Subscribe
About

The importance of IT security

Security is, without doubt, emerging as one of the most important elements in IT planning and implementation.

Companies and individual users alike are being bombarded with more, and more devastating, attacks than ever before - and many are not winning the fight against today's new breed of IT criminals.

Experts explain that, in the past, hackers and virus-writers were typically youngsters trying to test the technical expertise and their reward was glory rather than money.

Today's cyber threats, on the other hand, come from well-organised groups of real criminals who are in it for the money - and there is plenty to be made.

Malware (malicious software) has moved well beyond the nuisance element and today can not only bring a business to its knees by crashing strategic systems, but can extract information to use in crimes that the company isn't even aware are being perpetrated.

Even the traditional virus - a piece of code that executes within another, legitimate, program - is now being used to manipulate data and create havoc.

Trojans - applets hidden within other, innocent, files and set to trigger at specific times - have matured to being able to harvest information and send it back over the Internet.

Other Trojans can turn computers or networks in "zombies" or 'bot networks that can be remotely controlled either to steal information or harness the resources for unsolicited spam campaigns.

Spam - unsolicited e-mail that attempts to sell the user something or entice him into a specific action - has moved beyond simple advertising and now includes deliberate attempts to artificially manipulate stock prices.

Adware is software that a user downloads deliberately and for free, in return agreeing to receive advertisements. These programs will often feed back generic marketing data, but are usually legitimate and stop short of specific personal information.

Spyware, on the other hand, is downloaded without the user's knowledge or consent and gathers specific and personal information about the user - including banking details, logins, passwords and other personal information. Spyware is generally there for the purposes of identity theft.

Phishing, which also culminates in identity theft, is a form of spam that masquerades and legitimate mail and cons users into giving their personal information out.

The problem is exacerbated by the fact that more and more companies are not only connected to the Internet, but are opening their systems up to customers and partners.

Cyber criminals, however, as using these more open and accessible systems to inveigle their way even deeper into strategic and mission-critical systems to cause damage and extract information.

Even the ubiquitous cellular phone is now being used for nefarious purposes. The number of viruses on smartphones has increased dramatically and now numbers well over 1 000.

In addition, a new threat - SMiShing - now targets cellular phones through the operators' SMS gateways and tricks the user into downloading malware. This is the first threat the spans both PC and cellular environments, but experts warn that there will be more.

As prevalent and potentially-damaging as these external attacks can be, companies face a much bigger challenge from within the ranks of their own employees.

It's a sombre fact that most attacks come from trusted employees and so companies also have to consider the security of their IT systems from these internal attacks.

All in all, companies and individuals alike are at risk from cyber attacks. However, research shows that many users and organisations still downplay the risks that they face.

A recent Accenture survey found that few companies around the world thought that the risk had increased over the preceding year - and most believed their companies weren't vulnerable.

However, a much larger number of companies were actually attacked during that period, with 57% of US companies being hit by viruses, 34% by worms, 18% by denial of service attacks, 9% by network attacks and 8% by identity theft.

Fortunately for companies around the world, there is a big emphasis on good corporate governance and number of laws and codes of good practice that address the issue of security.

Because companies are almost forced to comply with the regulations, their security strategies and management are coming under the spotlight.

Around the world, companies are complying with the requirements laid down in Sarbanes-Oxley and Basel II regulations, while in South Africa the ECT Act, the EC Act, the King II Report and the Interception Act are all forcing companies to consider their IT security.

Visitors to Futurex & Equip will be able to examine and compare different offerings in a special Security Zone that will be part of the show and help to highlight the importance of this very strategic subject.

"Our goal has always been to bring the best of the global trends to Africa," says Jo Melville, MD of Exhibitions for Africa.

"Of course, security - in general, not simply IT - has been important for some time now, but the current situation has made it critical."

Exhibitors will showcase their solutions, from anti-virus to anti-spamming, content management, anti-spyware, encryption and intrusion prevention.

This year, the international IFIP TC3 Information Security conference and exhibition will run alongside Futurex & Equip, giving visitors the opportunity to learn more about the vital security aspect of IT while enjoying the full spread of experiences offered by the full exhibition.

"This is the first time in many years that a show like IFIP has been available to South African delegates. The fact that the organisers have chosen to run it alongside Futurex & Equip is a vote of confidence in our show."

The IFIP TC3 conference to be held in May is just the second time this prestigious global event has been run in South Africa, the last time being in 1995.

While the programme of events is still under review, event organiser Peter Aspinal confirms that one of the keynotes will be delivered by Judge Mervyn King, and deal with corporate governance; and another will be by Professor Ross Anderson or Cambridge University, a world authority on data security.

Other presentations will cover areas such as cryptography, key management and PKI; security, privacy and trust; fraud management; identification management; social issues; change management; governance; forensics; education; networking; human/computer interaction; staganography; RFID; the wireless environment; international standards; privacy enhancing technologies; risk management; methodologies; trust models; and vulnerability assessments.

Futurex & Equip will be held from 15-18 May 2007 at the Sandton Convention Centre in Johannesburg. For further information, please contact Sandra Galbraith - sandrag@exhibitafrica.co.za.

Share