DISCLAIMER: this article is older than one year and may not be up to date with recent events or newly available information.
Our recent World Wide Worx survey, conducted in partnership with Trend Micro, has shown that local CIOs are not leading the company response when it comes to dealing with data breaches. This indicates a clear disconnect between C-suite and IT strategies that must be addressed if companies are to ensure data remains safe at a time where it has become a prime target for malicious users.
Fortunately, decision-makers are aware of the risks out there. They understand that it is not a case of if they will be attacked, but rather when this will happen. More than a third of respondents expect the next cyber attack to hit them within a few days while more than half anticipates this to occur within the next year.
Given these grim findings, one would expect that shoring up defences would be a strategic priority. Yet, the two main focal points when it comes to corporate initiatives were acquiring new customers and growing existing customer revenues. Protecting against cyber attacks came in a distance fifth. Yes, difficult economic times mean companies must do everything in their power to ensure growth, but this investment will be futile if they cannot protect the data of their customers.
This is especially relevant when one takes into consideration the financial and reputation impact of data breaches in a highly regulated market. The fines associated with not taking adequate measures to protect customer data can be astronomical. And when those customers find out that there has been a breach and not enough was done to safeguard their information, the loss of trust can be even more significant resulting in people flocking to competitors.
Respondents confidently state they can protect the company in the event of an attack. In fact, 99% of people surveyed said they have the capacity to do so. Sadly, this assuredness comes tumbling down when asked if the skills to do so are there – a whopping 45% agree that they do not have the capabilities to keep the business safe.
This lack of skills is especially concerning given the important role data protection plays in the connected world. Companies must do more to ensure that employees are not only educated about cyber security risks, but social engineering as well. And while this education will not address the significant skills gap that currently exists, it is a step in the right direction.
Furthermore, decision-makers must also look beyond the human element and must more closely examine their security software and systems. The survey found that almost 93% of respondents had outdated solutions in place. This could be attributed at least partly to a lack of integration between the CIO and the IT department.
Going forward, a more integrated cyber security approach is required that encompasses the solutions, the infrastructure on which they are used, and education on the threat landscape. It is about focusing on applications and building in an intrinsic level of protection that links the hardware with the software.
The State Of Enterprise Security In South Africa