IT advisory director at Grant Thornton South Africa, Michiel Jonker, yesterday said research had shown that businesses in certain developing economies were more adept at taking extra precautions to protect their most valuable data from cyber criminals than those in developed, Western economies.
Jonker said the research into the views and expectations of more than 10000 listed and privately held businesses a year across 37 economies showed South Africa lagged behind its counterparts in Asia and Europe.
“A blanket approach is not good enough, and businesses often end up spending more money by employing sophisticated systems to protect data that is not overly sensitive, while sometimes neglecting the information that is crucial to a business’s survival and longevity,” Jonker said.
The IBR data previously found that more than one in five, 21percent, of business globally had faced a cyber attack over the year from last year’s third quarter, while businesses in the EU, 32percent, and North America, 24percent, were more vulnerable than those in the Asia-Pacific, 13percent, and Association of South-East Asian Nations, 7percent.
Jonker said the threat of cyber crime had increased significantly, partly because of the increasingly complex nature of organisations and cyberspace, and the ease in which software used to commit cyber attacks can be obtained.
“To date, businesses have based their controls on the assumption that they will be successful in their attempts to prevent cyber crime, but we believe this approach needs to change to one where businesses should assume they will fail.
“The nature of the recent attacks targeting several countries should serve as lesson to all organisations, including those responsible for national infrastructures such as dams and energy sites, that knowledge of their systems and differentiating the information within it, are crucial to providing effective protection against cyber attacks.”
Deloitte associate director for cyber risk, Cathy Gibson, said it was critical to bring the right business and technical leaders together to evaluate organisational readiness. “The team must be able to develop a list of high-risk cyber-attack scenarios that is relevant to their specific business,” she said.
“It is critical for every organisation to change the kinds of conversations they are having about cyber risk, and to institute some variation of a secure, vigilant and resilient approach”