Security and protection of an organisation’s critical resources – data, documents, databases, networks and systems – is no longer the sole domain of IT and security professionals. It has been elevated to the boardroom because of its importance in a world where people no longer just work in an office.
Now, the ‘office’ is everywhere, facilitated by the cloud and connected devices that mean people can connect with each other and the resources they need from anywhere and at any time.
This, of course, means the risk of a breach or attack is significantly higher, as bad actors target individuals on home or public networks that are not typically as secure as corporate networks, and who often do not have the requisite training or skills to recognise increasingly sophisticated and well-hidden threats.
So how can organisations protect themselves and govern sensitive data against evolving and ever more sophisticated threats?
Nevan Pillay, Senior Security Specialist at Microsoft South Africa, will be presenting on: “How to protect and govern sensitive data” at the ITWeb Security Summit 2022, to be held at the Sandton Convention Centre from 31 May to 1 June.
The threat landscape is now wider and deeper than ever before: a recent study showed that 79% of South African businesses have experienced an increase in cyber security threats since people started working remotely.
Nearly three-quarters – 74% – of the country’s businesses said e-mail attacks like phishing and spam was the biggest threat, and this was identified as one of the top four concerns around cyber security in 2021. The others were data breaches including data extortion, data leakage and data disclosure, web application/web-based attacks and confidential information stored in public cloud services.
An IDC Cybersecurity survey commissioned by Microsoft confirmed data leakage as one of the top two security challenges facing South African businesses, with 38% of business and security leaders noting information leakage to unauthorised parties as their top challenge. The top concern is also suffering a breach, with 50% worried about both immediate consequences and the potential inability to mitigate risk.
Business leaders have made these their current top security priorities accordingly. The IDC survey found that 76% of business leaders in South Africa view social engineering as their top priority, followed by 75% identifying protecting their own data and intellectual property as a priority and 74% prioritising protecting customer data.
Rethinking security in the era of the cloud and remote work
This shows that businesses in the country are taking security seriously, with the IDC research showing that 82% of South African businesses have at least formulated and partially implemented a cohesive security strategy – but ultimately they need to rethink how they approach security altogether to effectively protect against attacks like these.
“The traditional, perimeter-based approach to security likened it to home security – so even as people employ security companies as an additional level of security for their homes, they still need to take responsibility for securing their house by closing windows, locking doors and putting up electric fences. For businesses, this meant putting up firewalls and using anti-virus solutions, among others,” says Colin Erasmus, Modern Work and Security Business Group Director at Microsoft South Africa.
But in the age of the cloud and remote work, where ‘home’ sits everywhere and the network the way we knew it doesn’t exist anymore, this approach is no longer enough.
“Businesses need to take responsibility for securing their entire environment end-to-end in terms of identity and access management, threat protection, information protection and cloud security,” says Erasmus.
This means: not only investing in the most up-to-date automated and intelligent tools and solutions to build layers of security that will protect the organisation’s data, apps, databases, networks and systems – but also in skilling and training people to keep pace with new types of attacks from multiple different vectors. People, process and technology need to be in harmony to enable real-time monitoring, threat detection and incident response.
“For growing numbers of South African businesses, this means adopting the zero trust model. It means trusting no individual or system, needing to explicitly verify their identity using least privilege access to give them access only to what they need, for as long as they need it, and always assuming breach,” says Erasmus.
Businesses that have already adopted this model in South Africa and globally have been found to be more resilient, responsive, and protected than those with traditional perimeter-based security models: 96% of business leaders and security decision-makers say it is critical to their organisation's success, and say that adopting this principle will remain the most important security priority for at least the next two years, particularly as a tool to help facilitate the shift to a hybrid workplace post-pandemic.
During his presentation, Pillay will examine how adopting the zero trust principle, and investing in the people, processes and technology needed to make security more proactive, intelligent and end-to-end, is increasingly going to serve as a competitive advantage for businesses in South Africa.
Security is effectively becoming an enabler of transformation so that businesses can adapt to ongoing change.
Share