By Simon Campbell-Young, CEO, Intact Software Distribution

Although the vast majority of businesses today are aware of the dangers of cyber crime, too many acknowledge that they are not really effective at preventing breaches and other security events, and are not confident in their ability to recognise that a breach is taking place. Security, and how to improve it, remains at the top of the Directors’ list of priorities.

Simon bwThere are a number of problems facing organisations who are trying to improve their security posture. The first that comes to mind, is that too many organisations rely on their own security teams to test their security solutions. Very few have the ability to conduct proper penetration testing to the level where it can truly identify any vulnerabilities in the security chain. Businesses need to rely on outside experts, whose sole function and area of expertise is to perform these tasks. Pen testing, threat intelligence analysis, thorough security audits - these should be left to the experts.

The next issue is that security isn’t keeping up with the pace of big data and digital transformation. As businesses embark on a digital journey, creating massive data silos, moving to the cloud, and harnessing the power of social media, analytics and the Internet of Things (IoT), they are exposing themselves to a slew of new risks they are unprepared for. As businesses change, so does the threat landscape. Unfortunately, security solutions and strategies aren’t keeping up. They need to adapt security strategies to meet these changes.

Businesses are unprepared, and don’t have real idea of what the implications of a breach could be. Companies rely heavily on technology these days. A successful breach could shut down the business for a few hours, or a few weeks, depending on how ready it is to handle the crisis. A business needs to understand what the implications of a breach really are, including financial, legal and reputational. Once they have a grip on this, they need to decide on their ‘appetite’ for risk, and allocate security resources appropriately.

And this can’t happen unless they truly understand what data they have, and where it resides. An organisation needs to classify its data sets, and decide which is the most valuable or sensitive data, and protect those data assets first. Data such as intellectual property, proprietary company data, customer data and financial data needs to be guarded first, and most carefully. Further to this, they need to ensure the principle of least privilege is enforced, and keep up to date with who has access to what, bearing in mind shifts among staff in the business.

Another reason companies fail at security is because they do not have a proper crisis management strategy or plan in place. They are simply not prepared, and should a security event occur, they have no idea where to start, or what to do. A plan must be formulated, and all parties involved need to be fully aware of what their role is, and in what order the steps must be carried out. All parties and stakeholders involved need to work together, to design a plan that flows and works in the event of a breach. There are legal ramifications too, and certain obligations in terms of disclosure, and notifications should sensitive data be exposed.

Throwing money at security solutions doesn’t solve all the problems. Being cyber resilient isn’t about having the top tools and solutions in place alone. It’s about backing up products with other measures to fully cover the business in the event of an incident.


African Fusion

AfricanFusionAfrican Fusion, the official publication of the Southern African Institute of Welding (SAIW), aims to provide up-to-date insight into welding technology and the welding industry.

Capital Equipment News

Capital Equipment News is dedicated to the application of equipment and modes of transport that are used in the mining, construction, quarrying, and transport industries.

Construction World

ConstructionWorldConstruction World was first published in 1982 and has grown to become a leader in its field, offering a unique mix of editorial coverage to satisfy the diverse needs of its readers.

Electricity + Control

ElectricityandControlE + C publishes innovative, technical articles that provide solutions to engineering challenges in measurement, automation, control, and energy management.

Lighting in Design

LightingandDesignLighting in Design is a glossy, upmarket publication aimed at lighting professionals. It is the only B2B magazine in SA that is dedicated solely to the subject of lighting.

MechChem Africa

MechChemJanuary2017cover MechChem Africa supports African engineering and technical managers across the full spectrum of chemical and mechanical disciplines.

Modern Mining

ModernMiningEstablished in 2005, Modern Mining is one of SA's leading monthly mining magazines, noted for the quality and accuracy of its writing and the breadth of its coverage.

Modern Quarrying

ModernQuarryingModern Quarrying is firmly entrenched as a leading industry-specific magazine. It focuses on promoting the science and practice of quarrying and processing in southern Africa.

Sparks Electrical News

SparksElectricalNewsReadable and informative, Sparks Electrical News is the newspaper for those involved in installing and maintaining electrical supplies and equipment.

Full Name*
Invalid Input

Company Name*
Invalid Input

Your Email*
Invalid Input

Invalid Input

Postal Address 1*
Invalid Input

Postal Address 2*
Invalid Input

Postal Code*
Invalid Input

Street Address 1
Invalid Input

Street Address 2
Invalid Input

Postal Code
Invalid Input

Town / City*
Invalid Input

Invalid Input


Invalid Input

Invalid Input