The concept that an organisation can keep out all threats seems outdated. Is it time to accept that it’s just a matter of time before a breach happens, and plan for that?
Yes, absolutely. In today’s cyber environment, with such heightened risk, it is simply a matter of time before a business will experience a breach. This applies to businesses of all sizes, and across sectors. As a result, business leaders/owners need to take an entirely new approach to cybersecurity today.
Are businesses taking IT security as seriously as they take physical security?
It appears not. In the wake of incidents such as the Liberty hack and lesser-known phishing attacks that affect SMEs and mid-sized businesses every day, it is clear that SA business leaders are not properly addressing the threat. Arguably, IT security should be a top priority for every forward-thinking business leader. It requires time, investment, and constant awareness.
What new tools are there to combat cyber threats? Can artificial intelligence (AI) be of help in spotting threats?
One approach that is increasingly gaining traction relies on the concept of Zero Trust. In a ‘Zero Trust’ environment, the user’s authority is never taken for granted.
Also, Artificial Intelligence (AI) technology certainly represents a possible solution for companies shortly. With this technology, machine-learning algorithms can potentially “learn” what to watch out for on networks, and how to react to different situations. Moreover, AI systems will potentially free up time for tech employees by being able to ‘correct’ certain incidents when they occur…
Is it time for businesses to seriously consider cloud computing because of the security advantages they bring? i.e. The cloud provider takes care of security patches and keeps abreast of the latest threats.
Yes, there is certainly a strong argument to be made for cloud computing with regards to bolstering IT security. By partnering with the right cloud providers, businesses can rest assured that the necessary updates and security patches are being handled both professionally and rigorously. Smart cloud providers continuously stay in touch with security trends and developments and will advise clients of threats as they arise. That said: every business leader/owner still needs to inform himself/herself and employees of the latest threats – and conduct rigorous internal training and awareness programs, as well as testing, regularly.
Outside breaches grab the headlines, but are we losing sight of the threat a ‘disgruntled employee’ poses?
Yes. Recent research has shown that when you collate the incidents/breaches involving malicious and ‘inadvertent’ employees, you will see that they are far exceeding any other IT security threat that businesses face! According to the Ponemon Institute, when examining 874 incidents among companies, 568 were caused by employee or contractor negligence; 85 by outsiders using stolen credentials, and 191 by malicious employees and criminals. These were the results of its 2016 Cost of Insider Threats Study.
Some analysts have gone so far as to state that insider threats dwarf any other risk that companies face today.