The digital business landscape sees organisations face a myriad of security threats. It is no longer good enough to merely be reactive towards these risks. Instead, says Riaan Badenhorst, Managing Director, Kaspersky Lab Africa, decision-makers need to embrace a more pro-active strategy – now.
“Companies need to look beyond the traditional viewpoint that cyber security only entails a firewall, an anti-virus solution, and some Internet filters. Instead, it has evolved to become a process that is completely integrated into the running of the business.”
Just as is with our personal lives, there are very little facets within a business that does not necessitate being connected around the clock. Equally though, no device or system can be completely secured against malicious users.
This means that companies need to invest ‘differently’ to ensure they are better protected against attacks, whatever the source or method of attack used. According to Kaspersky Lab researchers, 80% of the security budgets of companies are spent on preventing security breaches. However, only 20% goes towards strategies actually designed to detect attacks, as they happen, and respond to them to minimise any damage, and to help predict future attacks.
Continues Badenhorst: “If a cyber-attack makes it through the organisation’s perimeter, which can never be 100% secure, threat actors can spend months siphoning off sensitive corporate data, in a compromised corporate network, without ever being noticed – the impact can be massive. Budgets, therefore, need to be redirected towards services and solutions that go beyond preventative technologies – in fact the spilt should be a 60/40 approach. Only then are companies able to develop a comprehensive security strategy, and cope with the realities of modern-day cyber warfare.
“With IT systems evolving, many organisations also need to overcome reliance on legacy systems. This can often mean their security solutions. In fact, too often, organisations use anti-virus and Internet security software from a number of vendors, as their needs change on an annual basis, and very little thought is given to making IT security more effective and efficient,” adds Badenhorst.
“This is especially true in environments where companies have a number of branches or retail stores. On the one hand, head office does not want to dictate policy on a per store or franchise basis but on the other, there are fundamental systems and processes that need to be put in place to maintain the integrity of the entire organisational network.”
Finding a cyber-security approach that takes care of fundamental corporate protection, in addition to advanced threats, can mean the difference between growing the business and closing it down. Attacks are inevitable with breaches happening more than many companies care to admit, or even know of.
In fact, a good example of a local business that understand this is Imperial Auto, the largest network of vehicle dealerships in South Africa.
Says Mark Terblanche, divisional IT manager at Imperial Auto: “As our network has expanded over the years and inherited many different internet security solutions, suppliers and contracts, we, at Imperial Auto, felt the need for best-in-class multi-layered protection technologies in IT security, given we are dealing with vast quantities of data. As a result, we understand that solid and reliable IT security measures is both a legal requirement and critical to continued business success. Kaspersky Lab have helped to prevent cyber incidents across 126 dealerships, geographically spread all over the country, and we believe that this step in IT security has aided the recent growth and success of our business.
“By focusing on making the IT security approach as effective and integrated as possible, will mean that a company has the necessary measures to ensure they are alerted if any intrusion is taking place and immediately isolate the threat(s) before it gets out of hand. Falling prey to a virus is one thing, but having data stolen by a malicious user could cripple a business and impact its entire supply chain,” concludes Badenhorst.
Cyber security policies need to be reviewed on an annual basis, at a minimum, to ensure all devices are protected. There can no longer be any weak links in the cyber security chain. Companies have to invest in different ways to become more threat-intelligent.