The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users. With data being the most critical asset of any organisation irrespective of size and industry sector, there is also a greater degree of vulnerability to contend with.
Organisations are running their critical operations on emerging digital technologies, deploying more applications on more devices in more geographies than ever. This digital approach is also creating greater exposure to equally sophisticated levels of cyberattacks. A traditional approach towards cyber defence is no longer good enough. Instead, a higher level of protection is required to protect business-critical data.
Security spending is expected to reach $174,5 billion by 2022 as a result of digital transformation initiatives, regulatory compliance pressures, and the rising number of cyberattacks. This indicates that organisations are starting to pay more than lip service to rethinking their strategies when it comes to their defences as well as threat mitigation.
As part of this process, there are several elements to consider for cybersecurity to be more effective.
It all starts in the boardroom. Leadership must prioritise cybersecurity. But to do so, they must understand the extent of the problem. Fortunately, media reports about data breaches are helping raise awareness of the issue. Hopefully, it will become a key boardroom talking point sooner rather than later. As part of this, cybersecurity must be a business-wide priority. Even though cost-cutting initiatives are taking priority in difficult economic conditions, investments must be made in more effective cybersecurity measures.
Of course, this does not mean cybersecurity is only the priority of management. All employees must be held accountable, especially if social engineering is involved in attacks. This also necessitates better (and ongoing) education initiatives inside the organisation.
It is a widely-held belief that the most significant cyber breaches come from inside the business. Employees are careless with company data and untrained when it comes to cybersecurity principles, especially regarding their use of mobile devices.
IT departments must take a more active role in protecting employee devices, especially with so many organisations allowing for personal smartphones and tablets to be used at the workplace. This is where an end-to-end security approach that protects information and apps from the mobile phone to the data centre, whether it is on-premise or in the cloud, must be fundamental.
Moreover, security breaches can have a wider impact than initially thought. While damage to customer trust is significant in a highly competitive environment, do not underestimate the impact of lost confidential data, the impact on future revenue, as well as reduced staff morale can have on the company.
With the regulatory environment also evolving, care must be taken to ensure the company remains compliant with data governance. The financial implication (not to mention reputational damage) non-compliance can have is significant. To this end, every person in a company must understand that there are no exceptions to complying with security policies, irrespective of their position in the organisation.
IT departments must take charge in this regard and ensure the organisation remains ever vigilant. This does not mean cybersecurity policies are developed once and only reviewed annually. Instead, defences must adapt faster to reflect the agile environment of the digital landscape. This is especially true given the move towards cloud-based solutions and managed environments.
Cybersecurity is an evolving component that is key to business success in the connected world. It needs constant vigilance if the organisation is to mitigate the risk of having its data compromised.
© Technews Publishing (Pty) Ltd | All Rights Reserved