0861 00 JTWO (5896)

john Mc LoughlinThe only place where an investment to prevent cyber-attacks is unnecessary is in the land of make-believe

Recently revealed research results by Kaspersky Lab would certainly indicate that prevention is not an option but should rather be a strategic business objective when it comes to cyber breaches. Kaspersky notes that large business losses from cyberattacks are estimated to be $861,000 per security incident. The report named: Measuring the Financial Impact of IT Security on Businesses* notes that small and medium businesses (SMBs) are paying $86,500 per incident. Significantly the cost of recovery is estimated to be directly related to time of discovery. Small to medium business were found to pay 44% more to recover from an attack discovered a week or more after the initial breach, compared to attacks spotted within a day. Enterprises corporations are estimated pay a 27% premium in the same circumstances.

Cybercrime is reported as the fastest growing industry worldwide and South African businesses lose around R2.2bn Rand annually to cyber-attacks.

It seems incredible that in an age where cyber threats evolve as quickly as technology develops, thousands of businesses in this country rarely, if at all, re-evaluate their vulnerability to this growing global issue.


Security initiatives often end up being ineffective because they are not focused on the right issues.

john Mc LoughlinIt has become abundantly clear in my conversations with IT managers, CIOs and other executives that there is a huge need to cut out the noise and the fluff, and direct security efforts in the right places.

As the wheel slowly turns and more companies place a higher priority on information security and protection against cyber threats, it is the responsibility of security professionals to manage this ongoing task. If security is to be sustainable and effective, businesses must understand it is an evolving undertaking that requires continuous attention from skilled specialists.

Companies today are definitely putting a spotlight on security – it is now the big buzzword in IT. Due to this, there are a plethora of new companies and solutions making a lot of noise in the marketplace. With all the flash, pomp and ceremony companies are being bombarded with, they need to ensure they are not just being sold a shiny bottle of snake oil.


When management won’t speak openly about problems they have, the business suffers and the executive don’t know.

This amazes me! Or should I say this scares me! I am not sure which word describes it best.

People have spent years carving their way up the management chain; yet more often than not there is no will within middle and senior management to accurately address identified issues, specifically around governance, productivity and security issues. I cannot work my head around it. Why will you not act? Make a decision? Start doing your job!


Welcome to the third piece on the South African insider threat landscape which follows on the piece about Employees Mishandling Sensitive Data. In this edition I want to touch on encryption as it appears in South African businesses. Our team have analysed over 47 Million Window, File, Application and File Transfer activities, quickly and accurately, using Dtex SystemSkan Intelligence Framework analytics toolset. We use only real findings to tell you what is really happening within South African businesses.

The modern business should understand that your information is the most valuable asset to people with ill intent, this is far more valuable than the actual laptop or computer it is stored on. We all know and hear about theft from businesses or political offices where the thieves steal only hard drives and laptops. These types of thefts are not after the hardware.

One of the simplest ways to protect these items is with encryption – so we had a look at how much encryption was used around the base. The results were not encouraging; especially when you remember that 1 in 40 staff misuse company data as discussed in my previous post.


This is the second piece in the series around the actual Insider Risk in South African businesses, which follows on from my previous piece on 10 Years in South Africa. I will be going over our real findings on what is really happening within South African businesses. We have analysed actual usage to share information on real risks to educate and provide meaningful advice to identify and then act against these threats.


  • 1
  • 2