Mark McCallum, CTO, Orange Business Services
The number of cyber attacks being carried out globally is continuously growing, and has seen significant acceleration in the last five years. A recent study by PwC found that the number of cyber security incidents across all industries rose by 38% in 2015 – the biggest increase in the 12 years since the global study was first published. As hacking tools become simpler and easier to use, even the most amateur hacker is now able to deliver professional-level threats into targeted organisations.
Although South African companies are increasingly becoming targets for cyber attacks, many businesses are ill equipped to deal with the threat – having out-dated systems and strategies. Security firm Kaspersky Lab recently found that 7% of all South African organisations experienced a cyber attack in the last year, alone. Compounding the problem is a lack of qualified local professionals in the cyber security business.
Cybersecurity job growth is growing at three times the pace of other IT jobs, but according to ISACA over 84% of organisations believe that 50% or less of applicants for security jibs are qualified. Some businesses are experiencing delays of over 6 months to find qualified security candidates. Compounding this, many of those who are qualified or trained in this area are leaving the country.
On a positive note, we have seen that more and more businesses are becoming aware of the looming threats and are enquiring around ways in which they can protect themselves, which is a step in the right direction. While we appreciate that not all businesses have the budget to implement a full security solution, or even to have a security professional on their payroll, but there are still steps that even smaller businesses can take to minimise the risk of being hacked or breached.
It is important to find a partner or provider who can offer you the best solution, suited and tailored to your business model, as there is no “one size fits all” approach to security. The approach needs to take into account a business’ infrastructure, applications and data as these differ from business to business.
In a standard day, an employee may use their personal device to check email, use public applications to browse the internet and upload files like presentations to a public forum like Dropbox, make phone calls, use business apps via a public or private cloud and access their files and work from anywhere. This showcases the different areas in which security is essential; and the list will continue to grow as technology continues to evolve and change the business landscape.
Security needs to become a top priority in all businesses, no matter the size or industry in which they operate. Consideration needs to be given to how best to face security challenges, both long and short term, and processes need to be established for dealing with security related emergencies. The time for updating outdated systems, or implementing new ones, is now.