There are two categories of company executives, those who are paying diligent attention to company matters and those who are completely not doing so, says Andrew Mpofu, internal audit manager, SA Post Office Limited.
I would say that only a quarter of the diligent executives are paying the right attention to IT matters including security.
The reason IT security is not given the right priority by three quarters of diligent executives has to do with timing and educational background of current board members.
Most people currently at executive level are predominantly of accounting and other business related backgrounds. They grew up in a time when computerisation was at its infancy, and the most important thing to this generation is that computerisation generally quickens processes. They are still far removed from the concept of fraud and theft via technology, and many view computer processing as a trustworthy activity. They think once data is in the computer, we can relax and enjoy efficient IT processing.
This situation will be remedied once the current tech-savvy generation reach executive company positions. Then, there will be a shift in company executives appreciating that confidentiality, integrity and non-repudiation are assertions than need to be protected as much as keeping the check book locked away in the traditional paper processing which is what the current generation grew up in.
Since the evolution of IT, we moved from mainframes to standalone desktops, networked private LANs, the Internet, cloud computing and virtualisation. The world has become a heavily populated high density digital township riddled with cyber terrorism. The malicious community is as busy developing and complicating their devastating nefarious tactics and sometimes arguably more than the defensive community. Security is not a discretional budget item, it should be correctly viewed as an input cost to doing business. Companies that recognise the importance of a CISO as a link between business and IT are doing the right thing. The security of IT systems has a huge bearing on the brand protection and the implied charisma to retain and draw new clients.
About the author: Andrew Mpofu is the Internal Audit Manager at SA Post Office LTD. He will be speaking at the upcoming Security Summit taking place at the Sandton Convention Centre from 27-29 May. Follow #itwebsec