Top six emerging threats
Poor awareness of weak points and the inability to recognise internal threats are just two rising security threats.
No company can ever be 100% secure. Whether dealing with physical guards-and-guns security, or the sanctity of corporate data and intellectual capital, business today faces a host of threats from attackers that are faster, more intelligent and more invisible than ever before.
The primary danger businesses face today, however, stems from employees who through ignorance or malicious intent can cause great damage to their employers.
It is no simple task to secure a company effectively enough to meet standard corporate governance requirements. It is also a never-ending task because the goal posts are always moving as criminals continually come up with new, innovative ways to beat the system.
Over the next year, the following six emerging threats will become the primary concerns of security officers in South African corporations.
Lack of skills
Apart from the normal run-of-business impact of the skills shortage facing SA, this dearth of knowledge will also present companies with a security risk.
Apart from the normal run-of-business impact of the skills shortage facing SA, this dearth of knowledge will also present companies with a security risk.Amir Lubashevsky is director of Magix Integration.
Part of a good skill set for a particular job is the inherent understanding of basic security procedures. Putting people without the required skills and experience into a job means the work may not be done properly and the appropriate security processes ignored.
The risk of a lack of skills also pertains to companies not updating their employees` skills regularly and allowing them to fall behind current best practices. This will result in a situation where employees will do their best but still be unable to deliver according to the requisite security KPIs for their industry.
Inability to recognise internal threats
This follows from the previous point. Employees need to be educated to understand and have an awareness of the risks the company faces in their area of operation.
Unskilled employees may act in what they think is the company`s best interest, without realising and mitigating the risks the business is exposed to by their operations.
Poor awareness of weak points
How can you mitigate a risk if you don`t know it`s there? Employees must be given the visibility they need to manage potential problem areas, which can only be exposed through competent risk assessment audits.
With technology at its current level, one can never hope to catch intrusions or data theft without the assistance of technology and informed employees who know what to look for.
Poor roll-out of strategies
Effective security is not a product one buys and installs. Security in 2007 is an all-encompassing strategy that caters for all situations, from who is allowed in the gate through to who is allowed to log into the corporate server with supervisor privileges.
Once the strategy is in place, the technology and skills can be resourced to make it a reality. Unfortunately, this is also a catch-22 situation since a company first needs the skills and technology to run a risk assessment audit if it is to develop an effective strategy.
For most organisations, this conundrum leads to the appointment of outsourced expertise to assist in developing the strategy, which is then implemented and maintained in a joint venture between outsourced and internal skills.
Poor boardroom awareness
Few executives in the modern corporation have the faintest idea what their risks are. Yet, effective security must be driven and managed from the top down.
Management dashboards that assist executives in understanding the risks their company faces and how these are being addressed have become indispensable. A dashboard is not necessarily a specific product, but an integrated, balanced scorecard approach to management.
This approach does not imply that management understands each problem area and its solution, but it is able to identify vulnerabilities, assign the appropriate people to deal with them and monitor progress.
Inability to recognise remote staff threat
Companies have no boundaries anymore. The days of the 1950s manager who lords it over staff who are all pretending to work hard is over. Technology allows people to improve their productivity and the business`s bottom line by staying out of the office without losing touch or becoming unmanageable.
But the benefits of remote work also lead to serious security vulnerabilities that must be dealt with. All communications must be monitored according to predefined rules derived from the security strategy, as must the corporate workflow.
Monitoring and control does not mean installing an anti-virus solution. The security needs of today`s corporation require greater control and restrictions over who sees and does what, while making it easier for remote employees to get what they need to do their jobs with seemingly no restrictions.
A security strategy is therefore a complex beast that requires a mixture of technology and skills if it is to deliver the peace of mind business requires. No company can be completely secure, but using technology will help to keep the security team on their toes when it comes to maintaining control over intellectual and data assets that are the lifeblood of a 21st century company.
* Amir Lubashevsky is director of Magix Integration.
Amir Lubashevsky is one of the founders and partners of Magix Integration. He is responsible for growing the company brand. This includes marketing, PR and sales, together with sourcing technology that complements Magix's core offerings. His marketing responsibilities include growing the company's relationship with various international suppliers. He was previously CEO of JSE-listed EC-Hold and also new business development officer of another JSE-listed company, MGX Holdings, which owned a substantial number of shares in EC-Hold. Exsol and Magic-SA were also co-founded by Lubashevsky and he jointly initiated and concluded the management buyout from MGX of Magic-SA, which later became Magix. He has worked in a number of different areas of IT, ranging from process control to computerised manufacturing. His interests include information risk management, integration and governance technologies. Lubashevsky has a diploma in practical computer engineering from Israel's University of Beer Sheva's technology faculty.