It may sound like a biblical reference, but whenever two or three IT security professionals gather in one place to discuss IT security, someone will get scared.
Yesterday that someone was me, but at least I was in good company being an attendee of the International Cyber Threat Task Force Summit.
A two day event, the summit brings together experts from around the world on IT security, with no small number of Irish experts too. In fact, a world authority on Payment Card Industry Data Security Standard (PCI DSS), Matheiu Gorge of Vigitrust may be from France but has been based in Ireland, and he commented during the panel discussion that Ireland has a very large number of world class experts in the field and that we should do more as an industry to lobby government for improved legislation and regulation.
Another notable from the local scene were Paul Byrne, founder and CEO of PBXwall. Byrne is a telecoms engineer of many years experience and when he set up on his own had his company fall victim to toll fraud. Spurred into action, his company developed a comprehensive offering that offers toll fraud protection for both standard and IP-based PBX systems.
Pierluigi Paganini is an academic and company operation director for Bit4Idwith a speciality in cyberweapons. He gave a rather chilling presentation that outlined the fact there is not only no standard and accepted definition of a cyberweapon, there is no such accepted definition for cyberwarfare.
However, listening to the various presentations from the first day, a few overarching themes emerged. The first is that while regulation and legislation is still far behind the technology, carriers, service providers and technology vendors could be doing more to protect businesses and consumers in their use of technology. However, with representatives from all parties present, there was still some debate as to how that might be accomplished and to what extent.
Another theme was that user education, right down to friends, family and children was necessary. Mark Johnson, chairman of the Risk Management Group, exhorted all present to use their own knowledge to educate others and increase the base level of knowledge to combat fraud. He gave the example of his children playing games on his smart phone while on a long car journey. He highlighted that they may have downloaded something from a third party app store and that he may then connect to a corporate network with the same device. This situation is further darkened by the fact that some 80% of the top five most popular Android apps on third party app stores were actually compromised in some way, according to one of the other local experts, Cathal McDaid, security consultant with Adaptive Mobile. Johnson said that the reach of technology is now such that we all need to ensure that we are protected both technologically and personally, through education.
As I prepare to head back to the summit, I hope the anxiety levels can be reduced somewhat, but messages emerging are that the criminals are organised, sophisticated and highly motivated. Unless we, as an industry, an economy and a nation, do more to combat the problem, we face a dark technology future.