By now most people know that artificial intelligence tools are based on machine learning mechanisms collating large amounts of information.
The integrity of data, information and controls related to confidentiality are the key aspects in how an organisation manages its governance risk and compliance. The organisation, in turn, is held accountable by the relevant country’s laws.
Accordingly, it has become critical for every organisation to safeguard against its data being compromised.
South African companies increasingly find themselves in the crosshairs of cyber criminals.
The State of Ransomware in South Africa report, released by IT security company Sophos earlier this year, reveals that 78% of local companies experienced ransomware attacks in a 12-month period.
In almost half the number of instances, system vulnerabilities were exploited by criminals. Credentials that were comprised also ranked as a major cause of attacks.
Cloud systems present their own challenges. Their ever-changing nature makes it difficult to be on top of whether data is being stored correctly, with the result that loopholes can be exploited.
A recent survey by cybersecurity software solutions company Check Point of 1 000 cybersecurity professionals showed that misconfigurations concerned almost 60% of respondents, as these left organisations vulnerable to attacks.
Another problem is that of multiple security solutions to keep criminals at bay. While well-intentioned on the part of a company, too many cloud security measures can lead to confusion and ultimately put the systems at risk.
The Check Point report recommends that organisations address cloud security challenges proactively.
The development of tools like cloud-native application protection platforms (CNAPPS) will certainly assist this process. These platforms perform an all-one-one monitoring function that protects cloud-native applications across development and production.
Another effective way to shore up cyber defences is by adhering to International Organisation for Standardisation (ISO) guidelines, specifically ISO 27017, a tool that meets the requirements of entities providing cloud-based solutions.
The standard includes world-class methodologies and guidelines to secure the cloud services offered and is an extension of the ISO/IEC 27001:2022 standard.
While Microsoft Azure, Amazon Web Services and Google Cloud dominate the cloud services space, software service providers running Software as a Service (SaaS), Infrastructure as a Service (Iaas) and Platform as a Service (PaaS) should also consider this standard.
What is important to note is that ISO management systems should not be viewed in a negative light.
Instead, they should be regarded as an investment that protects a business from reputational damage and lawsuits in the event of a cyberattack or data breach.
For this reason, it is essential that qualified experts are tasked with implementation of the system.
Skilled standardisation practitioners not only reduce the timeframe for implementation but also lower the risk of failures and costs associated with poor service.
With the assistance of these experts, governance is created within an organisation. A successful roll-out will align with strategic direction and create employee and user awareness.
It also will assist in creating client assurance and improving supplier performance, which will reduce losses and generate more revenue as the standards are often a requirement set out in tenders and client onboarding processes.
IT businesses, software solutions companies and any provider managing confidential information should adhere to the standard, particularly in light of the Protection of Personal Information Act in South Africa and the EU’s General Data Protection Regulation.
Companies would do well to review articles and join discussion forums about standardisation and how it streamlines processes in the short-, medium- and long-term. They should also note the repercussions of not implementing ISO 27017.
Launched in 2009, Centurion-headquartered WWISE employs 35 fulltime consultants who specialise in more than 40 industries, both locally and abroad, training, and implementing ISO standards and programmes for a broad range of small, medium and large-scale business and organisations. The company has a solid local and international client base, with 590 clients in 16 countries, implementing more than 30 standards and achieving a 100% record when clients are certified. Its training programmes are accredited with SETA and various international bodies, and it offers an e-Learning portal through which 12 000 people in 40 countries have been trained so far. The 70-year-old International Organization for Standardization (ISO) is an independent, non-governmental international body that develops business management standards to ensure the quality, safety and efficiency of products, services and systems across a multitude of industries. It aims to uphold consistency and quality in an increasingly globalised marketplace.