South Africa better prepare for IT security's 'perfect storm'
South Africa better prepare for IT security's 'perfect storm'
From a cyber security point of view, the outlook for 2016 is not great and unless businesses in markets like South Africa become tech-savvy, are ready, researched and prepared, many will "get burnt".
This is the warning from executives and IT security experts at network security services and solutions firm Fortinet, who also mentioned the number one IT security threat to businesses next year will be a rise in land-and-expand cyber attacks, a strategy used by cyber criminals to compromise a machine and exploit it to scan other devices on the network and source data.
The multinational vendor today released the findings of a wireless security survey, conducted among 103 South African medium-to-large companies.
The survey canvassed IT decision makers and managers across a number of sectors including financial services, public sector, travel & Leisure, FMCG, telecoms & technology.
According to Fortinet all respondents had an internal wireless network, and all of them provide visitors and guests access on these corporate wireless networks.
"Most of them (68%) give guests access through a unique and temporary username and/or password. 20% allow users access with a shared username and/or password, 13% have a captive portal with credentials, 7% offer a captive portal with no credentials and 7% say their wireless network is totally open," the company stated in a presentation of the results.
"On the question of the main reason for deploying wireless network access for internal use, 53% of all the respondents said wireless networks were deployed in the interests of employee efficiency, 31% said it was for widespread coverage, and 16% said it was deployed as an offsite access/ mobility enabler," Fortinet explained.
However, the most important drivers for wireless networks varied by industry: in the education sector 71% said they deployed wireless networks for widespread coverage and only 14% said it was for employee efficiency. In contrast, 100% of respondents in the healthcare, travel & leisure and charities sectors said they had deployed wireless networks for employee efficiency.
SA compared to the world
While the findings within the local market were similar to that sourced from global counterparts, there is one significant difference: a higher percentage (71%) of IT decision makers in South Africa recognised wireless networks as a serious risk point, compared to just 34% of international decision makers.
Perry Hutton, Fortinet Africa regional director, said that while there was obvious awareness and concern, research showed that in both South Africa and international markets only 29% of respondents have a plan in place.
The survey also found that 69% of respondents are concerned mostly about data loss, and 30% ranked endpoints (tablets, smartphones and laptops) as the most vulnerable area from a security point of view.
Towards furthering endpoint security, Hutton said that it was important that industry design solutions to work around device control and manage issues like BYOD in a safe and controlled manner.
Emerging trends in the IT security space that continue to impact on company strategy development include network segregation, the need for a 'wall' to separate public wireless networks and internal corporate networks and the rise in relevance of the CSIO within the corporate space.
According to Fortinet telcos are selling Security as a Service and dynamic profile technology is beginning to gain traction, and there is also more attention by ISPs to traffic quality and threats to minimise impact on service delivery to customers.
While authentication is considered the first level of wireless security, it was agreed that users must also take some degree of responsibility: specifically to avoid assuming that a free wireless network is automatically safe.
"Wireless is a gaping hole and unless these networks are managed efficiently, someone will get burnt," Hutton added.