Country’s corporates feeling the pressure
ABOUT 75 percent of South Africa’s top 100 corporates did not feel fully protected by their cybersecurity strategy, according to the State of Cybersecurity in South Africa.
The study, conducted by World Wide Worx on behalf of Intel and Dell Technologies South Africa, found that that was despite nearly three quarters investing more in cybersecurity than the industry average.
South African large businesses were over-budget on cybersecurity spend. Just over half felt there were more threats introduced by the remote work culture.
World Wide Worx chief executive and principal analyst on the research project Arthur Goldstuck said last week that corporations over-budgeting on cybersecurity spend might look like a positive sign, but it also raised the likelihood that the budgets were too low to begin with.
“In the game of cybercrime cat and mouse, one could argue there is no such thing as being over-resourced. However, under-resourcing not only exposes companies to risk, but also poses an existential threat. A major breach can bring down a company. Budgets must catch up to the significance of the threat,” Goldstuck said.
Challenges ranged from macro threats to individual losses. With the pandemic and lockdowns having sent employees home, 55 percent of IT decision-makers were concerned about their staff losing their devices. This was not only about the physical loss and immediate cost of replacement.
Dell Technologies services sales director for Emerging Africa and South Africa Khairy Ammar said that as new threats and vulnerabilities appeared at break-neck speed, new technology also created opportunities to innovate.
“As we navigate the changing landscape of work, it is imperative to deliver solutions that keep organisations and their employees safe. With breaches now happening both above and below the OS, organisations need to keep endpoints secure from anywhere,” Ammar said.
“You need intelligent solutions that prevent, detect and respond to threats wherever they occur. A procedural measure like taking on a certified cybersecurity partner to manage these services is often the best protection for corporates.”
According to the authors of the study, a finding that would provide the business world with greater confidence was that three quarters of large corporations (77 percent) reported their devices were upgraded frequently and supported both Secure Boot and Trusted Protection Modules which helped mitigate physical access vulnerabilities.
Many cyber-hygiene factors were implemented by corporates, with the majority using VPN access control, and cloud platform managed security. These factors being implemented showed that corporates were aware of advanced methods of protecting themselves.
Most corporates, 99 percent, were aware that disaster management was essential. The analysts said the figure must, however, be seen in the context of only 40 percent of large businesses using multiple solutions to protect, backup, and replicate their data in the event of disaster. With that said, most respondents,at 99 percent, had not experienced cyberattacks that led to financial loss.
The 1 percent that experienced loss after a data leak provided a useful case study of security stances after an attack which was that these businesses had their systems compromised before the onset of remote working, indicating that no matter how a corporate geographically locates its employees, it remained vulnerable.
Compromises and vulnerabilities were revealed through the weakest link in the IT system, which was often an organisation’s own employees, and this may allow in ransomware programs or phishing attempts. More than half of businesses report that ransomware and phishing attempts had increased in the past year, or that they could not keep up with the numbers of attempts.
World Wide Worx senior data analyst Bryan Turner said awareness and action were key to training employees to work safely as spotting out-of-character emails and communications could save a company from all the phishing headaches involved with cybersecurity incidents.
Meanwhile, according to the 2022 Cybersecurity Skills Gap Report by Fortinet released last week, the skills gap was not just a talent shortage challenge, but also severely impacted business, making it a top concern for executive leaders worldwide.
The cybersecurity skills gap was said to contribute to 80 percent of breaches according to Fortinet.