Across the region, organisations are now having to operate under extremely challenging conditions, characterised by low oil prices, currency fluctuations, and a delicate political ecosystem.
This has led to a prioritisation of projects, with organisations realising that they must now innovate and provide a superior user experience if they are to succeed in the face of aggressive competition.
As such, there has been a considerable increase in the number of organisations exploring, planning, and engaging in digital transformation, but for this to bear fruit, the implementation of best-practice security measures is essential.
“Cybersecurity is currently one of the top IT topics due to the continuous hacks, data thefts, and high profile breaches taking place,” Waseem Raza Ebrahim, Juniper Senior System Engineer, told delegates at the IDC IT Security Roadshow 2017.
“Cyber defence thus requires a holistic security approach that includes broader process and technology strategies, and to be better prepared and to decrease the probability of targeted breaches, future and potential threats need to be considered as well.”
As organisations across South Africa increasingly embrace connectivity, a new series of security vulnerabilities, challenges, and regulations are beginning to reveal themselves.
“Modern attacks are targeted, interactive, and stealthy, and after attacks such as Shadow Brokers and Wannacry, we’ve seen that the threat is now from the inside, yet most of our security is still focused on the perimeter,” said Gareth James, VMware Network and Security Specialist.
“Organisations need to adopt strategies to better manage their security posture. With multiple devices, policies, users, and optimized budgets, security is getting increasingly complex, but we have to find a way to create policies that are ready for cloud because that is the next big hurdle that awaits us.”
This increasingly complex threat landscape is piling yet more pressure on IT decision makers to re-evaluate their security strategies, develop dynamic policies, and create new synergies capable of enabling a secure, resilient, and compliant ecosystem.
Organisations also need to consider their investments into the human element of security, as phishing has become the top attack vector for cyber criminals.
“Breaches continue to occur in record numbers, identification takes an exorbitantly long time, and the most preferred target is an organization’s human assets,” said Mazen Halawi, PhishMe Sales Director.
Empowering human assets to provide vetted intelligence into your incident response teams is often overlooked. Every organization has these human sensors, and there’s a natural desire for these employees to want to help.
“Awareness is not the problem, as everyone knows about phishing. The problem is the ability to identify and report phishing emails and to improve this, you need to condition your employees” Halawi added.
“Every organization has these human sensors, and there’s a natural desire for these employees to want to help. Conditioning works, and your susceptibility level will go down as reporting goes up.”
Mimecast added that cyber security isn’t just a concern for the IT department. “In fact, every employee who accesses the cloud interacts with the Internet of Things or opens an email is an important member of your organization’s cyber security resilience team.
“Cyber security efforts must involve the entire organisation so you can advocate effectively for an awareness and training program, and make better decisions about executing such an initiative.”