Information security players outlined this year`s top five IT security threats during a panel discussion at the ITWeb Security Summit in Bryanston this week.
The panel included reformed hacker Kevin Mitnick, Gartner UK research VP Tom Scholtz, chief scientist at Port Authority Technologies Lidror Troyansky, director of Symantec`s European, Middle Eastern and African Innovation Team Richard Archdeacon, and foundation security evangelist for McAfee Brian Kenyon.
Scholtz said embedded operating systems in devices such as multifunction printers, vending machines and medical equipment connected to the Web would create serious security issues in terms of patching the software and protecting the information sent through these machines.
Archdeacon stressed the need for continuous education of users and customers as he predicted more criminal exploitation of information system vulnerabilities. "Criminals are getting more sophisticated and their attacks are financially motivated."
He added that there is a direct correlation between increased broadband usage and criminal behaviour. "Broadband [connectivity] is a great advantage for business, but leaves them vulnerable to threats."
Mitnick said it was difficult to predict only one top threat, but noted that identity theft was the fastest growing crime in the US.
He said it was difficult for companies to concentrate on all likely attack factors. Rather than trying to protect themselves from all the latest threats, companies should look at what`s most likely to affect them.
Troyansky singled out the threat of information leakage from inside - employees posing a major threat to their organisation as they leak or steal a company`s intellectual property or sensitive data.
Kenyon said we should prepare for the fact that the next threat may be totally new. Ubiquitous connectivity and mobility will continue to pose security threats, he added.
The panel discussion followed the keynote address on social engineering by Mitnick and a security market overview by Gartner`s Scholtz - both delivered to an auditorium of over 400 local IT security practitioners, developers and Mitnick fans.
Answering a question from the audience regarding securing code reviews and making sure developer teams are trustworthy, Scholtz highlighted the importance of 'application securability` and the need for "proper, good old-fashioned change management" applied to any code reviews done on applications. He said companies should also be careful about who they recruit.
Related stories:
Architecture, vendors at fault, says MS architect
Mitnick warns of 'holes in human firewall`
Disruptive tech drives security
Share