While social engineering is expected to remain a large-scale threat on SA`s IT security landscape in 2006, small- to mid-sized companies are more vulnerable to cyber threats than big corporations, an industry expert says.
"There were no major security incidents last year that have caused any substantial financial damage. The big companies seem to have all their ducks in a row, having invested money in security and employed dedicated people," says Craig Rosewarne, chairman of the Information Security Group of Southern Africa.
"But there is currently a huge void in the SME sector, which, generally, has a serious lack of IT security measures in place."
Rosewarne argues that many SMEs often have no dedicated security staff and little or no security training is provided for their IT administrators. Some simply do not see security as an issue, he adds.
"There is a need to address this gap and create awareness, especially among those who have their heads buried in the sand. SMEs need to realise that there are a number of things they can do to increase security," Rosewarne says.
While SMEs are often reluctant to spend money on IT security, Rosewarne maintains that in reality, better security does not have to cost much, as SMEs can consider a number of open source solutions or outsource their security functions.
"IT personnel should also add regularly to their portfolios and be in touch with what is happening on the security front."
However, he remains confident that SMEs will become more security conscious in the near future.
"This is not only going to happen due to increased awareness, but also through governance pressure. Bigger companies that wish to comply with King II or Sarbanes-Oxley will require their suppliers and partners also meet certain security requirements."
Share