Cyber complacency is real

April 2018 Editor's Choice, Information Security

CA Southern Africa has announced that Veracode has released new research, revealing the widening gap between software creation and software security, with the rush to innovate outpacing the urgency to secure the process.

The ‘Securing the Digital Economy’ report highlights how investment in software and digital transformation is rapidly accelerating, with around one in five business leaders indicating that their software budget had increased 50 percent or more over the past three years to support digital transformation projects. However, the increased software development investment has not translated to greater security budgets or awareness of the security risks insecure software introduces: only 50 percent of business leaders surveyed understand the risk that vulnerable software poses to their business.

CA Veracode commissioned YouGov to survey 1403 business leaders across Britain (653), the US (506) and Germany (244) about their company’s digital transformation initiatives and understanding of cybersecurity. The polling was conducted online over a nine-day period between September 25 and October 4, 2017.

The report indicates that 25 percent of all business leaders surveyed in Britain and US report that they do not understand any of these common cybersecurity threats:

• Vulnerable software.

• Ransomware.

• Vulnerable open source components.

• Phishing attacks.

• Malicious employee activity.

• DDoS attacks.

Not aware of high-profile cyber-attacks

The lack of understanding around cyber risk may be attributed, in part, to a lack of awareness of successful cyber-attacks and their causes. Because business leaders are unaware of either the breaches themselves or the underlying causes, they are not compelled to learn about or defend against similar threats their company could face. For example:

• Despite being highly publicised and causing several high-level executives to lose their jobs and the ex-CEO being forced to testify to the US Congress, only five percent of all business leaders surveyed indicated the Equifax breach prompted them to rethink their current business’s approach to cybersecurity;

• Only one-third of business leaders surveyed had heard of the global WannaCry ransomware attack, although awareness was greater among British business leaders at 40 percent. Just one in 10 reported it led them to rethink their approach to cybersecurity;

• Fifteen percent of business leaders surveyed in Britain and 19 percent of German business leaders had not heard of any of the high-­profile cyberattacks listed in the survey, while just under half of all US, GB and German respondents reported cyberattacks have not led their current business to rethink or update their cybersecurity approach.

We are seeing some shift in awareness, of the 33 percent who indicated that a cyber-attack on another company had led their business to rethink its approach to cybersecurity, many have either taken steps to improve their software security or plan to over the next 12 months.

More than one-third (34 percent) have or will over the next 12 months, start scanning or already scan more regularly for vulnerabilities in software; while one-fifth either have or will set security thresholds for software built by third-party providers and for all commercial out-of-the-box applications (22 percent and 20 percent, respectively).

While there may be some shift in awareness, not all business leaders have woken up to the risks of the evolving cyber threat landscape. One-third of business leaders surveyed revealed that they plan to take no new steps to improve their organisations’ overall cybersecurity in the next 12 months.

“Digital transformation presents both massive opportunity to innovate and significant security risks, with 77 percent of applications having at least one vulnerability when first scanned, which could be exploited to inject ransomware or steal data,” says Jaco Greyling, chief technology officer, DevOps solutions, CA Southern Africa.

Many business leaders have yet to fully grasp the most common cyber threats to their business, nor are they keeping up with some of the most catastrophic cyber events of our time. We need to bridge this disconnect between business leaders and the cybersecurity threat: without greater awareness of the threats and what is needed to defend against them, their company could easily be the next headline.”

Executives will act when you talk about the personal risk

While high profile breaches do not in themselves prompt great change in behaviour, when confronted with the possibility of personal accountability in the event of a breach, executives are more likely to take action. More than a third of the business leaders surveyed said the personal risk to executives outstripped compliance as a driver for board members.

Articulating the potential brand damage for senior executives from a data breach and the risk to their job security, was recommended by 38 percent and 35 percent of business leaders surveyed, respectively, as a way to engage a board on cybersecurity, compared to just 29 percent who suggested that highlighting the potential fines of data protection regulations, like GDPR.

Download the Securing the Digital Economy report at https://info.veracode.com/securing-the-digital-economy-survey-report-resources.html, or view the report infographic at https://info.veracode.com/securing-the-digital-economy-infographic-resources.html.

For more information, contact CA Southern Africa, +27 (0)11 417 8594, [email protected]





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Read more...
Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

Read more...
2024 Southern Africa OSPAs winners announced
Editor's Choice
The 2024 Southern Africa Outstanding Security Performance Awards (OSPAs) winners were revealed on Tuesday, June 11th, at the Securex South Africa Seminar Theatre hosted by SMART Security Solutions.

Read more...
AI and ransomware: cutting through the hype
AI & Data Analytics Information Security
It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it.

Read more...
Resident management app shows significant growth
Editor's Choice
My Estate Life is a mobile app for residents and managers in housing estates and buildings. Its core aim is to be an easy gateway for residents to manage visitors and staff, and to communicate and administer general property in a simple interface.

Read more...
Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Read more...
NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Read more...
The future of digital identity in South Africa
Editor's Choice Access Control & Identity Management
When it comes to accessing essential services, such as national medical care, grants and the ability to vote in elections to shape national policy, a valid identity document is critical.

Read more...
Do you need a virtual CIO?
Editor's Choice News & Events Infrastructure
If you have a CIO, rest assured that your competitors have noticed and will come knocking on their door sooner or later. A Virtual CIO service is a compelling solution for businesses navigating tough economic conditions.

Read more...
AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Read more...