From digital transformation through to the arrival of the Fourth Industrial Revolution (4IR), decision-makers are changing their views on how technology can benefit the organisation.
But while much attention is placed on things like data analysis, the cloud, and automation, cyber security has fallen by the wayside, writes Ian Jansen van Rensburg, lead technologist at VMware.
Given the greater connectedness between businesses, their customers, and partners, it is easy to understand how the focus has shifted to finding better ways of nurturing relationships for a common good. This has resulted in finding more innovative ways of extracting meaningful insights from the data at their disposal giving way to artificial intelligence and machine learning complementing human intelligence. But when it comes to safeguarding that data, many are still reliant on using anti-virus and firewall solutions.
Changing threat landscape
It seems counterintuitive and yet businesses continue to combat sophisticated security threats in the digital age with traditional tools. If other digital solutions have evolved and been embraced, why the hesitance to adopting the same approach around cyber security?
According to a recent survey, only a quarter of business leaders across the Europe, Middle East, and Africa are confident in their current cyber security solutions. And despite three quarters of business leaders believing their security solutions are outdated, only 42% admitted to acquiring new tools over the past year.
Furthermore, 35% of South African IT decision-makers are expecting some form of attack to occur not within years or months, but days. Given this context, it has become paramount that not only must investments in new security products increase, but mindsets also must change if companies are to keep their data safe from compromise.
Not about money
It seems that spending patterns have already started to change. Worldwide spending on cyber security topped more than $114-billion last year with the market expect to grow to $124-billion at the end of this year. Changing security risks, business needs, and industry changes are the main reasons driving this. Of course, it is one thing to implement new solutions and something else entirely to foster a cultural change inside the business.
Sadly, nearly a third of IT security respondents say that it takes up to a week to address a cyber security issue. In today’s real-time environment, this is not good enough. Recently, the City Power in Johannesburg was hit by a ransomware attack that not only compromised its databases but left many clients unable to buy prepaid electricity. Imagine the reputational (and financial) damage of taking a week to resolve this.
Clearly, existing cyber security policies are not adequate. The biggest shortcoming in the rush to become cyber vigilant is outdated software. Organisations must therefore move beyond their traditional way of managing cyber security. Just like they have embracing other innovations for the digital age, so too must they closely examine how their existing IT security systems need to be overhauled.
Slow and inefficient practices are resulting in businesses losing their confidence in their ability to combat the latest cyber threats. Throwing money at the problem will not make it go away. A fundamental change to how cyber security is managed in the organisational structure is necessary if the business is to be protected against more sophisticated digital threats.