Wayne Webner, competence leader at IQ Business, discusses information security ahead of the ITWeb Security Summit 2013.
What do you see as the single biggest information security risk this year?
There are so many risk areas one could point a finger at: previously 'trusted' and secure certificate authorities being compromised; anti-malware providers' relative ineffectiveness; antiquated firewall port and protocol protection techniques; compromised personal devices on your network; compromised partners and supply chains; IP and confidential information residing 'somewhere' in the cloud; and poorly implemented ISMSes. It's a gamble, you choose; one (or many) of the Fortune 500 companies will prove your choice correct sometime this year!
What is the one key risk mitigation step enterprises need to take this year?
Operate with the business; understand what is instrumental to, and facilitates, your company's key operational requirements. Theorise and prioritise potential threats relative to the most valuable resources in your organisation. Share the information with risk management, the risk committee, disaster recovery and BCP [business continuity planning] teams, including senior management.
Two values taken from the Agile Manifesto should be great guides in this respect:
1. "Value individuals and interactionsover processes and tools"; (as stated above, sharing information through interactions is more important than getting it with the right tools/processes); and
2. "Value responding to change over following a plan"; no matter how comprehensive/well designed a plan or roadmap is, if it is not flexible, it is not relevant with today's evolving security landscape.
What, in your view, was the biggest security breach of the past year?
Not too long ago, I was asked a question: "How confident are you that the systems processing corporate IP and client wealth are not susceptible to new forms of malware threats?" It's becoming abundantly clear to me that we are losing the battle against (sometimes state-sponsored) modern malware. The South Korean malware attack this year, which brought down 32 000+ endpoints, is one of the larger security breaches.
What is the biggest information security weak spot in the enterprise?
I'm a next-generation firewall evangelist...
In a nutshell, how has cyber crime changed in the past year?
Nothing particularly new; same level of ingenuity and polymorphic approach with a state-sponsored payroll. I expect more focus on social networks and mobile devices.
What are cyber criminals targeting now, and what will they target in future?
The truth is, as a group, they target everything. It seems more likely that consumer devices will have a higher target value given their proliferation and general poor security management. HTML5 and its cross-platform support could prove to be of interest?
Visit IQ Business as one of the Bronze Sponsors at this year's IT Security Summit. The 8th annual Security Summit will be held from 7 to 9 May 2013 at the Sandton Convention Centre. The gathering creates an opportunity for senior security professionals and business decision-makers to learn about new strategies and tactics, and hear insight and comment from leading international and local subject-matter experts. For further information, click here.
Wayne Webner biography
Webner is a Certified Information Systems Security Professional (CISSP) with over 15 years' IT field experience. Webner's previous position saw him as the lead information security analyst at a top Canadian Credit Union managing in excess of $15 billion in client wealth. He implemented and operationalised information security program and privacy controls within the organisation. Prior to working in Canada, Webner worked for Europe's largest-selling newspaper consortium, Associated Newspapers, as the information security officer. Webner is a next-generation firewall evangelist with a passion for information privacy.
Share