INTELLIGENT BRANDS // Enterprise Security
INTELLIGENT BRANDS // Enterprise Security
Boards still not grasping cyberthreats,
say IT decision makers
Key decision makers do not have
confidence in their Boards’ ability to
manage cybersecurity threats, according
to the latest cybersecurity analysis from
Control Risks. The global ‘Cyber Security
Landscape’ survey of IT and business
decision makers found that almost
half of respondents reported they
believe their organisation’s board-level
executives do not take cybersecurity as
seriously as they should. This is despite
77% of respondents citing the C-suite,
rather than the historic owner, the IT
department, as being most accountable
for cybersecurity management and
decision making in their organisation.
The survey equally found that just
over 31% also reported they are very
or extremely concerned their
organisation will suffer a cyberattack
in the next year and a third (34%)
say their organisation doesn’t have a
cyber crisis management plan in place
in the event of a breach. This lack of
preparedness is especially striking in the
light of the 12th May WannaCry ransom
attack, which affected 150 countries in
under 12 hours.
George Nicholls, Senior Partner based
in Johannesburg at Control Risks
commented: “The misalignment
between treating cybersecurity as a
technological issue or a business risk
is not new. Yet, the survey shows
that this misalignment remains a
considerable and on-going concern
for many organisations.”
He continues: “Our advice is to always
start with the threat. The way in
which cyberthreats are assessed
and communicated throughout the
business is key. This assessment should
include the specific cyberthreats to the
organisation, how they could impact
the business and what controls might
mitigate them. After assessing the
risks and understanding them, the
organisation can then deal
with these within its overall risk
management strategy.”
Organisations should ensure
cybersecurity becomes a regular item
on the board’s agenda that includes
reviewing the external cyberthreat
landscape in conjunction with IT.
Key findings:
•
•
•
56
Cyberattacks have major long-term effects: 4 in 10 respondents said
a cyberattack has resulted in the misuse of sensitive or confidential
information. Companies are struggling to adopt a risk-based approach:
although companies are now less concerned with merely complying with
standards and are focused on actually reducing the risk of a cyberattack,
almost half (45%) agreed that assessing and managing these risks is
their biggest challenge.
Third party breaches are a growing concern: just over a third (35%)
of respondents said a third party cyber breach had affected their
organisation and despite nine in ten respondents (93%) taking steps to
evaluate their third parties’ cybersecurity measures, 53% said this was
confined to contractual measures.
Cyberattacks have major long-term effects: 4 in 10 respondents said
a cyberattack has resulted in the misuse of sensitive or confidential
information (43%) and a loss of customer information (41%).
INTELLIGENTCIO
Internet Infrastructure Security
Guidelines for Africa launched to
increase cybersecurity
“This is another timely milestone
achievement given the new security
challenges in cyberspace,” said
Moctar Yeday, Head, Information
Society Division, African Union. “The
Commission of the African Union
will continue its partnership with the
Internet Society on a second set of
guidelines addressing personal data
protection in Africa,” he added.
George Nicholls, Senior Partner at
Control Risks, based in Johannesburg
Organisations also benefit from regular
crisis management exercises that involve
all relevant parties including the C-suite,
IT, legal, communications and any other
members of the crisis management
team. These exercises ensure that
all parties understand their roles and
responsibilities and the potential
implications of a cyberattack.
The misalignment
between treating
cybersecurity as
a technological
issue or a business
risk is not new.
Yet, the survey
shows that this
misalignment
remains a
considerable
and on-going
concern for many
organisations.
www.intelligentcio.com
Dawit Bekele, Africa Regional Bureau Director for the Internet Society (R) with Michuki
Mwangi, the Regional Development Manager for the Internet Society in Africa during
the release of the Internet Infrastructure Security Guidelines for Africa.
The Internet Society and the African
Union Commission have unveiled a
new set of Internet Infrastructure
Security Guidelines for Africa during the
African Internet Summit, taking place in
Nairobi 30 May – 2 June. The guidelines
will help Africa create a more secure
Internet infrastructure and are set to
change the way African Union States
approach cybersecurity preparedness.
The guidelines – the first of their kind
in Africa – were developed by a multi-
stakeholder group of African and global
Internet infrastructure security experts
and are the first step towards building
a more secure Internet in Africa. They
will help AU member states strengthen
the security of their local Internet
infrastructure through actions at a
regional, national, ISP/operator and
organisational level.
Africa’s cybersecurity environment faces
a unique combination of challenges,
including a lack of awareness of the risks
involved in using technology. Kenya was
ranked the 69th most vulnerable country
(out of 127) in the 2015 Deloitte Global
Threat Index. Some of the main reasons
are: low awareness, underinvestment,
www.intelligentcio.com
talent shortage and overload of data.
Deloitte further estimates that Kenya
lost $171 million to cybercrime in 2016.
“Africa has achieved major strides in
developing its Internet Infrastructure in
the past decade. However, the Internet
won’t provide the aspired benefits
unless we can trust it. We have seen
from recent experiences that Africa is
not immune from cyberattacks and
other security threats. These guidelines,
developed in collaboration with the
African Union Commission, will help
African countries put in place the
necessary measures to increase the
security of their Internet infrastructure,”
explained Dawit Bekele, Africa Regional
Bureau Director for the Internet Society.
This document is launched at a time
when the world feels the real and
urgent need to build and reinforce
structures aimed at tackling the growing
cyberthreat to the global digital
economy. Governments, companies,
network operators, universities and
organisations across African Union
member states are encouraged to
take action to implement the Internet
Infrastructure Security Guidelines.
According to ITU ICT Facts and Figures
2016, it is estimated that 25.1% of
Africans are now online and despite
lower Internet access rates vs other
regions in the world, there has been
a sustained double-digit growth in
Internet penetration over the past
10 years. This is due in large part to
an increase of mobile Internet and in
more affordable smart phones in the
market and Africa’s young, technology-
savvy population. However, to continue
to improve access and connect the
unconnected, people need to trust
the Internet.
Symantec, a global leader in
cybersecurity, observed 24 million
malware incidents targeting Africa
in 2016. As some malware incidents
probably go unobserved, the real
number of incidents may be much
higher. In a 2013 report from Symantec,
cybercrime was increasing at a faster
rate in Africa than any other region.
As Internet penetration grows in Africa
and more business takes place online,
implementing security measures against
malware incidents to protect Internet
users becomes increasingly important.
Offering actions that are tailored to the
African cybersecurity environment and
solutions for an ever-changing online
landscape, the recommendations in the
document can play a key role in helping
Africa respond to the kind of Internet
attacks that recently paralysed critical
public and government services.
INTELLIGENTCIO
57