Arrival and Registration
International Keynote Speaker: An attacker's view of your Web site and employees, and how he/she uses them against you
Jayson Street, Infosec Ranger, Pwnie Express
Most people who work on the defensive side of computer security only see the landscape from that perspective! In this talk, Street will show how an attacker views your Web site and employees, and then uses them against you. He will start with how a successful spear-phish is created, by using the information gathered from the company's own 'about' page, as well as scouring social media sites for useful information to exploit employees. The majority of the talk will cover successful counter-measures to help stave off or detect attacks. This discussion will draw on the speaker's 15 years' experience of working in the US banking industry on the side of defence. At the same time, he'll draw on over six years of participating in engagements where he has taken on the role of the attacker.
International Keynote Speaker Beyond Mr Robot – Kali Linux in the enterprise
Mati Aharoni, founder, Offensive Security
Kali Linux has gained a reputation for being the world's leading penetration testing toolkit, used by professional penetration testers and hackers alike. However, Kali holds a trove of advanced options and features which few in the infosec community are aware of. Join Mati Aharoni for an in-depth tour of how this free, open source distribution can transform your security posture – for both attackers and defenders.
This talk will:
- Cover the little known yet advanced options of Kali Linux, allowing IT managers to pick and choose the most beneficial features suitable for their environment.
- Expose attendees to several practical use cases for the penetration testing platform.
- Demonstrate implementations of Kali Linux in the enterprise as used by Fortune 5 organisations.
International Keynote Speaker The seven axioms of security
Saumil Shah, CEO, Net-Square
Today's attacks succeed because the defence is reactive. I have been researching attacks and offensive techniques since the past 16 years. As the defences kept catching up and closing open doors, we attackers looked for new avenues and vectors. Upon looking back on the state of defences during my days of One-Way Web Hacking in 2001 to Stegosploit in 2016, a common pattern emerges. Defence boils down to reacting to new attacks and then playing catch-up. It is time to transition defence from being reactive to proactive. This talk discusses seven axioms for implementing proactive defence strategy and measures for the future, concluding with a blueprint of the next evolution of pro-active defence architecture.
- A look back into the past 16 years of attacks and defence, what has worked, why it has worked, or why it has failed
- Practical steps to implementing a Proactive Defence Strategy
- Case study examples of the effectiveness of the seven axioms of security from my customers
Note from presenter - talks on the latest offensive techniques leave the audience with mixed feelings of wonderment and despair. This talk is not that. This is a fresh look at defence, something new, from the ground up.
Networking and Refreshments
International KeynoteBlack hat vs white hat
We all know that every business is at risk of a breach, and we have all heard the stories of how much company data is worth on the Dark Web, but what are hackers actually after? In this presentation, ex-Black Hat Mustafa Al-Bassam will share what hackers look for in order to gain access to a system as well as what makes some companies more attractive targets than others. White Hat Sebastian Strobl will explain what measures are essential in defending against a possible breach, and why things like security awareness and pen-testing are not negotiable.
Living off the Land: an attackers date with powershell
Antonio Forzieri, cyber security practice lead EMEA, Symantec
When creating their malware, attackers are increasingly leveraging tools that already exist on targeted computers. This practice, often referred to as "living off the land", allows their threats to blend in with common administration work, leave fewer artifacts, and make detection more difficult. Since Microsoft PowerShell is installed on Windows computers by default, it is an ideal candidate for attackers' tool chain. During this Talk, Antonio will discuss which techniques attackers are leveraging today, how they make an evil use of powershell, and how you can defend your organization against such techniques.
Industry Insight Opening Pandora's Box - The competency and capacity of South African digital forensics professionals
Jason Jordaan, principal forensic scientist, DFIRLABS
Digital evidence is more and more common in addressing legal issues around the globe, not only in information security, but all areas of legality. Digital forensics is the scientific discipline responsible for the identification, collection, and analysis of this evidence.
Lunch and networking
Governance Opinion Piece The King Reports – A changing corporate governance landscape: King's new approach when governing information security
Carolynn Chalmers, corporate governance advisor, Candor Governance
The recent King Reports, King III and now King IV, released on 1 November 2016, have placed the governance of both technology and information on the board table. The emphasis has shifted from a focus on governance practices to that of governance outcomes. Recognition of digital enablement, innovation and modernisation strategies and the Internet of things must cause governing bodies to pause, consider and give effect to a changed information security approach. Learn about the impact of this evolution on existing standards, frameworks and codes, and leave the presentation with the understanding of what you should be doing next.
- The new corporate governance landscape
- The changing roles and responsibilities of governing bodies as pertains information security
- Impacts on the use of the ISO 27000 series of standards and PCI-DSS
- Directing information security risk and compliance in this new context
- Next steps
Legal Opinion Piece Information security is required by law
Lisa Emma-Iwuoha, attorney, Michalsons
- An overview of Infosec Law (like POPI, GDPR, and Cybercrimes Bill) - ignorance is no excuse
- What law trumps other laws?
- How are laws the same and how are they different?
- The risks of non-compliance.
- The law regards the measures, security incidents, contracts with operators or processors, and what must be secured.
Thought leadership Email encryption challenges - How to achieve security and POPI compliance?
Dr Aleksandar Valjarevic, professional services consultant, LAWtrust
With estimated more than 42 trillion business emails sent annually, email is de facto the most important business communication tool. Business processes and business reputation depend on its functionality and security. The talk discusses the challenges and the requirements to secure this target reach environment, while creating minimum disruption for users and IT services. Further, the talk puts email encryption in the context of regulatory compliance, including the Protection of Personal Information (POPI) Act. Lastly, Dr Valjarevic will present different technology options and solution features to solve the challenges and assist in achieving compliance.
- Understanding the challenges and the requirements for successful email encryption solution
- Email in the context of regulatory compliance
- Look into email encryption options and features
Q&A Debate the legal framework and implications of non-compliance during this audience led question and answer time
Lisa Emma-Iwuoha, attorney, Michalsons
David Loxton, partner, Dentons
Carolynn Chalmers, corporate governance advisor, Candor Governance
Dr Aleksandar Valjarevic, professional services consultant, LAWtrust
Bring your questions to this table of experts and gain valuable insight into the pros and cons; experiences and challenges associated with the legal framework and what are, if there are, implications of non-compliance?
Thought leadership The need for cyber insurance
Thokozani Miya, independent consultant
Cyber crime has become a lucrative industry worldwide. It is reported that South African companies are extorted billions of rands every day, with perpetrators having little risk of being caught. While a handful of South African companies are willing to report breaches to their network, the losses are increasing, as cyber criminals turn their attention to Africa as new destination for cyber-criminal activities. A business can be left lifeless, with huge costs related to data restore, forensic investigation, setting up call centres to interact with customers, dealing with the shareholders' string of questions relating to loss of business income, and employing a public relations consultancy to manage brand damage and reputation. Finding the sweet spot for cyber insurance is the key to unlocking value in this new emerging area.
- Addressing cyber insurance challenges
- Cyber insurance as a risk treatment strategy
Q&A Cyber insurance and cyber liability broader than you think
Legal: Elsa Jordaan, general insurance and dispute resolution lawyer, Norton Rose Fulbright
Forensics/Incident triage: Roy Fisher, incident investigator, MWR InfoSecurity
Bring your questions to this table of experts and gain valuable insight into the pros and cons; experiences and challenges associated with cyber insurance/liability
Thought Leadership The changing landscape of cybersecurity
Tichaona Zororo, CISA, CISM, CGEIT, CRISC, Certified COBIT 5 Assessor, CIA, CRMA, board director of ISACA, president of the ISACA South Africa Chapter, and IT advisory executive with EGIT Ltd. (South Africa)
Today's cybersecurity attacks portend more threatening ones ahead as evidenced by recent disruptive DDOS against the US financial industry that hampered 15 of the largest US banks for hundreds of hours. Major enterprises like Target, Home Depot and Sony Entertainment experienced breaches that required the companies to pay hundreds of millions of US dollars to cover costs of the attacks. While these enterprises shared the similar misfortune of experiencing incidents, the incidents themselves were not all the same. Cyberattacks also known as digital vandalism have increased in both frequency and impact. The cybersecurity landscape continues to evolve with increased complexity and more business devastating effect every day.
- Know the latest Ransomware attacks and trends
- Understand most dangerous cyber-attacks and the business impact – Sony, Target, Homeland office, Ransomware in vehicles – Jeep Cherokee Hack
- Recognise SWIFT Ransomware attacks
- Distinguish common malware and how they work
- Understand Cybersecurity tools and CSX qualifications to equip yourself with cybersecurity skills
Industry Perspective Are you ready for the incident response of tomorrow?
Ritasha Jethva, head of information privacy / PAIA officer, Nedbank Group
Given the appointment of the Information Regulator, the definition of the Cyber Security and Cyber Crimes Bill and the rise in increased exposure of cyber in South Africa, this topic will address whether organisations are ready for the kind of incident response which is required in a fast paced regulated environment.
- Assessing whether your current incident response capabilities are suitable for the environment we moving into; and
- Provide you with some tips on what you need to consider around incident management for the environment of tomorrow
The weakest link: Your network is only as strong as your weakest user
Keitumetsi Tsotetsi, cyber security risk assurance consultant, PwC
Often known as "layer 8", the user has proven to be the weakest link in all aspects of the technology ecosphere. Keitumetsi Tsotetsi will take a deep-dive root cause analysis into the human element in the success of the most high-profile information security scandals, and how employee negligence can be prevented via insider threat management and awareness training.
- The importance of understanding decision points/interactions that have an effect on information security
- How to create a cyber savvy environment
- Insider threat management
Thought Leadership Cybersecurity and privacy in the era of digital transformation – truth or myth?
Simphiwe Mayisela, group information security officer, Internet Solutions
Cybersecurity and privacy have always been in existence, even way before this hype around digital transformation began. As farfetched as it may sound, digital transformation has been well-received by the information security community as it provides an opportunity for information security and privacy professionals to gain a seat at the table. What I mean by this is that, as companies across a myriad of industry verticals are starting to realise the potential of cybersecurity to accelerate their transition to become digital businesses, the more we see information security professionals engage in business.
Answer tough business questions such as:
- How to adapt their security strategy for the digital future?
- How to ensure that their security innovation budget is used effectively?
- How to remain competitive in the increasingly connected, digital marketplace, while maintaining a good security posture?
Data management and the impact on data security
Cobus van den Berg, senior manager, PwC
Why data management capabilities are important and how it will impact your security landscape. How do you secure something if you can't manage it?
- To secure your data, you need to understand it
- You need you people to change their behaviour if you want a secure environment
Industry Perspective Focus on privacy and identity theft
Mthoko Mncwabe, group CIO, South African Post Office Ltd
This case study presentation by the South African Post Office will look at the two critical areas of focus for their clientele – privacy and identity theft. It will highlight what SAPO is doing to manage both factors and ensure the security of the information they hold.
Synchronised security: a revolution in threat protection
Varun Parikh, tech lead (security), Sophos
For decades, the security industry has been treating network security, endpoint security, and data security as completely different entities. It's the equivalent of putting three security guards in your building – one outside the front door, one inside, and one in front of your safe – but not allowing them to talk to each other. But as threats get more complex, and IT resources continue to be stretched, it's no longer possible to maintain this approach without compromising their protection. "Synchronized Security" is a new approach to IT Security, synchronizing endpoint and network security systems to provide automated correlation, threat discovery, and incident response in seconds, simplifying management and enabling faster decision making.
- Today's world of cyber risk
- Existing security approaches
- A new approach to IT security
- Synchronised security: stopping today's threats
Digital transformation - rethink the way you secure your business
Darron Gibbard, CISM, CISSP, chief technical security officer, EMEA, Qualys
How do organisations gain visibility and insight into their environments? Surveys suggest 'Shadow IT' has caused organisations to lose visibility in how their IT operations and security are operated and more importantly how it is performing. How can a move to a SaaS provider, whether on premise or external solution, provide more visibility and control in our day 2 day strategic operations. What do enterprises need to do to regain visibility of their environments? In this presentation we aim to help you see a path forward, and roads into the near and distant future of your IT infrastructure and asset management.
- How do organisations gain visibility and insight into their environments?
- How can a move to a SaaS provider provide more visibility and control in your day 2 day strategic operations.
- How have Qualys supported customers to take on the challenge of shadow IT.
Click, click, squat
Willem Mouton, security analyst, SensePost
In the run-up to the election, the US Democratic National Committee (DNC) received numerous phishing emails, the New York Times reported. One of them was also sent to John Podesta, the chairman of Hillary Clinton's campaign. An aide, Charles Delavan, spotted the message sent to Podesta's private account. It asked Podesta to change his password. Delavan realised the email was a phishing attack and forwarded it to a computer technician. However, he made a typo, writing: "This is a legitimate email." He added: "John needs to change his password immediately." The blunder gave Kremlin hackers access to about 60,000 emails in Podesta's private Gmail account. The rest is recent history.
Phishing, the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, is as popular as it ever had been. The basic premise remains the same, albeit it with the expected technological advances you'd expect. What has changed is the emergence of user awareness programs, mostly aimed at preventing the attack mentioned above. However, many gaps still exist and this talks aim is to marry old attack methods with devastating consequences.
- A purely offensive talk is counterproductive, so we will showcase measures that can be adopted into your current awareness program so you don't become the next Podesta.
Thought Leadership Beneath the surface of a cyberattack – a deeper look at business impacts
Derek Schraader, risk advisory Africa leader: cyber risk services, Deloitte
Leveraging years of experience with a variety of cyber incidents Derek will illustrate how 14 impact factors can affect an organisation in the days, months and years following a cyber-attack. Using financial modelling, damages quantification, and business and asset valuation techniques, the resulting data is intended to provide greater clarity around the potential range and financial risks associated with these factors.
- This integration of cyber and valuation disciplines provides fuller insight that should inform the way organisations think about and plan for cyber incidents
- It also reveals some important observations that are difficult to see through the traditional lens of direct cost – and hopefully will encourage organisations to think beyond the "conventional wisdom"
The anatomy of a data breach: identity management at the centre of cyber defence
Darran Rolls, chief technology officer, SailPoint
This presentation will discuss why identity and access management (IAM) has evolved to become a key control at the centre of security operations. He will present the anatomy of a real cyber breach, and will highlight how the "IAM Cyber Kill Chain" plays its part in a modern attack. From this viewpoint he makes a clear case for putting identity at the centre of cyber defence and creating an integrated approach to governing privileged access.
Developing your own methodology for implementing sustainable technology solutions
Raymond du Plessis, Managing consultant, Mobius Consulting
In the talk Raymond Du Plessis will discuss and present on a practical approach that can be used for the successful implementation of new information security technologies within an organisation. The talk will use electronic signatures as a case study, and will demonstrate how to apply the approach to ensure greater success in the implementation, adoption and sustainability of electronic signatures.
Implementing new technologies within any organisation can be extremely complex and challenging, especially technologies that effect users, business operations and IT support. Added to the challenges is the fact that business expects that technology investments are realised through widespread and ongoing adoption. The cause of technology implementation failures often stem from overlooking aspects of business buy-in, governance, people and process required to underpin and support the adoption of the technology. This talk will include the presentation of an approach (aligned to ITIL and other leading practices) that highlights key factors to consider and the high-level steps that are required to ensure technology implementations become an organisational success. The talk will conclude by applying the approach to an electronic signatures implementation project as a case study - starting from building the business case through to measuring business adoption.
- A high level and holistic approach to ensure technology implementation success
- Aspects to consider when implementing new technology solutions
- Building a business case and implementing electronic signatures