Friday, May 29, 2009

ITWeb Security Summit - Day 1 Keynote Reflections

Bruce Whitfield did an excellent job of chairing the morning sessions. He managed to gather enough knowledge to challenge the speakers and get the audience involved in the round table. His question about the $1 trillion to Greg Day will go down in history. Craig Rosewarne asked Bruce the question that was on the tip of my tongue too. Bruce, as a Business Radio Presenter, has access to all of the top C level executives in South Africa and we wanted to know just how much they were concerned about Information Security. His feelings were "not so much" but he would follow this up on air.

Phil Zimmerman did punt his new product but leading on from that was an interesting talk about privacy. According to one of the delegates, South Africa is about to be flooded with video cameras all with the latest and greatest facial recognition systems. The government will use the "combating crime" and "stopping terrorism" excuses to do the roll out. While these are important in times of massive risk (such as the World Cup 2010), the equipment will stay. Phil is not from South Africa so he wasn't aware of the whole Mbeki, Zuma wiretapping tapdance but his talk largely was about how VOIP is less secure than normal phones but with encryption can be more secure.

Jeremiah Grossman
. Well.. a speech about how to hack free pizza.. what more can one say - amazing. I think the key takeaway from this speech is that technology is not everything. Hackers can use the technology in the correct way but exploit bad business plans. Jeremiah is very much at ease in front of a large audience and his speech is very polished and nice use of humor.

Greg Day made the fatal mistake of quoting the $1 trillion dollar figure for how big cybercrime is. This is maybe what his keynote will be remembered for. But. I think the key take-away from his speech is that trojans are so easy to compile and send out that signature anti-virus products are lagging. McAfee are trying to fix this by speeding up their signature system. They have also invested in an application white-listing product. Greg refered to this in passing but without going into details. I referred to the proliferation of trojans in my own speech, stating that the insider threat/ outsider threat is no longer up for debate. The point is that hackers are in your internal network. Its a given. Now, what are you going to do?