With New Zealand now the 18th most-hacked country in the world, the need for security specialist providers is increasing across the country.
At a national level, Origin IT is winning the mindshare of businesses through a deepened approach of providing end-to-end security offerings, as hackers become smarter and attacks increase tenfold.
Banishing the notion that New Zealand is too remote and too irrelevant to be impacted, the Auckland-based company completed the acquisition of networking and security experts, Optinet, in 2015, in response to security becoming the number one priority for organisations today.
With 2017 fast approaching, the acquisition is paying dividends for the ICT provider, with the expansion in capabilities in line with aggressive growth plans of reaching $50 million in revenue by 2018.
Such focus comes at a time when worldwide spending on information security products and services will reach $US81.6 billion in 2016, an increase of 7.9 per cent over 2015.
According to Gartner findings, consulting and IT outsourcing are currently the largest categories of spending on information security.
Until the end of 2020, the highest growth is expected to come from security testing, IT outsourcing and data loss prevention (DLP).
In reviewing business attitudes to the protection of data and IP, testing security practices and managing the process through C-level advice and input, Origin IT appears well positioned to capitalise.
“Information security breaches can impact business reputation, performance and profitability, so why do we leave these business fundamentals in the hands of the IT department?” Origin IT, chief information security officer, Joerg Buss, asked.
“With directorial responsibilities only going to increase in this area, business leaders can no longer wash their hands of responsibility for information security; they must get their heads into the game.”
For Buss, the easiest way to do this is to think of the management of information security as a game.
“Like any game there are set rules, understood boundaries and clear goals,” he explained.
“The coach or the leader’s job is to make sure that the players are equipped with everything they need to be able to play within these parameters, while also being innovative, challenging boundaries, and finding a formula to gain their team the advantage.”
Internationally, Buss said businesses use a range of security frameworks to establish boundaries and rules, and ultimately let the business do what it does best.
But security frameworks are a relatively new concept for New Zealand businesses.
As a result, here’s six reasons why Kiwi business leaders should be starting to talk about security frameworks:
1 - Security and the need for speed
“Having a security framework is about speeding up, not slowing down,” Buss said. “The best analogy is the brakes on a car.
“Most people consider brakes essential for slowing down and this is true, however, they also let the driver go faster.”
For Buss, a security framework is the same.
“If you have the correct one in place, setting rules around different processes, then a business can perform more efficiently with a lower security risk,” he added.
2 - Every business has valuable information
Whether it’s intellectual property, brand, product or service information, or customers’ personal and financial detail, all businesses have information they wouldn’t want others to access.
“Information is a valuable asset and losing it can have serious implications for reputation and trust,” Buss added.
“So giving the IT team the responsibility to protect it, is limited. Protecting one of your most valuable assets is everyone’s responsibility, leading us to our next point.”
3 - Cyber security is a people issue first
“From our own experience dealing with hundreds of clients, about 50 per cent of unidentified emails received by businesses will be opened by employees with around 30 per cent clicking on a malicious link,” Buss observed.
“In many cases this is enough to let in an attack. In almost all cases, there is no malicious intent internally and people just make a mistake.
“Often it’s caused by a lack of understanding about the importance of information and not understanding the need for processes to manage security risks.”
4 - Security issue of online and mobile information
With employees bringing personal devices, working on smartphones at home, at work or while travelling, business operations have become multi-device and location non-specific.
Consequently, this provides freedom and the ability to work anywhere, anytime.
“This may seem like a recipe for more risk but the threat of all information being online and mobile is no greater than in a fixed location, as long as there is a framework to manage practices,” Buss added.
5- Security to support innovation and competitive advantage
“A security framework supports innovation,” Buss said. “Imagine you are in a marketing and sales team and you want to explore a new piece of software to automate emails to customers.
“A security framework provides the checks and balances so you can proceed. Having defined security processes also supports trust in a business and its reputation, and this can be a competitive advantage.”
6 - Security as a legal, insurance and governance requirement
For Buss, security frameworks are essential to many businesses.
“If you operate, or have customers, in a jurisdiction insisting on higher levels of security such as the US or parts of Europe,” he added.
“You may also need a security framework to secure adequate insurance, with the board taking ultimate responsibility for adequate action to be taken to protect the business.
“New Zealand is no long the remote island at the bottom of the world that it used to be, and to continue to innovate and aspire to lead the world, we need to bring the security conversation to the top.”