IT security is becoming a key theme as enterprises across the Middle East and Africa (MEA) keep pace with a digitally transforming world according to speakers at the 2017 IDC IT Security Roadshow taking place in Johannesburg.

Hamza Naqshbandi, Principal Analyst for IT Services in Middle East and Africa for the IDC says security is still the number one challenge that African firms are facing.

"We (IDC) have been tracking this market for the past decade or so and security consistently crops up as the number one challenge. Sometimes we ask ourselves - why it is that with all the innovation that is going on, the R&D that the vendors are putting in and the contributions by governments in driving secure organisations, we are still being breached? When we summarise the security threat we think that there are three main issues: changing business models, an evolving threat landscape and the complexity of the security issue as it is very fragmented and there are regulations and even a lot of insider awareness that still needs to be addressed and contributes to a very complex ecosystem."

Hamza says the proliferation of cloud, social media, big data and enterprise mobility has ushered in new challenges because of the need to secure assets that one doesn't necessarily own.

"It is difficult to secure disruptive business models and at the same time the enemy has become smarter. One can do more damage from behind a computer than on the ground. Africa has been lucky as we have not seen high value attacks, but it is a very volatile environment as cyber warfare has evolved. The Middle East, on the other hand, has seen its share of crippling cyber attacks. The question on whether our defences are secure enough to keep us protected is one that remains to be answered."

Hamza adds that there is still a shortage of advanced security skills, not just in South Africa but across the Sub-Saharan Africa region.

"There is a gap in the skills and they are not growing as they should. Budgets are also not growing as many CIOs find it difficult to secure funds for security because they struggle to quantify the ROI for security to the business leadership."

Hamza cites research by Verizon in 2016 which showed that 93% of attackers say it takes them three minutes or less to compromise systems.

He also pointed to research by the IDC in the same year which showed that only 18% CIOs in the MEA region were alerted to a breach as soon as it happened to demonstrate the huge gap between the threat and the ability of enterprises to respond accordingly.