Enterprise security isn’t allowed time off. It doesn’t shut down at 6pm and go home. It has to stay active and ready every moment of every day, writes MATTHEW KIBBY, Regional Director at VMware Sub-Saharan Africa.
Security has evolved into an almost living entity which has to adapt to new circumstances and challenges on an ongoing basis. It is also one of the least understood and often most ignored part of the business with many employees finding the rules and regulations tedious and annoying, things to be dodged and avoided rather than understood and adhered to. These attitudes to security have to change, especially as the threats continue to loom large on the enterprise horizon.
Organisations are, quite simply, becoming more and more vulnerable. Expansion into digital territory, commonplace cloud solutions and employees traversing globe and country with digital devices – all these factors impact security and its validity. So does the fact that most of the technology and mechanisms used by cyber-criminals are becoming increasingly sophisticated and most IT decision makers (ITDMs) don’t think they can keep up. In fact, most are concerned that the threats are moving faster than the defences.
Recent research undertaken by VMware and World Wide Worx with local IT Decision Makers, found that 30% of IT leadership anticipates a major attack on their firm within the next 90 days, a more worrying 16% expect one in the next few days. These statistics are compounded by the fact that 49% of South African IT decision makers (ITDMs) believe their organisation is vulnerable to a cyber-attack.
It’s not surprising to see why – for the research also showed that 8% of organisations won’t detect a cyber-attack unless 24 hours have gone by, 2% won’t realise one has happened at all, and 23% will take around an hour. In just that short period of time, information is gone and systems are compromised. And reputations may lie in expensive tatters.
The challenges around security are not only driven by digital business complexities and a growing mobile workforce – there is a dearth of robust security protocols which are known and adhered to by everyone. There needs to be more awareness around what security solutions are in place and what needs to be done across the organisation in an event of a breach. The survey found that 43% of South African enterprises had a plan in place, but that only part of the company was aware of it. Only 40% said the entire business knew of the plan and a nervous 10% either didn’t have a plan or didn’t know one existed.
While the 40% may well be ready and waiting for the daring cybercriminal to launch an attack, the rest are not. This is compounded by further research which revealed that one-fifth of employees are willing to breach security and those who are untrained or careless are the biggest threat. It is time for the business to drive compliance across the organisation and to ensure that the rules and regulations around security are clear, concise and accessible.
It is essential that the business develops strategic initiatives to combat threats to security, both internally and externally, and shows employees why these are of value. Take that dusty tome out of the drawer, get it up to date and get everyone on board. Even that guy in the C-Suite who thinks the rules don’t apply to him. They do.