This year has seen the highest number of attacks on local ICT systems to date, and this has put SA (South Africa) companies at a higher security risk than ever before.
According to BMI-TechKnowledge Group's 'IT Security and Business Continuity Market Overview 2004', 80 percent of local businesses have experienced security breaches, including viruses, Web defacements, hacks, intrusions and others.
It also states that 100 percent of SA organizations have been affected, either directly or indirectly, by some form of ICT security breach, with viruses being the most common form of breach, followed by intrusions and hacks.
The organization's divisional manager for services, Roy Blume, says this should be seen as an indication that many local companies need to review their approach to ICT security. "Whereas most companies do not act unless they are reacting to an attack, they end up being vulnerable to ICT security breaches. In SA we have to take a holistic and aggressive view to security attacks by being proactive," he says.
Blume argues that U.S. companies have a higher security spend, and that this is more strategic, with specific focus on various areas of their ICT structure. In SA, security is still not seen as a critical aspect of ICT spend, and, up to now, companies have limited their security spend, he says.
"Most companies either put off or delay addressing their ICT security needs, when, in fact, it is important for companies to continuously and vigorously improve and enhance their security," he says.
The review also found that more CIOs than in previous surveys feel that ICT security is becoming more important, due to the high value of information and data.
"People are realizing that, for the same reason that we look for office doors and people to keep our companies safe, we also need ICT security to watch over corporate assets, which are strategically valuable," he says.
Blume adds, however, that while organizations in the financial and legal and professional services sectors are more advanced in SA and internationally, smaller companies have deferred their ICT security spending.
He says the consequences of security breaches have direct and indirect costs, with the latter being invaluable. Security breaches cost local businesses up to a billion rands a year, not including the damage incurred through loss of credibility, decreased customer confidence, and brand tarnishing.
The impact on credibility has also become such a big risk for companies that many organizations do not report attacks on their business's ICT systems, as there is a perception that the credibility lost could outweigh the actual data loss.
Symantec SA's corporate account executive, Stephan le Roux, says there needs to be more awareness of security support, especially in smaller and medium organizations. "Depending on the risk profile, some companies will spend up to 12 percent of their organizational spend on ICT security, because they realize that installing a pure anti-virus solution is no longer enough, because we are now part of a global community through the Internet, e-mail, etc.
"Organizations need to realize that, because of our global interconnectedness, what we do can impact not only on the entire country, but also the world, and that we are equally exposed to what other countries do," he says.
Because companies cannot rely on legislation to guard over possible hackers and intruders, the onus is on them to maintain a secure ICT environment through effective policy and strategy.
With viruses being the most common and most dangerous form of security breach, it should be every company's priority to educate its employees about how to avoid or detect them.