Mid 2016, VMware in South Africa partnered with market research agency World Wide Worx to poll 103 IT decision makers in companies with 500+ employees in the country, speaking specifically to the security concerns facing their business. Based on the results of this research in particular, the sudden condemnation of the WannaCry cyberattack from the weekend does come as somewhat of a surprise.
“In the research almost half (49 percent) of South African ITDMs said they believed their organisation is vulnerable to a cyber-attack, while almost a fifth (16 percent) of businesses expected a serious cyber-attack to hit their organisation in the next few days. It may have been longer than a few days for WannaCry to hit, but it is shocking that only 16% believed that the threat was closer than others expected,” says Gareth James, SDDC, Network & Security Specialist at VMware Sub Saharan Africa.
According to James, it shouldn’t surprise any organisation that they will be attacked, with nearly a third of businesses recognising they expect to be hit. BUT, mitigating risk and localising an attack quickly is essential.
Modern security technology techniques that carve IT systems and networks into contained and managed security domains are critical to ensuring that when the bad guys do break into systems, the impact does not permeate across the whole business or network.
Today’s technologies such as virtualisation network security protect a business from the inside out, embedding security controls inside the network and closest to the workloads thus stopping the lateral spread of ransomware within a company once they have breached the perimeter. Think of a locked hotel room with the virus unable to breach the whole hotel – just one hotel room.
“We still have a massive bridge to cross with cyber security. Our research showed that almost a fifth (16 percent) of ITDMs do not believe their Board or C-Suite provides the right amount of attention to cyber security issues. Astoundingly, 52 percent of respondents stated that there either is no plan within their overall business strategy for addressing a security breach, or that only a small part of their organisation is aware of there being one,” says Nick Black, Regional Manager South Africa Inland at VMware.
“The reality is that businesses must be in a position to respond quickly should an attack occur, to ensure it is quickly contained, efficiently controlled and effectively communicated. It is also cheaper and more effective to invest in education and prevention than in retention of customers and employees post-attack. So businesses must make employees part of their prevention efforts by educating them about security policy and practice,” ends Black.