Advertise on ITWeb         Thu, 28 Oct, 06:46:27 AM

'Anyone can commit cyber crime'

Information security organisations need to share knowledge and resources in order to understand a new wave of attacks being driven by adaptive persistent adversaries.

This is according to Joshua Corman, director of security intelligence for Akamai Technologies, who pointed out at this morning's Security Summit that the biggest fear shouldn't be hactivist group Anonymous, but rather the idea that cyber war can be committed by anyone.

Android OS hacked at Security Summit

Android devices and applications have a number of potential vulnerabilities just waiting to be exploited, says MWR InfoSecurity's Tyrone Erasmus.

The Android operating system (OS), which has taken a great chunk of market share in the mobile world, is full of vulnerabilities that cyber criminals can easily exploit.

Securing mobile devices

Some enterprises and developers take extremist views when it comes to mobile security. At the one extreme, they put all their trust in the mobile operating system, while at the other, they refuse to make the move towards mobile devices because they are deemed not secure.

This is according to Christiann Barnaard, CTO at Entersect, who argues for a middle ground between the two approaches.

You are here Home Business Applications
White hat hackers need protection

Organisations are needed to protect well-meaning researchers from prosecution in light of discovering software vulnerabilities, said Accuvant Labs' Charlie Miller.

Security professionals and vendors need to step up and create organisations to protect well-meaning researchers from prosecution in light of discovering software vulnerabilities and flaws.

How secure is your network?

It's not enough to ask about network security; organisations need to know how to proactively detect intrusions and stop them.

So said Steve Armstrong, SANS certified instructor, at ITWeb's Security Summit yesterday. Many organisations simply don't ask how secure their networks are, and if the organisation doesn't, he continued, why should a provider?

Security can learn from medical practice

The IT security industry should take a leaf from the medical environment's book if it is to emerge from the current threats it is exposed to.

So said Gabi Reish, head of product management at Check Point Software Technologies, in a keynote address at the ITWeb Security Summit, at the Sandton Convention Centre yesterday.

What people do online

Pieter Blaauw, security consultant at Performanta, speaking at ITWeb's Security Summit yesterday, revealed what people spend some of their time doing on the Internet every day.

* Some 294 billion e-mails are sent
* Two million blogs are posted – equivalent to 770 years' worth of Time magazine
* Some 172 million people visit Facebook
* More iPhones are sold than babies born
* About 864 000 hours are uploaded to YouTube
* Twitter receives 40 million visitors

The art of cyber warfare

Contrary to our historical understanding of war, cyber conflict favours the attacker, said NCIS' Kenneth Geers.
Stuxnet made it clear that cyber weapons can physically damage as much as traditional military attacks, making us rethink the famous quote, “The pen is mightier than the sword.”

So said Kenneth Geers, NCIS cyber security subject expert. “Today, Wikileaks is the new pen; Stuxnet, the sword.”

SAP security must be holistic

Over 95% of evaluated SAP systems were exposed to espionage, sabotage and fraud attacks.

This is according to Juan Perez-Etchegoyen, CTO at ERP security company Onapsis. Speaking at ITWeb's 7th annual Security Summit yesterday, he said ERP systems store the most critical business information in the organisation, and so security must be looked at holistically.

SA threat trend on downward slope

While viruses and worms are still a big threat in SA, the general trend is coming down, says Microsoft SA's Khomotso Kganyago.

While computer viruses are still rife in SA, the overall threat trend sits on a downward scale, with local security tools becoming increasingly adept at controlling the vulnerable landscape, which is beset by malicious attacks.

Poisoned search engines a risk

Businesses cannot ignore the risk that search engine poisoning presents and need to install solutions that block out dangerous sites that host malware.

Pieter Blaauw, security consultant at Performanta, speaking at ITWeb's Security Summit yesterday, said surfing the Internet is dangerous because URLs have been compromised and search results manipulated to drive traffic to malicious sites.

'At the sound of the beep, leave your spyware'

Associate director of Cyanre Bennie Labuschagne is one of a handful of internationally qualified cyber forensic analysts in SA. Labuschagne worked for the SAPS for seven years and has been involved in numerous high-profile investigations, including that of the arms deal.

Labuschagne says the same crimes have been perpetrated since the dawn of time; so modern-day criminals do not have new end-goals, but rather have entirely new methods of perpetration.

Mobile threat in Africa

SensePost MD Charl van der Walt yesterday presented an overview of the mobile revolution, its African implications and the modern mobile threat model.

“Mobile is here to stay and it is only going to continue to grow,” said Van der Walt, adding that it will “change everything we know about security”.

Social engineering heats up

We never anticipated the industry of information brokers, said Raj Samani, CTO of McAfee EMEA, speaking at the ITWeb Security Summit.

A new underground market of information brokers has emerged where one broker can earn £50 000 a month from a client for tracing and selling sensitive information, and often these broker have many 'clients'.

This is according to Raj Samani, CTO of McAfee EMEA, speaking at the ITWeb Security Summit today. He said that while social engineering itself isn't new, what is new is how these techniques are being used in modern threats.

Information security needs fresh approach

AV is ok for what it is, but we are just stretching its capabilities, said Thinkst CEO Haroon Meer.
Information security has largely failed the IT industry, and in particular, anti-virus has not fulfilled the promises it has made in the past.

During today's ITWeb Security Summit 2012, Haroon Meer, founder of and researcher at Thinkst Applied Research, questioned the relevance of anti-virus (AV) and whether vendors have traditionally rolled out technology that does not solve security problems.

SSL certificates are flawed

The Internet certification authorities and secure socket layer (SSL) as the current protocol for encrypting information on the Internet are strongly flawed.

During this morning's ITWeb Security Summit keynote, international white hat hacker and security researcher Moxie Marlinspike presented on the issue of trust in light of last year's Comodo hacks.

Security is a big data problem

Security must be risk-based, contextual and agile, says RSA's Eddie Schwartz. There are many gaps in ICT security today. Security is broken, because everything we're currently doing in security needs to be revisited.

The biggest security risks today are associated with the way most organisations think about security management and conduct security operations.

So says Eddie Schwartz, CISO of RSA, who says that by changing their approaches, CISOs can take effective action against the multitude of new, advanced security threats.

Click here to visit the Security Summit news portal on ITWeb


in partnership with





in partnership with


in partnership with

in partnership with


distributor of



About our sponsors 
Visit the Security Summit Virtual Press Office

in partnership with
Established in 2009, Performanta specializes only in the discipline of Information Security. The company provides technology, services and consulting solutions allowing them to give customers an end to end information security service. Their focus on pragmatic solutions is reflected in their motto: Practical Trust Performanta.


RSA, The Security Division of EMC, is the premier provider of security, risk and compliance solutions, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Follow us on twitter and tweet about your thoughts around this event, #itwebsec


Tweet about the ITWeb Security Summit