A financial institution not investing in a long term information security strategy is gambling with the protection of corporate and client data, according to information security experts at 4Di Privaca.

The executive mind-set of viewing information security as a grudge purchase or “best left to the CIO” needs to change, in order for financial institutions to keep pace with the ever-changing technology needs that impact business operations and defends against sophisticated cyber threats.

The growing importance of protecting sensitive data, bring new security challenges to the CIO, who is already facing ROI pressures, complex regulatory requirements and lack of access to skilled security specialists. As a result, CIOs are left reliant on deploying “band-aid” type tactical approaches to quickly resolve IT security threats, leaving sensitive information and networks open to risk.

“IT has become a major cost for businesses, with the incorporation of information security as a reluctant purchase in the broader business cost model, it is becoming increasingly difficult to secure executive approval for ‘all things IT’ and by extension security,” says Drew van Vuuren, CEO of information security and privacy practice, 4Di Privaca.

For a sector like Finance, every time a new regulation or standard is released, there is a need to re-evaluate the IT systems in order to be compliant and without impacting productivity, profit or critical data security. Van Vuuren believes the issue begins with companies tending to leave information security to the last minute and not having regular access to qualified security specialists.

“Executives need to be more aware of the fundamental risks a data breach can have on the business and its reputation. The regular security testing of systems responsible for managing critical data, is the most appropriate way of defending against the Tsunami of cyber-attacks that regularly happen across the financial sector,” adds Van Vuuren.

Although there are not many independent information security practices and specialists in South Africa, it’s important that businesses engage with a practice that takes a vendor agnostic approach.
“Work with firms that understand your requirement from a business perspective, who know what the requirement is and will architect and articulate a solution based on the business need and not on their relationships with technology vendors,” says Van Vuuren.