Johannesburg, 01 Jun 2022
ITWeb Security Summit 2022, the annual gathering of local and international IT security professionals and experts, kicked off yesterday with a thought-provoking keynote, delivered by Charl van der Walt, head of security research at Orange Cyberdefense.
This is the 17th edition of ITWeb’s flagship event, which, after two years of being staged virtually, is being held from 31 May to 2 June at the Sandton Convention Centre in Johannesburg, and on 6 June at the Century City Convention Centre in Cape Town.
Under the theme: "Driving the business value of cyber security in an era of accelerated change", the summit is attended by over 800 local cyber security decision-makers and practitioners. The event sponsor is BCX, with 35 other leading security solutions providers among the sponsors and exhibitors.
Cyber warfare
Jonas Bogoshi, CEO of BCX, and Greg Day, VP and global CISO, Cybereason, shared the stage to look "through the fog of cyber warfare".
Bogoshi said 0% of appointments on large boards in Africa have cyber security knowledge, while about 8% have an idea of digital technology. This is in contrast with large boards in the Fortune 500 companies, where 8% have CyberSec knowledge and 40% have digital tech knowledge.
Charl van der Walt, who has been on the ITWeb Security Summit advisory board for many years and traditionally set the scene for the event, said in the opening address: “We exist in a complex web of interdependent relationships, where our security has an impact on others and their security has an impact on us.”
He said the only way to effectively fight cyber crime is through community-led initiatives, much like a cyber neighbourhood watch. He stressed that it is important “to recognise that your community is diverse and complex, and that it can include your top suppliers, and also include your region or your industry, or the peers in your business. It should also include various players in government and academia.”
Security in 2022 and beyond
Paul Mckay, principal analyst at Forrester, analysed current and emerging risks in his keynote address: "Cyber security in 2022 and beyond".
He highlighted a significant increase in cyber incidents, and said the deployment of advanced technical solutions is not the answer. “Getting on top of basic cyber hygiene goes quite a long way to fix most of the problems I’ve talked about,” he said, adding that companies should make the most of the technology they already have.
The rise of the CISO
Mckay was followed by Phillimon Zongo, CEO of the Cyber Leadership Institute in Australia, who talked about the importance of the CISO (chief information security officer).
He said cyber security strategies are unnecessarily complicated and filled with tech jargon. The result is overall frustration and a disconnect between CISOs and business stakeholders and a weaker corporate cyber defence.
“The days of the lone wolf are over… cyber security is a team sport,” said Zimbabwe-born Zongo. In the world of cyber security, a lot sounds great on paper, but execution is a different ball game, he added, and it’s important to celebrate real wins to strengthen credibility, which he described as "the currency of the CISO".
Cyber security, a team sport
Sandro Bucchianeri, group CSO at NAB Australia, and formerly Absa’s group chief security officer, addressed the audience virtually from Australia, on: "Why cyber security is a team sport". But you can't build a team with massive skills gaps, or if you don't have enough players. There are an estimated 3.5 million cyber security positions available globally, and only 25% of people employed in security globally are women. Meanwhile, global spend to protect business against cyber crime is estimated to be $1.75 trillion over the next five years, he noted.
Humans at the forefront
Dr Lydia Kostopoulos, SVP emerging tech insights at KnowBe4, spoke about: "Connecting the puzzle pieces of technological change".
She believes the 4IR is transforming how we live, work, entertain ourselves and do business, and unpacked the skills we need for the digital future.
“Cyber security is an enabler of the future. And it is the human that is at the forefront of security, not technology,” Kostopoulos said.
Something’s got to change
Speaking in the track on cloud and edge security, Roland Daccache, systems engineering manager, META, Crowdstrike, gave a talk on ransomware and cyber extortion. He said, in the last four years, e-crime activity has increased by 400%, while e-mail-phishing is still being used as an initial access technique for most e-crimes.
“We really need to change how we look at cyber security budgets, and we should focus on how to protect ourselves rather than focusing on expensive tactics,” he said.
The summit continues today and tomorrow in Sandton, and moves to Cape Town on Monday, 6 June.
Hacking it
Another tradition is the Security Summit Hackathon, run alongside the summit, in partnership with Geekulcha.
Tiyani Nghonyama, founder and COO of Geekulcha, says the #ss22Hack is a unique opportunity for young developers to rise to current affairs to fix the country through their hacks.
A panel of industry leaders, including Nghonyama and ITWeb’s CEO Ivan Regasek, are providing mentorship and guidance to aspiring cyber security professional as they develop their #SS22Hack projects.
Share