Corporate South Africa is under pressure from the economy, labour regulations and unrest, political instability and a fluctuating rand. The last thing on executives` minds is the risks their companies face in the digital world, but it is a governance issue they have to deal with.
Philip Gerber, MD of Magix Security, says the past few years have seen millions spent on protecting businesses from external threats with firewalls, intruder detection solutions and the like. "This year, we expect to see more focus on internal threats posed by employees that have access to sensitive information and systems that outsiders consider valuable.
"This does not mean ignoring external risks, but business will focus on vulnerabilities they have a better chance of controlling. Hence the top 10 risks companies will face in 2012 is biased toward internal security, preventing those with access privileges from abusing their positions of trust."
The top 10
1. Poor understanding of security for the cloud. Cloud computing is all the rage today, but how much time have executives spent considering all the security implications of hosted services?
2. Continued ignorance of corporate governance. Governance is there for a reason. It can be expensive, but continually trying to cut corners leaves security vulnerabilities waiting to be exploited.
3. No ROI on IT security spend. IT managers need to ensure they deliver measurable returns on their security spend that executives can understand. Losing new product plans, for example, is an understandable threat.
4. Poor management of passwords. It`s an old story, but passwords are still the weakest link in the security posture of organisations.
5. Leakage of corporate IP via endpoints. Failing to control endpoints, such as USB ports, is an open invitation to lost databases and intellectual property.
6. Low level of integration of security solutions. Part of the reason for the high cost of security is that products have been bought to solve specific problems, without integrating them into a comprehensive security solution.
7. Inability to recognise that enhanced security improves corporate governance. Just as poor governance increases risk, improved security supports more efficient governance and compliance.
8. Low level awareness of hard drive encryption. Stealing a hard drive or USB stick is far too easy. The simple process of encrypting all corporate data makes the loss of hardware almost irrelevant.
9. Web 2.0 application risks. Everyone wants to be on Facebook and other social networks, but nobody wants to take responsibility for the productivity losses or associated security risks.
10. Poor management of privileged identities. The failure to manage and monitor people with access to sensitive data and IT systems is another area of vulnerability organisations have ignored, but will have to address in the coming year.
Many of the risks companies will face in 2012 are not new, but a large proportion of these vulnerabilities emanate from inside the organisation, and the results of a breach can be disastrous from a legal and commercial perspective.
Share
Editorial contacts