Closing the security gap
To deal with the security concerns of the future, we will need to close the gap between the security industry and the "real world", said Keren Elazari, security expert and Gigaom Research analyst, speaking at ITWeb Security Summit 2015, in Midrand, today.
Elazari reminded listeners that what used to be referred to as "information security" is now increasingly called "cyber security", which encompasses a broadening variety of devices, systems and controls.
Cyber security is no longer about protecting information, but about protecting our way of life, she said, referring to the oncoming flood of wearables and Internet of things devices.
Especially concerning is the majority of these devices operate across shared platforms and systems, meaning a single security flaw can affect a wider range of technologies than ever before, Elazari warned.
The villains of the increasingly connected future are not hackers, but vulnerabilities, Elazari continued. The key to addressing this constant tide of security flaws is to embrace hacker culture in collectively seeking out and fixing them, she said.
While hackers are too often stereotyped as destructive cyber villains, many hackers devote their skills to security research and fighting cyber crime, she noted.
There are a number of ways in which organisations can engage with hackers to build better security, Elazari said, such as bug bounty programmes, whereby companies offer hackers a financial reward for finding security bugs.
Another example is the annual Pwn2Own Challenge at the CanSecWest Security Conference, in Canada. Here hackers can win any of a number of devices by finding a previously unknown security flaw and hacking into it, Elazari noted.
Many hackers also volunteer their services to help foster security awareness, by attending "crypto parties" at which volunteer hackers teach "regular people" about security and privacy. A project at Tel Aviv University sees volunteer hackers find security vulnerabilities for organisations that cannot afford the security research.
Security professionals, including hackers, need to collaborate, share and innovate, exposing bugs to the public to collectively foster a more secure cyber ecosystem, Elazari concluded.