SA business too reactive around IT security
Cyber Security is the “invisible war” that should be a top-of-mind priority for local businesses looking to effectively mitigate risk and protect critical business infrastructure.
This is according to financial services firm KPMG, which says that, globally, the issue to cyber criminal activity and security is on the rise, where the topic is now on almost all board agendas – and frequently at the top.
It noted that, internationally, data security breaches have become headline news almost on a weekly basis.
“The picture is somewhat different locally. South Africa has not yet been a target of a massive cyber security breach and therefore has not yet felt the detrimental effects such a breach could bring to an organisation,” said Jason Gottschalk; associate director at KPMG.
“However, considering the rapid evolution of new technologies such as mobility and cloud, as well as the current Internet growth and penetration locally, including the fact that the 2010 World Cup placed SA on the global map, Africa now has the potential to become a hotspot for cyber criminal activity. In fact we are starting to see this invisible cyber security war unfold and something needs to be done to stop it.”
A recent survey conducted by Kaspersky Lab revealed that, although targeted types of cyber attacks are not presently the most common threats South African companies face, they are the breaches that can cause the highest financial costs.
The survey results highlighted that 8% of respondents locally noted that their companies had been subjected to a targeted security attack over the past 12 months.
And while this percentage of affected businesses is still low, “unfortunately, South African companies have yet to take this impeding threat seriously and as a result most businesses are very reactive in their approach to effective IT security,” Gottschalk said.
According to KPMG, one of the biggest concerns within the local environment is the reactive versus the proactive approach to IT security.
“South African businesses are far more reactive when it comes to IT security threats in comparison to their overseas counterparts,” said Gottschalk. “The fact is that cyber criminal activity globally has become a syndicated business.”
“As a result, businesses need to understand that IT security policies and procedures is not merely a ‘tick box’ to meet compliance or regulatory standards, but it is a business imperative.”
KPMG noted that, although the South African legislation does enable the prosecution of cyber related security incidents, it does have limitations.
“What adds to these limitations is the lack of required focus by government and business to ensure that responders are trained effectively to collect admissible evidence for cyber criminals to be prosecuted”.
More on cyber-security
US budgets billions for cyber security
Cyber attack may not have been from China
Tackling the dos and don’ts of cyberwar
Loading ...