
Top stories






More news









Marketing & Media
Chicken Licken bravely debones a rare phobia with their latest campaign
Joe Public 2 days





Construction & Engineering
US shuts down massive Lesotho development project



These are damaging threats that can put a company’s reputation and business continuity at risk and can have serious financial implications. It is only when IT security-related risks are considered as business risks that the relevance of addressing them with proactive, strategic and appropriate solutions really becomes apparent – and this has to come from the top.
I believe, cyber risks should be treated as business risks and should form part of a company’s overall risk management strategy. This has to be a top-down drive; from C-level employees, for whom the cost of a breach or leak is highest, to everyone else in the organisation that has access to information systems.
Cybercrime is burgeoning rapidly, not only in volume but sophistication as well; while 70% of threats faced by enterprises are known, 30% are unknown, advanced threats that traditional signature-based security technologies alone cannot tackle.[1]
Cybercriminals are also becoming far more discerning and are targeting their attacks. Though more targeted, they often employ basic methods to implement their attacks. These methods can include social engineering, stealing of employee credentials, imitating legitimate software or even using malware covered by a stolen certificate to infiltrate systems.
Ransomware, a type of malware that encrypts data and either prevents or limits users from accessing their systems, is typically targeted at C-level employees as well as departments dealing with sensitive information, such as accounts and human resource departments. These types of advanced, targeted cyber incidents are becoming more prevalent – even in South Africa.
For me, it becomes quite clear that organisations need a multi-disciplinary approach that is aligned with their specific risk management requirements and includes the implementation of appropriate IT security solutions, ongoing monitoring, analysis of IT security intelligence, and employee education.
Regardless of how expensive or robust the IT security technologies are, they will not be fully effective unless everybody throughout the enterprise, starting at the top, understands the risks and supports the IT security strategy.
I would like to offer some advice to C-level employees when managing IT security risks in organisations:
I want to put organisations at ease with the fact there are various computer-based training products available that leverage modern learning techniques and address all levels of the organisational structure.
We must realise that every individual in the organisation using a computer is responsible for IT security, not just the IT department. And that cybersecurity awareness and education are, therefore, fundamental to the effectiveness of your risk management strategy.