The shuffling feet and the groaning voices echoing in the virtual dark of the organisation are not the zombie apocalypse. No, the moaning shouts of pain are the soundtrack of the cyber security conundrum. Where business leaders remain in the dark, scratching for insight into the real issues behind the security warnings and IT decision makers wave wildly on the other side of the room, desperately trying to get someone’s attention. In spite of consistently worrying outbreaks, statistics and attacks, cyber security remains plagued by a lack of understanding, limited internal resources, poor planning in the event of a breach and no cross-silo communication.
A recent survey by VMware found that organisations are under increased risk of serious cyber-attack with almost one fifth of IT decision makers (ITDM) in South Africa expecting to be hit within the next few days and 49% believing their organisation is vulnerable to an attack. These are scary figures made even scarier by the fact that 52% of respondents felt there wasn’t a plan in place to address a security breach, and that only a small number of people within the business even knew such a plan existed. In fact, the research found that 43% of organisations which have a plan in place only have a few people aware of its existence and 10% either don’t have a plan or don’t know of one.
Added to this, there is a perception among IT decision makers that their board or C-Suite does not pay the right amount of attention to cyber-security and the issues which surround it. There is a reason – senior management doesn’t know how much of an issue it really is.
While IT experts can assess the threats and challenges without breaking a proverbial sweat, they need to communicate these more clearly. IT has to sit down and explain security birds and bees to the C-Suite so that all parties can come together to ensure there is planning and prioritisation around cyber security. It is a topic which must become a standard feature of the boardroom agenda and the IT decision maker is responsible for putting it there.
The survey found that many ITDMs were as guilty of not prioritising the cyber security story as the C-Suite thanks to limited budgets and allocation being pulled back across a number of silos. This included 23% cutting on mobile security, 18% reducing spend on threat monitoring and 24% dropping the budget on encryption investment. In light of the current economic conditions and a market that redefines the concept of mercurial, flat budgets are expected, but security has to remain a priority as the cost impact of a breach can be astronomical.
Budget constraints aside, security breaches are already significantly outpacing the amount spent on security. Ad hoc approaches to solutions are no longer capable or prepared enough to cope with the cyber onslaught. The statistics bandied about in media and research papers are all telling the same tale – cybercrime is rising, it is more organised, it is more targeted and nobody is sacrosanct. Every organisation, from the small business to the enterprise to the mega-conglomerate, is vulnerable to an attack.
The ITDM has to turn on the lights so the C-Suite can see what they’re up against and provide them with the right levels of support. Protecting critical assets and company reputation must remain a discussion point for both business and IT leaders and plans have to be put in place to ensure the organisation, from the top down, is aware of what needs to be done in the event of a breach.