On Wednesday, 24 July 2019 Trend Micro and VMware in partnership with World Wide Worx released results of local independent security research. The State of Enterprise Security in South Africa 2019 reveals that businesses approach to IT security in a cloud and digital era needs to change dramatically as IT professionals are feeling the pressure.
Surveying IT decision-makers at 220 enterprises across all industries in South Africa, the study found that 31 per cent of businesses expected an attack with the year with 35 per cent expecting an imminent attack.
According to the study, just over half, 57 per cent, of businesses say they will detect evidence of a malicious breach within a few minutes. However, almost half of businesses (43 per cent) won’t know they’ve been compromised until a few hours or longer after a security breach. Such businesses may be in for a big shock. Ransomware and other file destroying malware may corrupt almost every file on a user’s computer within a few hours, which means any response would be too late.
The survey shows a disconnect between who would be aware of data breaches and who should be aware of data breaches. Over a third of IT decision-makers (36 per cent) reported that the IT department would be the most aware of the actions to take after a data breach, while over half of IT decision-makers (54 per cent) reported that their Chief Information Officers should be the most aware of how to navigate the organisation after a data breach.
“We were astonished when we found that CIOs don’t lead the organisation’s response to a data breach,” said Lorna Hardie, Regional Director Sub-Saharan Africa at VMware. “This finding shows that organisations still have a long way to go in terms of connecting a CIO’s strategy to that of the IT department.”
The biggest shortcoming in cybersecurity preparedness was outdated software, with an enormous 77 per cent of IT decision-makers reporting that it makes their organisations highly vulnerable. In terms of additional vulnerability factors, senior management not understanding the risk slots in close behind, indicating a massive need for education and a need for a new approach to security, where it is an intrinsic part of the systems deployed by
“All of this then leads us to imagine that the IT departments must feel under siege, yet they are supremely confident in their ability to protect companies,” says Arthur Goldstuck, managing director of World Wide Worx. “Any question relating to their capacity and capability is met with resounding confidence, suggesting that they are either over-confident or supremely arrogant. At best, we would say that they don’t want to be perceived as falling
down on the job and can cope regardless of the obstacles in their way and the threat out there.
“Although 99 per cent says they are confident about protecting the company, the picture disintegrates when asked if they have the skills to do so. Almost half- 45 per cent – agree that they don’t have the skills to protect the company, this disconnect suggests overconfidence in their ability to protect the business,” adds Goldstuck.