South African organisations are at risk as cyberthreats escalate in frequency and sophistication.
New research reveals an alarmingly high rate of security incidents over the past year, with experts pointing to a lack of awareness and qualified professionals as key contributing factors.
According to the South African data, only 4% of surveyed organisations reported no cyberattacks in the last 12 months.
A staggering 50% suffered up to four attacks, while 10% experienced nine or more. The financial impact of these breaches has been severe, with 39% of South African respondents reporting losses exceeding $1 million (R17m), and at least one organisation suffering a loss of more than $6m.
Julie Noizeux, channel manager at Fortinet South Africa, said the high incidence of attacks was cause for concern.
“Clearly South Africa is a prime target for attacks, yet globally we are lagging in terms of cybersecurity investments.”
Research revealed a complex skills scenario. Some 60% of South African respondents believed attacks were due to a lack of in-house cybersecurity skills or trained IT security staff, while 58% attributed attacks to a lack of cybersecurity awareness. Paradoxically, only 36% indicated struggles with recruiting cybersecurity talent, and a mere 28% reported challenges with retention.
According to Noizeux, cybersecurity skills were in short supply globally.
In South Africa, companies face the added challenge of the brain-drain of skilled professionals seeking better opportunities abroad.
“I work with organisations that continuously struggle to find talent,” Noizeux said. However, some are getting creative, countering the skills gap using partners and advanced technology. At the same time, they’re working hard to keep their top talent happy with attractive pay and perks.
“One way to secure the organisation with limited in-house skills is to leverage channel partners and companies they can outsource cybersecurity services to.
“We see growth in the number of organisations using managed security service providers who offer the full security stack and management of the environment,” Noizeux said.
“Machine learning and AI are increasingly taking on complex cybersecurity tasks. These technologies can automate threat detection and response, which helps reduce the burden on staff for routine, manual processes,” Noizeux added.
Upskilling existing staff was a key strategy to address the skills shortage, said Noizeux.
“At Fortinet, we practise what we preach,” she said. “We hire candidates who meet most of our criteria, then create personalised development plans to help them gain the necessary certifications and qualifications.”
The Mercury