Opportunity and danger
Almost all companies are computerized. In fact, many organizations have dropped the “digital” word from their lexicon, because it is assumed that if it’s business, then it’s also digital. There is no doubt that digitalization has brought agility, new revenues, and has cut costs, but with increasing digitization the danger is growing. In South Africa there are 110 million cyber-attacks per month. On average 140 days pass between a cyber-infiltration and the detection of the threat. And given our dependence on technology, the impacts could be catastrophic. It’s time to get serious about security.
And regulations are also getting serious. In Europe the GDPR (General Data Protection Regulation) was enacted this year. Non-compliance is expensive – either $25 million per data breach or 4% of your annual revenue (whichever is more). In South Africa the PoPI act (Protection of Private Information) act was promulgated in 2013, but so far only a few elements have been enacted. Estimates are that the full act will be in effect within a year.
Finally, the average person owns 3.2 connected devices. And they want to use these to access your products and services, and your staff want to operate in your business from these devices.
There are four types of security you need to be concerned about:
- Identity and Access management – identify people, protect their identity, and define what applications can people or groups can get access to;
- Threat protection – proactively protect against malware attacks and hacking, and respond to threats when they are detected;
- Information protection – understand and classify data so that you can protect against data leakage (the unauthorized transmission of your data) and ensure compliance.
- Enterprise security management – centrally monitor and manage the security of the enterprise-wide assets
All the above forms of security must of course encompass desktops, laptops, mobile phones and tablets, and must secure staff wherever they are and whenever they work.
Here’s some stats:
- Identity and access:
- 81% of hacking related breaches leverage either stolen or weak passwords
- 73% of breaches are financially motivated
- 66% of malware was installed by email attachments
- Threat protection: (This is where intelligent people are actively trying to breach your security)
- 33% of breaches are web app attacks
- 17% are cyber-espionage
- 16% are privilege misuse
- 13% are miscellaneous errors
- Information protection:
- the cost incurred for each lost or stolen record of sensitive data is R2100
- the average cost of a single data breach can be R50 million
- the sources of security incidents perpetrated by employees is high
- Enterprise security management:
- Very few organizations say they have very mature security management, with network security being the most mature (12%, followed by host security, business continuity planning and DR, and a policy and security standards framework.
The numbers are frightening, and the corporate response is inadequate – we can expect the costs to escalate.
Some CIOs might expect to resolve these issues with Microsoft 365 – which differs from Office 365 in that it includes security at all levels described here.
However, this may not be the optimum approach. It is easier and more focused to look at what your staff do and how they work, and then select the specific tool that you need to address those circumstances. For instance, if you want to manage mobile devices and applications you would use Enterprise Mobility + Security, Mobile device management for Office 365, and Intune. If you wanted to safeguard and manage staff identities, you would use Azure Key Vault and Azure Active Directory. There are 38 products in the Microsoft suite that deal with security, and depending on what you want to do, how you work and what risks you believe are manageable, you could end up using fewer products than are present in the entire suite of products.
Get help.
A professional team who know the products and how they work will take you through a process to decide exactly what you need based on your business and how it operates. The discussion must be business led, rather than technology driven.
The danger is demonstrable. Your reaction must be measured. But you must react.
Takeouts:
In South Africa there are 110 million cyber-attacks per month
Given our dependence on technology it’s time to get serious about security
The average person owns 3.2 connected devices – which they want to connect to your systems
81% of hacking related breaches leverage either stolen or weak passwords, and 73% of breaches are financially motivated
Author – Barbi Goldblatt – Regional Executive