The importance of cyber security

The importance of Cyber security

What are the key risks to businesses in SA? 

With organisations beginning to realise the opportunities associated with public cloud computing, having a handle on cyber security and proper security governance is more important than ever. There is a very clear and well-defined shared responsibility when it comes to digital and information security and often this is ignored, usually out of ignorance. 

Organisations have this opinion that just because they have moved to the cloud, they are by default secure, and this couldn’t be further from the truth. While it can be argued that cloud is in many instances more secure, there are still steps and measures organisations need to put into place to ensure information security. 

Practical steps for businesses to mitigate these risks? 

Information security awareness starts internally, with employees being made aware what risks exist, how these relate to their workplace, and what they can (and should) be doing to help mitigate these risks. 

Having information security professionals skilled in cloud operations and architecture is crucial to understanding this new way of doing things and avoiding any gaps that may exist. The Cloud Security Alliance listed the lack of Security Architecture and Strategy as a major risk to cloud computing, and this is no exception to South Africa. As easy as it is to get “into” cloud, due care should be given on how you make the transition, keeping security and compliance front of mind. 

Is cybercrime being taken seriously enough in SA?

I don’t believe cybercrime, and by extension cybersecurity, is getting the attention it deserves – a big challenge to this being no formal legislation…yet. That said, we have the Electronic Communications Act that is meant to govern quite a bit of what we do, in a very specific context, but there is very little recourse for people on the receiving end of cybercrime. 

The Cybercrimes Bill, when finally written into law, will define offenses and associated penalties, covering things like cyber extortion, unlawful interference with data of computer programs, and enforce controls around malicious communications like the distribution of data messages of intimate images without consent. 

It’s a step in the right direction and a very positive sign that government is committed to addressing issues related to cybercrime.

The underlying risks that catch companies unaware?

There are far too many people who believe cybercrime happens from a dimly lit room somewhere with a dubious character hunched over a keyboard, stealing your data from hundreds of kilometres away. While this is a very real scenario, the reality is that insider threats, whether intentional or accidental, are much more likely. 

People sharing passwords, following unsolicited links via e-mail, and (still) falling for scams promising wealth is still very prevalent. 

The role of leadership in tackling these risks?

As far as cyber security and information protection is concerned, the leadership of any organisation should be leading from the front. I’m of the opinion that people in positions of authority within organisations need to be held at an even higher standard, given the information they have access to. Information assurance officers and cyber security professionals should have enough influence to be able and allowed to enforce policy on individuals, regardless their position on the corporate ladder. 

Awareness, training, and relevant workshops should not only be promoted by leadership but attended and contributed to. 

To find out how to protect your organisation from cyber attacks, get in touch with us.

Leave a Reply

Your email address will not be published. Required fields are marked *