Securexpo East Africa 2018, the largest security trade event in the region, opened on the 31st January ending on the 2nd of February.
The exhibition and conference took place at the Visa Oshwal Centre in Westlands with FREE access to anyone who registered on the website. Organized by Montgomery, a global events company, SecureExpo attracted exhibitors within the commercial and homeland security industry dealing in fire, safety and cybersecurity. Local security companies exhibiting in the expo included SGA Security and Security Systems International LTD.
Cyber Security; 3 Lessons Every Website Owner Should Know
Legibra is a company that designs, develops and hosts websites as well as mobile applications. Naturally, our interests in the SecureExpo were skewed towards cybersecurity. After all, as more businesses digitalize their business processes and move to the internet, their exposure to cyber-attacks increases.
Plus, Kenyan companies are getting hacked right, left, and center because of failing to put in place simple cyber security measures like SSL certificates. That said, here are the three most insightful lessons learned from the event that we think you should know;
1. We Should Shift Our Focus From Prevention and Protection
Terry Macharia, a cyber security expert at First Nexus Company, reminded us that we cannot be able to stop every cyberattack. Therefore, we should plan to spend less money on prevention and protection and begin to drive it more equitably to detection and response. And if you think about it, regardless of the cyber security measures put in place, a dedicated and well financed party who is out to hack you, is going to get in. It is better to adapt your web security measures to focus on detection, response and mediation.
2. Mitigating security risks is a web developer’s core job
As James Grimshaw -Vice President Commercial GardaWorld International Protective Service- shared the importance of having a clear and accurate emergency or crisis response plan, Legibra saw an opportunity to improve security for website clients. But how? In addition to our existing risk mitigation practices which include but are not limited to;
• Ensuring our websites are always backed up
• Ensuring a detailed scope is defined for all projects
• Making the project wireframes prior to jumping into the development
• Code commenting, documentation & version control
• Asking for detailed QA practices documentation.
Legibra website developers can also take a step further to educate clients on how to protect themselves by creating awareness about the privacy policies, as well as creating a step-by-step guide on what to do when faced with an attack.
3. New Threats Need New Security Measures
Consider this situation. Which would have more impact on Kenya? An attack on Safaricom’s MPESA service or a Member of Parliament getting carjacked? Keep in mind that if MPESA was compromised, over 21,574,006 Kenyans would be affected. And yet, we have the government declaring that the M.P is a critical infrastructure deserving of higher security and protection as compared to Safaricom which is not considered a critical infrastructure. The mismatch reveals gaps that should be bridged, preferably, by both the public and private sector.
Similarly, traditional web security measures and technologies are fast becoming obsolete. The current measures may not be sufficient to safeguard web applications from new threats since attacks are now specifically targeting security flaws in the design. New security measures, both technical and administrative, need to be implemented alongside the development of websites and mobile applications.
Conclusion;
Securexpo East Africa 2018 was vibrant and well organised; it gave Legibra the opportunity to meet high level decision makers from government and large corporations who are interested in establishing powerful web presence. By providing access to some of the best cybersecurity minds and practitioners, SecurExpo E.A 2018 has succeeded in delivering top-notch education and training around the region.
We look forward to the next!
