Enlin Neveling, Performanta SA

Obtaining buy-in to IT security spend has long been a challenge within enterprises but business management needs to start seeing IT security as a business enabler, rather than a grudge purchase, say sponsors of the upcoming ITWeb Security Summit.

In a briefing ahead of the event, sponsors said South African enterprises were slowly starting to understand that IT security is not just a business “must-have”, but also a business enabler.

Dimitri Fousekis, head of penetration testing at Telspace Systems, said the IT department has long battled to develop a business case and demonstrate return on investment (ROI) on IT security spend. However, recent high-profile breaches around the world are supporting the argument that IT security is more than a safeguard. “Customers are now more aware than ever of the importance of data protection and the risks of cybercrime. When an enterprise demonstrates proactive information security, it boosts confidence among its customer base. Therefore, it enables business,” he said.

Trend Micro believes that effective IT security also serves as a business enabler in that it supports the secure use of cloud-based services. “In small and medium enterprises in particular, cloudbased services have a lot to offer in terms of agility and cost savings,” says Gregory Anderson, country manager for Trend Micro South Africa.

LAGGING BEHIND

South Africa is lagging behind the developed world in terms of co-ordinated cyber defence and response strategies, says Winston Hayden from the governance, risk and compliance (GRC) association Information Systems Audit and Control Association (ISACA) South Africa. Hayden says the US Cybersecurity Framework (http://www.nist.gov/cyberframework/), formulated in consultation with ISACA, is a good example of a proactive, collaborative approach to cyber security.

“In contrast, South Africa is still in the very early stages of developing a similar framework. As such, we are currently at high risk,” he says. “Cybercrime is a major threat to all enterprises and to the public sector, with new factors such as cloud computing and big data management adding to the pressure of effectively securing data and networks.”

Graeme McMillan, Cyberoam presales manager, says, where traditionally data was well secured within the enterprise, it is now exposed and vulnerable on multiple levels. At potentially the greatest risk, he says, are smaller and medium-sized enterprises which may not have the resources to protect themselves against the growing threats. “Many SMEs are also rapidly adopting cloud technologies without being aware of the potential exposure and risks,” he says.