Changing cyber security best practice
Even though cyber security is a mission-critical part of ensuring business success in today’s digital environment, not many local companies are prioritising this. According to Zaheer Ebrahim – Presales Engineer at Trend Micro, more must be done to ensure systems are protected from attacks.
According to The State of Enterprise Security in South Africa 2019, conducted by World Wide Worx in partnership with Trend Micro and VMware, almost 73% of respondents cite acquiring new customers as their highest priority. Protecting against cyber attacks come in at a distance fifth with only 58% rating it as a priority. Despite well-publicised instances of local malware breaches (City Power as an example), what else must happen for this to change?
“In part, cyber security requires a mind shift. It is not about putting in a firewall and installing anti-virus. In fact, the entire notion of traditional endpoint protection must change. Being vigilant in an always on world requires solutions that integrate with existing business processes and safeguard all entry points into the organisation.”
Fortunately, research shows that when it comes to areas where corporate funding has increased, protection takes up most of the top spots. From encryption and mobile security, through to backups threat monitoring, and authentication, companies are providing more budget to security operation teams to keep the business safe.
Aiding this is the transition to the cloud. Most respondents (72%) have stated they are advanced in their move to public cloud providers. And this is where the shared responsibility model comes in to play.
“While cloud providers are secure when it comes to data protection and system access, the information still needs to get to those data centres. This means an organisation must take responsibility of ensuring the safety and integrity of the data while it is on-premise and being transferred to the cloud. Keeping data safe when moving across applications and endpoints is fundamental to today’s cyber security approach.”
But despite this, outdated security software and systems (92%) are rated as the most significant area where local companies are the most vulnerable.
“So, organisations might think themselves ready when it comes to attacks, the reality indicates otherwise. While all the elements are there to provide a more secure environment, the final obstacle must still be overcome – having a real organisational will to change. Cyber criminals are increasingly skilled with more than 350,000 new unique threats emerging daily. This means that companies, irrespective of size or industry, must start integrating best practice when it comes to cyber security.”
This means that a pervasive security approach must be adopted. Part of this entails educating employees on an ongoing basis about the risks of social engineering, phishing, the dangers of shadow IT, and so on.
“Cyber security is an organic strategic function inside the organisation. It is not about ‘installing and forgetting’ but rather about how to provide the best defences possible and to also mitigate when the worst should happen.”