And employees just might be the weakest link
By Matthew Kibby, Regional Director, Sub-Saharan Africa (SSA)
A recent research study, undertaken by VMware and World Wide Worx among local IT Decision Makers (ITDM), uncovered some awkward and concerning truths about enterprise security. Most telling among them is that 49% of South African ITDMs believe their organisation is vulnerable to a cyber-attack, and they’re not wrong either.
Our increasingly digital world with its progressively more mobile workforce is bringing more pressure to bear upon enterprise security than ever before. Yet even as security measures become more sophisticated, so too do the technologies used by cyber criminals to breach those defences. To the extent that most ITDMs don’t believe they are able to do enough or move fast enough to stay ahead of security threats. Indeed, the study revealed that 30% of IT leadership anticipate a major security attack on their firm in the next 90 days, while 16% expect one in the next few days.
What’s more concerning still is that despite this hyper threat-awareness among ITDMs, the research revealed that 8% of organisations won’t even detect a cyber-attack before 24 hours have passed, 2% will never know one happened at all, and 23% will detect it within an hour of it taking place. Even the best-case scenario really isn’t that great. A lot of information can be stolen, systems compromised and damage done within an hour.
Of course the answer is that security must necessarily continue to adapt and evolve at a frankly head-spinning rate in order to stay ahead of threats, but as challenging as that requirement is, the greater challenge is to achieve security compliance among employees. It’s an educational process that must be undertaken and successfully achieved if the organisation is to have the slightest chance of success in its security endeavours. Without a deep understanding of the dangers of security threats to the organisation and an appreciation for the value of the security protocols in place, many employees will continue to duck and dive the responsibility of jumping through the necessary hoops and over the requisite hurdles.
Don’t believe your employees aren’t following protocols? Think again. The study revealed that fully one-fifth of all employees are willing to breach security!
Of additional concern is that when security breaches do take place, only 43% of South African enterprises have a plan in place to mitigate and recover from that attack, just 40% said the entire business knew of the plan, and a fearful 10% either didn’t have a plan at all or simply didn’t know if one existed.
Information is the new currency in our digital age and nobody is more aware of that fact or of the value of this currency than cyber criminals. The long and the short of it then is that enterprises must lock up their information more securely than Fort Knox, and every employee must assume the additional responsibility of playing security guard to that information.