The report found that as the network perimeters have expanded, African organisations need to realign their IT security investments in cybersecurity protocols, with current strategies being outdated.

The most critical investment priority in business across Africa (73%) in the next 12 to 18 months is automated response to security issues.

This is according to a new International Data Corporation (IDC) Technology Spotlight report: ‘Africa's Road Map to Identity Maturity and Security Using Privileged Access Controls’. The second most pressing investment area is zero trust projects (52%).

The report, sponsored by BeyondTrust, addresses the need for identity-focused security in Africa, and highlights the digital adoption trends that lead to insecure company postures, as well as solutions for boosting security policies that employ privileged controls.

The report notes that privileged access management (PAM) and identity and access management (IAM) were key projects on the zero trust journeys of 61% of CISOs in South Africa.

53% of respondents in South Africa regarded cloud entitlement management (or the use of identity-specific tools to monitor/manage entitlements and access to cloud resources) as one of the most important cloud investment priority for the next 12–18 months.

“Securing identities and access is critical to combatting today’s cyberthreats,” said Morey Haber, chief security officer, BeyondTrust. “By securing the privileges and access that make compromised identities dangerous, we are empowering organisations to proactively safeguard the critical assets across their estate, even in today's evolving threat landscape.”

The report found that as the network perimeters have expanded, African organisations need to realign their IT security investments in cybersecurity protocols, with current strategies being outdated. Further, identity security and PAM should be at the core of modern security practices, and IDC recommends that African organisations start by securing privileged users. Organisations must be prepared to enforce strong application, password management, least-privileged controls, and just-in-time access policies to prevent phishing-initiated breaches, the consultancy firm said.

“More than ever, entities in Africa need to get serious about identity security,” said Shilpi Handa, associate director research — Cybersecurity, IDC. “Investments in identity security in Africa have been low, despite the high rate of curated spear phishing attacks plaguing the continent. In early 2022, when IDC surveyed 209 organisations across Sub-Saharan Africa, just 18% said they were using PAM solutions.”

Other key findings from the report revealed that more than 90% of businesses on the continent were operating without the minimum necessary cybersecurity protocols. Overall privileged access control adoption was low; in September 2022, 18% of organisations surveyed said they were using PAM solutions, and multifactor authentication (MFA) adoption was just 34%. Phishing (62%) and insider threats (51%) are among the top cyber threats faced in Sub-Saharan Africa.