Cyber security policy implementation lags
IT decision-makers at large companies prioritise communicating their cyber security policies over actually enforcing the policies to employees.
This is according to a research survey that was released by Clutch, a US-based business-to-business research firm.
The company interviewed more than 300 large organisations, which employ more than 500 people, on the state of cyber security and how they address both internal and external cyber security risks.
According to the research results, 47% of the respondents described their organisation approach to enforcing cyber security policies as "strict", while 52% described it as "moderate" and "fair".
The survey further found 94% of the surveyed businesses have a cyber security policy, with most common topics required including security software (84%), how to back up data (81%), how to detect scams (79%), and how to report security incidents (78%).
"The security measures large businesses include in their cyber security policies reflect overarching security concerns such as data loss and data theft. These are top areas of cyber security concern and are issues that investing in security software and data backup address," states the report.
"Our results also show e-mail phishing is the most common security threat (57%) in companies, while only 21% reported a ransomware attack on their company in the past year."
A cyber crime report from Norton indicates South African companies have similar challenges. According to the 2016 Norton Cybersecurity Insights Report, 84% of adult South Africans who are online report they experienced cyber crime in their lifetime.
"Computer viruses/malware make up the biggest portion of cyber crime in South Africa and the rest stems from online scams and phishing e-mails," the report stated.
Raymond du Plessis, managing consultant at Mobius Consulting, says the ever-changing threat landscape means cyber risk must become a priority for all companies.
"Businesses should develop an approach to technology implementations that takes into consideration aspects of people, processes, governance and change management that are required to ensure the implementation becomes an organisational success, not only a technical success."
Security firm Mimecast says advanced security strategies can be expanded within an organisation. "Strategies should engage all departments and levels, create a continuous awareness and training programme, and leverage technology solutions for training to be successful."
In 2016, South Africa ranked at number 58 in the list of the 117 countries suffering the most cyber attacks. In less than a year, SA has jumped up to the 31st most attacked country, losing around R50 billion to such attacks.