A dangerous cyber security disconnect
- {{x.value}}
{{ twilioFailed ? 'SMS Code Failed to Send…' : 'Enter verification code' }}
{{ completedStep1 ? 'Start your free 15 day trial now' : content.trialHeading.replace('{0}', user.FirstName) }}
{{ content.upgradeHeading.replace('{0}', user.FirstName) }}
The email address you entered is registered with InvestSMART
Please login to continue
We have sent you an email with the details of your registration.
Looks you are already a member. Please enter your password to proceed
{{ upgradeCTAText }}
Updating information
Please wait ...
Your membership to InvestSMART Group recently failed to renew.
Please make sure your payment details are up to date to continue your membership.
Having trouble renewing?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
You've recently updated your payment details.
It may take a few minutes to update your subscription details, during this time you will not be able to view locked content.
If you are still having trouble viewing content after 10 minutes, try logging out of your account and logging back in.
Still having trouble viewing content?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
Please click on the ACTIVATE button to activate your Intelligent Investor 15-day free trial
Please click on the ACTIVATE button to finalise your membership
Unsuccessful registration
Registration for this event is available only to Eureka Report members. View our membership page for more information.
Registration for this event is available only to Intelligent Investor members. View our membership page for more information.
- You are already registered for this event.
- This event is already full.
- Please select a quantity for at least one ticket.
- {{ i }}
Forgotten password
Please enter your email address below to request a new password
- Verify your email address by clicking on the link we sent to {{user.Email}}
- You now have free access, we look forward to helping you on your financial journey.
I'm starting to think there's a complete disconnect in the security industry between what vendors are trying to sell and what's best for organisations to concentrate on.
For me, the penny dropped during the recent Security 2012 event in Sydney.
One the one hand, the trade show floor was packed with surveillance gear, especially the latest in video cameras and the massive data storage systems needed to store all their high-definition footage should it ever be needed.
"Having done the #security2012 hall I realise that security in 2012 is that everything is a threat and you should record it all in 1080p," tweeted Gavin Costello, a security product manager.
Costello is right. The range of video surveillance products now available ensures that nothing need be left unrecorded.
Cameras for indoors and outdoors. Infrared cameras for use in the dark. Trailer-mounted camera masts that can be set up wherever surveillance might be needed at short notice. Even sub-$200 webcam-style cameras so you can turn your own home into a panopticon.
It's the same mindset behind the rhetoric that says information security is a big data problem and, as RSA executive chairman Art Coviello put it earlier this year, we're only held back by slow-moving governments and their pesky privacy laws.
It's the mindset that leads the intelligence and law enforcement agencies to seek ever more data to analyse. It's precisely what drives the data retention proposals in the current parliamentary review of Australia's national security laws.
If only we can collect that one missing piece of information then everything would make sense.
(In a similar way Mark Zuckerberg seems to believe, at a personal level, that if only he had that one last piece of data about another person then he'd understand them. Hence Facebook.)
But on the other hand, the message delivered upstairs in Security 2012's conference stream was rather different.
Security isn't about mindlessly gathering ever more data, but developing a better understanding of the data you do have, gained through better sharing of information and knowledge with your allies.
Even Attorney-General Nicola Roxon stressed this in her otherwise routine keynote.
"The 9/11 Commission identified that if information had been shared more effectively, the ability of the US intelligence systems to either prevent or mitigate the effects of the terrorist attacks would have been improved," Roxon said.
"We now see the mantra of managing information has moved from a basis of 'need to know' more to the basis of 'need to share'."
Security certainly isn't about technology and standards, but about the ever-present human factor.
"The [ISO] standard for IT, this 27000 series, will not protect you from the type of cybercrime that we're talking about when we talk about state-based espionage or high-level criminal attack," Jason Brown, national security manager for defence contractor Thales Australia.
"It's actually the culture of the organisation, the capacity for [staff] to say 'There's something wrong with this message' or 'I've got a problem with my system' and do it really quickly," he said.
"Every employee needs to be thinking about security the same way they think about brushing their teeth each morning," Brown said.
Even the advice from Australia's Defence Signals Directorate that just four simple strategies can prevent 85 percent of attacks -- advice based on their award-winning research -- requires nothing new to be bought.
Patch your applications. Patch your operating systems. Limit admin-level access to those who truly need it. Set up application whitelisting, so only approved software is allowed to run.
None of that is something that vendors can sell.
Call 1300 880 160
Start a chat
Schedule a call
