The IT security industry needs a “healthy injection of honesty and reflection” to address its own failings.
This is the view of Haroon Meer, Founder of Thinkst, who will speak on the issue at the upcoming ITWeb Security Summit, in Sandton, in May.
Meer says the information security industry needs to change. “We are in pretty bad shape considering that some of us have actually been trying and investing in security for the better part of a decade.
“I think admitting we are broken and need fresh approaches is a critical first step,” says Meer.
“We desperately need to inject honesty (and some knowledge) into the vendor space because, as an industry, infosec is still largely driven by vendor supply.”
Meer says problems arise because vendors simply sell the products they have (even if they don’t address problems that customers actually have).
In addition, he says: “Many consultants sell consulting without ever necessarily having been in the trenches, so they often dole out crazily impractical advice.”
He adds that growing numbers of ‘green’ consultants are entering the field to meet expanding demand. “The danger is that even the consultant you have hired might not fully understand how big the problem is.
“Security departments are running around trying to keep business happy and users in line, and all the time nobody is admitting that, for the most part, everyone is relying on prayer as a defence mechanism, hoping that the attack doesn’t come on our watch.”
Meer says the biggest computer security threat facing South African businesses may be the attempt by many to oversimplify the problem. “This leads to solutions that are potentially neat and simple (while being unuseful and unhelpful),” he says.
“I think in some ways the problem is much bigger than most enterprises think. This is not just me being alarmist.”
The annual ITWeb Security Summit will take place from 15 to 17 May 2012, at the Sandton Convention Centre. For more information and to book your seat, go to www.securitysummit.co.za.