SA cyber security company J2 Software plans to set up an office in Dubai and leverage this presence (and that of its twelve-and-a-half year operation in South Africa), to direct its interests in Africa going forward. Its expansion drive is centred on the core message that visibility in IT security solutions within the organisation equals capability or capacity to react.

Having announced 40% year-on-year growth in revenue for the first half of the financial year, Managing Director John McLoughlin confirmed the company's expansion plans.

"We are in the first few weeks of looking into opening an office in Dubai... and an office in the UK and also Australia. Dubai will be used to handle some regions in Africa, but essentially South Africa will be used to handle our neighbours ... Botswana, Namibia, maybe Zimbabwe, and a little bit of Mozambique (mainly English-speaking). Enhancing our presence in South Africa is something I am also very interested in and I am also quite keen in looking at Rwanda because of the boom there," said McLoughlin.

In South Africa the company has plans in the pipeline to establish an office in Durban and possibly in Port Elizabeth (PE).

McLoughlin explains that up to this point, because of the economy climate over the last few years, the company's focus has been centred mainly on South Africa and it remains the company's 'powerhouse', but he believes the time is now right for expansion and a broader Africa focus.

The company will also push its East African interests and is still considering whether it is viable to establish a permanent office or continue to leverage a partnership model.

"I believe that in the shorter period, Africa is still going to be our biggest area for growth and expansion, but we can manage that primarily out of South Africa – and is it develops, also out of Dubai, we will look at which makes more sense," he says.

Appetite for security

"Our business has evolved in the last twelve years and we are continually reviewing in order to stay abreast of market changes and requirements. I feel that using skilled and experienced South African resources to fulfil necessary services in additional markets will bring value to both J2 and our clients," McLoughlin.

However, expansion is dependent on market take up and its appetite for the technology.

Part of the reason why J2 Software has timed its expansion and more aggressive push to the continent is because of the growing need for practical security services.

"You don't do things the same way people have done security for the last twenty years. We still see it, businesses say 'well we've firewall, we've got anti-virus... we're sorted'... well, what about looking at advanced user behavior analytics? If there is an anomaly, if it looks out of the ordinary, we need to respond now, rather than finding out six months down the line there is a problem."

J2 Software's message to the market is that visibility equals the capability to react proactively and this is particularly apt in a market that is becoming increasingly security-focused.

The advice from security specialists is to invest in tomorrow's tools to solve today's problems.

Organisations that do not have a clear longer-term security roadmap in place are putting themselves at risk of being compromised says Jon Tullett, research manager – IT Services for Sub-Saharan Africa at International Data Corporation (IDC).

"The first step in creating this roadmap is to start getting their security under control," he says. "This includes using analytics for behaviour anomaly detection at both a network and user level, gathering the data to do baseline profiling. While that is the type of thing we are already doing today, many organisations are still not doing it with a long-term view in mind."

To get their security under control, organisations must consider technologies that play to the cloud and be prepared to evolve with the technology. User awareness and training also remain key fundamentals that are receiving enough attention.

"At the moment, training budgets are horrifically small and that must be addressed. Start by spending the money, but more importantly, evolve that training over time. Today, the breach is a credential theft or phishing attack. Companies that tackle that, and really invest in training, see tremendous reductions. A good example of this is Google, which combined good training with two-factor authentication for all their internal services and, since they've done that they've had zero phishing cases, but now they've moved on," says Tullett.

According to McLoughlin, businesses invest huge amounts of money on security, but often few people in the organisation know who has access, where the access is or where the solution is deployed.

"With visibility you get capability to react...we don't believe in a 'one-size-fits-all' solution."