By Karl Fischer, DevOps Team Lead at Obsidian Systems
With worldwide cybersecurity spending expected to approach $42 billion by the end of this year, businesses are increasingly turning their attention to solutions that feature integrated protection. The proliferation of multi-cloud environments and shadow IT systems are further driving the need to orchestrate, manage and create security visibility without losing agility and speed.
In South Africa, June next year sees the implementation of the Protection of Personal Information Act (POPIA) which further complicates the cybersecurity landscape, especially in how it relates to sensitive customer data. Many companies are simply following a tick-box approach to compliance, but the financial and reputational damage that a breach creates means a more focused strategy is required.
Even though cybersecurity has been an element of IT systems for decades, companies who still view it as a bolt-on component will never be effective at preventing attacks. The focus must now turn to working with vendors capable of testing, automating and building road maps and supporting tools for observability of compliance for organisations. By embracing cybersecurity as an element of compliance, integrating it into all aspects of a business, organisations become empowered to monitor whether they are meeting their fiduciary responsibilities.
The lockdown has forced companies to start thinking differently about their cybersecurity. Regardless of where employees are based, systems must be in place to protect all entry points in such a digitally-driven, corporate environment.
With people returning to the office, the security landscape shifts to include hygienic practices as well. The risks that workers face at the office include whether their desks are clean or whether a sensitive document is removed from the office printer instead of being left in the out tray for anybody to take. Furthermore, from a compliance perspective, the physical documents that have been kept for the mandatory seven years will require on site shredding. While these activities might seem trivial, not adhering to them could result in similar financial and reputational damage as a cyber breach.
Looking to the future
With thoughts already turning to the new year, security discussions will certainly be easier to have thanks to the digital transformation brought about by the COVID-19 pandemic. The office of the future will look significantly different to the environment earlier this year. Remote working will become part of the status quo and integrated security will be even more critical to protect employees, regardless of where they access the corporate network from.
If the lockdown has shown corporates anything, it is the importance of continually reviewing their security policies. Being compliant must therefore not be considered a necessary chore. Instead, it must be viewed as a vital component of any digital transformation project. It enables the organisation to safely adopt innovative technology opportunities while safeguarding sensitive information and data.