While the threat of cyberattacks continues to grow, the latest insights from IDC suggest that many organisations in South Africa are struggling to get even the basic safeguards in place in order to protect their infrastructure and data.
The research group has identified this as an area of pressing concern ahead of its upcoming South Africa CIO Summit at Emperors Palace in Johannesburg on April 21-22.
“Organisations are at risk all the time because hacking can come from anywhere, and for that reason IDC encourages businesses of all sizes to put practical security measures in place so as to ensure the safety of their data,” says Jon Tullett, a research manager at IDC Sub-Saharan Africa. “A system hack can come from an external source or, sometimes unknowingly, your own employees. A deliberate hacker will also try multiple ways of getting into the company’s system. Therefore, CIOs need to invest more in educating the organisation about security, rather than just the products and applications of security.”
“There are numerous ways in which organisations can protect themselves,” says Tullett. “First, they must learn which cybercrimes are currently most common, and familiarise themselves with the vulnerabilities that cybercriminals are trying to exploit. The different techniques include phishing, malware, and system hacking, and if IT leaders know which cybercrime attempts are most frequently made on their networks, it becomes much easier to educate employees on the matter.”
The next step is for CIOs to ensure every staff member takes cybersecurity as seriously as their physical security. “It is crucial for staff to understand how easy it is for hackers to download simple hacking tools to tap into their Internet sessions, server searches, and downloads to track their usernames, passwords, social media and email accounts, and even their bank details,” says Tullett.
CIOs should develop a protocol on cybersecurity for everyone in the organisation to follow and should be able to detect when company data is being abused. More importantly, they need to educate employees on the importance of strong passwords, regular password changes, confidentiality protocols, and data protection.
“The biggest investment for cybersecurity is in the effective use of the security measures that have been put in place to ensure that every member of staff, supply chain, and all who have access to the company’s data understands how to protect themselves from any kind of attack,” explains Tullett. “And while CIOs cannot prevent staff from accessing data from the server completely, they can do a lot when it comes to preventing damage to the server itself.”
The implementation of a proper strategy and action plan will govern how cyberattacks within the organisation are dealt with and, ideally, it should be rehearsed as you would a fire drill. Tullett warns that employees and customers should also become more security conscious when it comes to transactions they make on the Internet while connected to the organisation’s network.
Tullett adds that while the CIO remains the primary leader of technology decisions, the rising influence of lines of business (LoB) also impacts on security. “CIOs must keep this influence and potential technology purchases in mind while developing their security strategies to ensure there are no gaps that leave the organisation vulnerable to attack.”