opinion, the answer lies not in policing employees, but in giving them access to company IP via a secure channel. Mimecast will demonstrate a cloud-based unified e-mail management platform at the ITWeb Security Summit, which allows corporate users access to their communication and work files via a portal that offers the CIO control and governance while providing peace of mind.
Share