Johannesburg, 06 Mar 2013
The after-effects of the global recession continue to rock local businesses in 2013, forcing more dramatic IT budget cost cuts, among others. But going thin on IT security to save costs can put companies in serious jeopardy.
This is according to Dries Morris, Operations Director at local managed IT services provider, Securicom.
"Cyber fraud and espionage are serious threats to companies in South Africa and abroad. Over the past three years, incidents of hacking and IT-related fraud have increased and will continue to increase. Research by one of the world's top IT security vendors shows that a significant 70% of South African businesses fell prey to some kind of cyber fraud in 2011. It was probably much higher last year. We estimate that around nine out of 10 companies could be affected by cyber attacks this year, with mobile computing, hackers and insiders among the most critical threats.
"Many small businesses are cash-strapped and enterprises are hanging on to the cash they have. This scenario has hovered over us since 2009 and the economic downturn. Although companies consider cyber fraud important, downsizing in all areas including IT means IT security isn't getting the attention it requires and companies are becoming increasingly vulnerable.
"Hackers and cyber criminals are less discerning than they have ever been in terms of their targets, and we are increasingly seeing small companies, which simply cannot afford the knock, being attacked. If your business has an online presence, you are at risk.
"Companies need to carefully weigh up the costs of having decent measures in place against the costs of skimping on IT security and then falling victim. Aside from incurring potentially high financial losses, there is the threat to reputation, liability in terms of compliance, and compromise of intellectual capital," says Morris.
Protecting the integrity and privacy of company information is certainly becoming more challenging and more pertinent with cheaper, better bandwidth, and cheaper, smarter smartphones and tablets.
"More smartphones are expected to be sold this year than regular mobile phones, giving more people access to the Internet. Couple this with the growing trend of companies giving employees access to their resources via remote access or enterprise applications, and it's easy to see why managing mobile devices in the enterprise and protecting the data on those devices is going to become a big pain in the neck for business.
"If managed correctly from an IT and security perspective, mobile devices will save companies money, make employees more efficient and productive, and can even be used to drive profits. However, unmanaged as many are in the majority of enterprises, mobile devices not only threaten company data but also the success of the company's mobile strategy. Every unprotected device that connects to the network is a gateway to your data, and every device that has company information stored on it is a potential data leak risk," warns Morris.
He adds that the more Internet-enabled people there are, the more opportunities there are for unscrupulous cyber criminals. This makes everyone with an Internet-connected device and a Web profile vulnerable.
"Individuals are also targets of cyber attacks. In the past, most viruses were written just because they could be written; most were not intended to harm, but rather just spread and cause upheaval. Now, however, there is a really malicious element from new-age cyber criminals, intending to do as much harm as possible. Most of the time it is for financial gain."
He concludes: "All users of Internet-connected devices and computers must take adequate precautions to protect their information. Companies must put strict security measures in place such as Web security, endpoint protection, firewalls, mobile device security, and anti-virus and anti-spyware. The more layers of security there are, the more difficult it is for cyber criminals to access and compromise data.
"IT security must be seen as a critical business priority. If companies do not have the expertise to manage security themselves, they should consider an outsourced provider to do it for them. It is far more cost-effective in the long run."
Share