The Big Change

Subscribe by email

Subscribe by rss

The Big Change Feed What is a RSS feed?

Why IT security doesn’t get the attention it deserves

By Dries Morris

Director, IT security consulting and management company Securicom

Despite the alarming rates of financially-motivated incidents of cyber crime and the legal and reputational ramifications associated with the theft of vital, confidential business information, security has always received a lower priority than other aspects of IT and is considered a grudge purchase.

Perhaps it’s got something to with the fact that companies are blissfully unaware of the potential threats that come with having an internet presence. Perhaps the high cost of IT security software in the past has made it unaffordable to many businesses. Either way, companies don’t seem to see the need to invest in their IT security until it has been breached.

The dilemma is that those companies that have been breached don’t like to advertise the fact for obvious reasons, so no one gets to hear about it. As a result, very few have a real sense of just how vulnerable their companies are or, just how devastating an attack on their network or a security breach can actually be to their business.

For instance, a well placed piece of malware, such as a system monitor, can collect enough information about a company and the intellectual property belonging to it that it can end up forcing the business to close its doors.

It is not uncommon for a cyber criminal, even in South Africa, to hold a company hostage using these technologies.

And yet, many don’t even know about it.

It’s therefore up to IT security companies and security software vendors to educate businesses about the potential threats and to provide workable, viable and affordable solutions to assist them with protecting their intellectual property. The use of affordable turnkey solutions will also have a positive impact on the acceptance of such technologies within the marketplace.

It is also vitally important that companies have a proper security policy and strategy in place. These need to be enforced by dedicated resources, who can monitor and manage the security environment around the clock using the most appropriate, best-of-breed technologies.

Organisations that don’t have the necessary skills, resources or “know-how” in-house can partner with a specialist security provider that will assess their specific requirements and advise them on selecting and implementing the best possible solutions, as well as a security policy.

Not all companies need the same protection as the risk profiles of companies differ substantially. Only through proper assessment by trained professionals can a solution be prescribed and implemented to suit the specific need of the client.

Unfortunately, even with the most advanced and effective security solutions in place, companies are still at risk and their own employees are one of the biggest threats to their IT security. That’s why IT security should be elevated to be the concern and responsibility of every single person who has access to information technology within an organisation to ensure the security of the environment.

Here it is up to the companies themselves to ensure that their employees use the Internet and e-mail responsibly, and that they understand the risks associated with e-mail, downloading files and applications from the Internet, accessing unsafe web sites via spam messages, Internet browsing and giving-out their personal details over the Net. If they don’t, employees unwittingly, or even knowingly, open-up company networks to a range of very serious threats such as spyware and malware, to name but two threats.

Once again, education is the key.

At the end of the day, it is imperative that security be seen as a multiple layer implementation. Once the perimeter has been secured, then the company can start addressing the individual internal components. The basis of all of this, however, has to be a solid security policy, which will be used as a framework to ensure compliance and synchronisation between the different layers of protection.

And, most importantly, everyone at all levels of an organisation should participate in the security strategy.

(for more information, contact Mandy Prowse by e-mail or at PR Talks on (011) 794-8999

No comments yet. Why not say something?

About

The Big Change is a business strategy blog and newsletter published by Arthur Goldstuck, managing director of World Wide Worx, a leading technology research organisation based in Johannesburg, South Africa.

Read more ...