Cybersecurity is quickly becoming a top priority across the globe due to political tensions between countries and the increasing theft of data as hackers up their game.


This concern is growing in South Africa. IT decision-makers say that the biggest shortcoming in preparing for a breach is that software is outdated, and company bosses do not understand risks. To further compound matters, South Africa’s National List of Occupations in High Demand lists ICT security specialists as being in high demand, but despite this, there is a continuous shortfall of suitably skilled trained people.

According to a new study – The State of Enterprise Security in South Africa 2019 – more than a third (35%) of the country’s IT decision-makers expect cyberattacks on their businesses within days. The research by World Wide Worx, Trend Micro, and VMware surveyed IT decision-makers at 220 enterprises across industries on the centrality of cybersecurity in business strategy, the vulnerability of businesses, and security compliance.

It found that 31% of businesses expected an attack with the year, and fewer than one in five IT decision-makers in South African enterprises think they are safe from attack in the next two years. While 57% of the businesses say they will detect evidence of a malicious breach within a few minutes, only 43% of them will not know that they have been compromised. Researchers say these businesses “are in for a big shock”, like ransomware and other file destroying malware may corrupt almost every file on a user’s computer in
this time, which means any response is too late. Just over half of IT decision-makers are willing to accept responsibility for a breach.

“This finding shows IT decision-makers are cognisant of how important security is to their role, as half of IT decision-makers would accept accountability for a data or security breach in their organisations,” says Indi Siriniwasa, Vice President Sub- Saharan Africa at Trend Micro.

Many of the respondents said their chief information officers (CIOs) were inept at navigating an organisation after a data breach. “We were astonished when we found that CIOs don’t lead the organisation’s response to a data breach. This finding shows that organisations still have a long way to go in terms of connecting a CIO’s strategy to that of the IT department,” says Lorna Hardie, Regional Director Sub-Saharan Africa at VMware. According to the research, the biggest shortcoming in cybersecurity preparedness is outdated software. Following close behind is a lack of understanding about risks from management. This means there is a huge need for education to understand security, and how to approach it differently.

“All of this then leads us to imagine that the IT departments must feel under siege, yet they are supremely confident in their ability to protect companies. Any question relating to their capacity and capability is met with resounding confidence, suggesting that they are either over-confident or supremely arrogant. At best, we would say that they don’t want to be perceived as falling down on the job and can cope regardless of the obstacles in their way and the threat out there,” says World
Wide Worx Manging Director Arthur Goldstuck.

“Although 99% says they are confident about protecting the company, the picture disintegrates when asked if they have the skills to do so. Almost half – 45% – agree that they don’t have the skills to protect the company, this disconnect suggests overconfidence in their ability to protect the business.”
Siriniwasa says the data is critical as it reveals a stark trend in how South African IT decision-makers protect their corporate networks, and where changes are necessary across industries to prepare and help them counter cyberattacks.

“At this stage, strong information and data security are non-negotiable, but ensuring this requires a cultural shift towards security awareness and collaboration across all parts of the business.” Hardie says it is vital that those in control of the purse strings understand the implications of a data breach, stressing that “an ounce of data breach prevention is worth a pound of lost data and productivity”.

“Interestingly the research highlights that there will be breaches, that is a fact, but it is how business mitigates these risks going forward with a modern approach to security where we aren’t chasing each breach, but instead shift to a model where we build intrinsic security into everything – the application, the network, essentially everything that connects and carries data.”

According to the global cybersecurity company, Kaspersky Lab, malware attacks in South Africa increased by 22% in the first quarter of 2019, compared to the first quarter of last year. This translates into about 13,842 attempted cyberattacks in the country per day, 577 attempted attacks per hour, or over nine per second. While these numbers are frightening, Startupbootcamp, which supports early-stage tech funders to grow into companies, has warned of a much larger threat which will impact countries across the globe.

Startupbootcamp CEO Philip Kiracofe, who spoke at a 4IRSA workshop on fintech earlier this year, said that the network believes that in 12-15 months, the world will experience a cyberattack similar to 9/11, which will fundamentally lead to a global shift in how we manage artificial intelligence.

By: Amy Musgrave