Local execs taken to task on IT security
The majority of South African organisations believe C-level executives or the board should be held accountable for a significant data breach.
This is according to a local study conducted by VMware and World Wide Worx, involving 103 companies in SA with over 500 employees.
With 35% of the respondents saying C-level executives or the board should be held liable, almost a fifth (16%) of IT decision-makers do not believe their board or C-suite provides the right amount of attention to cyber security issues.
Fifty-two percent of respondents stated there either is no plan within their overall business strategy for addressing a security breach, or that only a small part of their organisation is aware of there being one.
Presenting the survey findings in Johannesburg this week, Arthur Goldstuck, World Wide Worx MD, said South African businesses view security as a top business priority, as the study found 49% of South African IT decision-makers believe their organisation is vulnerable to a cyber attack.
The other business priorities include acquiring new customers as well as growing existing customer revenue.
It also emerged from the survey that 16% of IT decision-makers expect a serious cyber breach in the next few days.
According to the survey, 56% of the respondents take a few minutes to detect a cyber breach, 23% detect within an hour, 9% within a half day, 8% within 24 hours, while 2% said they will never realise an attack has taken place.
"It's time to rethink security," said Goldstuck. "In South Africa, security breaches are significantly outpacing security spend. Our greatest vulnerability is that cyber threats are moving faster than our defences."
When given a series of potential vulnerabilities that may leave their organisation vulnerable to a cyber attack and asked to rank them on a scale of one to five, lack of budget and employees who are careless or untrained in cyber security ranked as one of the highest forms of threat (both at almost three out of five), topped by outdated software and systems security solutions (at 3.4 out of five).
South African IT decision-makers stated funding will be reduced across security, including mobile security (23%), threat monitoring (18%) and encryption (24%.
"The issue around accountability is symptomatic of the underlying challenges facing business as they seek to push boundaries, transform and differentiate, as well as secure the business against ever-changing threats," commented Matthew Kibby, regional director at VMware Sub-Saharan Africa.
"Today's most successful organisations can move and respond at speed as well as safeguard their brand and customer trust. With applications and user data on more devices in more locations than ever before, these companies have moved beyond the traditional IT security approaches which are increasingly less able to protect the digital businesses of today."
The research also reveals the steps employees are willing to take to increase productivity. According to IT decision-makers, almost half (47%) of employees are allowed to use their mobile device to access corporate data, and 42% are aware their employees' mobile devices have been hacked.
"With the vast amount of data available on information security threats, there is no excuse for ignorance or inactivity," says Goldstuck. "Yet, that's what we still see in a small but significant number of corporations. At the very least, any sizeable company should have a set of security measures, protocols and responses that is as much part of the company's DNA as is its marketing strategy or legal compliance policy."