The State of Cybersecurity in South Africa, a study focusing on company data protection conducted on behalf of Intel and Dell Technologies SA, reveals that businesses are taking significant measures to improve their cybersecurity – with up to 68% investing above the industry average.
Arthur Goldstuck, CEO of independent technology market research organisation World Wide Worx – which conducted the study – says this was not the case five years ago, when only half of the respondents believed cybersecurity was integral to business strategy.
“Corporations being over-budget on cybersecurity spend may look like a positive sign, but it also raises the likelihood that the budgets were too low to begin [with],” he says.
Goldstuck, the principal analyst on the research project, revealed during a media briefing that 91% of businesses believe cybersecurity is important to business strategy while the remaining 9% say it is somewhat unimportant.
A significant aspect, according to Goldstuck, is that 94% of companies believe that cybersecurity helps them achieve their business objectives efficiently; they also believe that 97% of their employees are more productive and subsequently innovate more when they believe their data is protected.
Over half of the respondents feel there are now more cybersecurity threats due to the onset of remote working.
Goldstuck says that although there are varied approaches to remote working, one would expect to see a dramatic increase in exposure to data loss and therefore steps being taken to mitigate that exposure.
“Surprisingly, we did not see the expected 90% increase in this kind of exposure, in fact, the increase was [only] 45% of companies seeing more threat.”
According to Goldstuck, the study showed that the cybersecurity threats in relation to remote working are from vulnerabilities created by the loss or theft of company devices, the risk of third-party users accessing company data from different devices, and slow data processing speeds which feed into the inability to control user devices in time to mitigate threats.
“With remote working, we are finding there are not just obstacles but vulnerabilities that emerge behind the scenes or even in terms of companies that are fully protected in not experiencing breaches but having to fight fires all the time.”
However, Goldstuck notes that the cybersecurity threat landscape has been around for a significant period and is not a factor of the pandemic.
According to senior data analyst Bryan Turner, only one company experienced a financial loss of R1 million [during the study period]; this was due to a data leak that happened before widespread remote working.
Turner revealed that 95% of businesses are encrypting data in transit and that 54% encrypt data at rest, which points to companies storing data that is not encrypted on their websites.
“That is a very low stat to me, especially as we’ve seen now with TransUnion.”
TransUnion, an international credit bureau, confirmed in March that a hacking group had obtained the personal information of 54 million consumers through the misuse of an authorised client’s credentials.
The study found that 42% of the companies reported threats in ransomware and phishing attempts in the past year and that new emerging technology poses a major threat to data protection. These include cloud-native applications, the internet of things, blockchain, edge computing, machine learning and artificial intelligence.
These potential cybersecurity breaches, according to the study, are increasingly mitigated using virtual private network (VPN) access control and cloud platform managed security.
Read: Standard Bank, Lightstone disclose data breach – customer records exposed
Services sales director at Dell Technologies Khairy Ammar says it is imperative for organisations to keep their online endpoints secure.
“You need intelligent solutions that prevent, detect and respond to threats wherever they occur. A procedural measure like taking on a certified cybersecurity partner to manage these services is often the best protection for corporates.”
The survey comprised 100 key decision makers in South African corporations, with 91% decision makers in information technology and the remaining 9% top-ranking executives who have been in their roles for more than a year.
Nondumiso Lehutso is a Moneyweb intern.