14 Apr 2016

Johannesburg – While the threat of cyberattacks continues to grow, the latest insights from International Data Corporation (IDC) suggest that many organizations in South Africa are struggling to get even the basic safeguards in place in order to protect their infrastructure and data. The global technology research and consulting services firm has identified this as an area of pressing concern ahead of its upcoming South Africa CIO Summit at Emperors Palace in Johannesburg on April 21–22.

"Organizations are at risk all the time because hacking can come from anywhere, and for that reason IDC encourages businesses of all sizes to put practical security measures in place so as to ensure the safety of their data," says Jon Tullett, a research manager at IDC Sub-Saharan Africa. "A system hack can come from an external source or, sometimes unknowingly, your own employees. A deliberate hacker will also try multiple ways of getting into the company's system. Therefore, CIOs need to invest more in educating the organization about security, rather than just the products and applications of security."

"There are numerous ways in which organizations can protect themselves," says Tullet. "First, they must learn which cybercrimes are currently most common, and familiarize themselves with the vulnerabilities that cybercriminals are trying to exploit. The different techniques include phishing, malware, and system hacking, and if IT leaders know which cybercrime attempts are most frequently made on their networks, it becomes much easier to educate employees on the matter."

The next step is for CIOs to ensure every staff member takes cybersecurity as seriously as their physical security.

"It is crucial for staff to understand how easy it is for hackers to download simple hacking tools to tap into their internet sessions, server searches, and downloads to track their usernames, passwords, social media and email accounts, and even their bank details," says Tullet.

CIOs should develop a protocol on cybersecurity for everyone in the organization to follow and should be able to detect when company data is being abused. More importantly, they need to educate employees on the importance of strong passwords, regular password changes, confidentiality protocols, and data protection.

"The biggest investment for cybersecurity is in the effective use of the security measures that have been put in place to ensure that every member of staff, supply chain, and all who have access to the company's data understands how to protect themselves from any kind of attack," explains Tullet. "And while CIOs cannot prevent staff from accessing data from the server completely, they can do a lot when it comes to preventing damage to the server itself."

The implementation of a proper strategy and action plan will govern how cyberattacks within the organization are dealt with and, ideally, it should be rehearsed as you would a fire drill. Tullet warns that employees and customers should also become more security conscious when it comes to transactions they make on the internet while connected to the organization's network.

Tullett adds that while the CIO remains the primary leader of technology decisions, the rising influence of lines of business (LoB) also impacts on security.

"CIOs must keep this influence and potential technology purchases in mind while developing their security strategies to ensure there are no gaps that leave the organization vulnerable to attack."

All of this, and more, will be discussed in detail during IDC's South Africa CIO Summit 2016. The two-day conference will present an in-depth analysis of the latest trends currently shaping the South African ICT market, focusing on key CIO priorities such as enabling the process of digital transformation, creating business value through the Internet of Things (IoT), and managing the implications of a constantly evolving cybersecurity landscape. The agenda will also include a number of vertical-focused tracks, enabling attendees to customize their experience so that it directly addresses their individual needs.