IT security professionals expect an increase in high profile cyber attacks this year and companies are advised to effectively secure their networks and websites, with particular attention to the cloud and BYOD.

"We are living in a world that is evolving to a digital age at unprecedented pace. African CIOs need to give cyber security as much priority as they are giving this digital evolution. The threat landscape is following a dramatic upward curve in terms of sophistication and persistence. It is only a matter of time before we in Africa experience a massive security blunder such as Ashley Maddison. Such a breach will undoubtedly cost the CIO his job, may end up costing many staff their jobs, and could even result in the demise of the company," warns Perry Hutton, Regional Director for Africa at Fortinet.

"The cyber threat landscape today is more dangerous than ever before. Companies today cannot afford to make the wrong decision when it comes to security. And as the topic of security has become a boardroom discussion," he continues.

Hutton says that while there is a need for better information security to deal with the onslaught of cyber-crime, CIOs have to control and reduce costs. This implies that they will have to invest in more intelligent solutions with higher levels of automation.

As increasingly strategic decision makers within the enterprise, they also need to determine the potential losses to the business in the event of a security breach, and mitigate the risks appropriately, he says.

"In the information security field, CIOs are focusing on maximising their budgets without compromising security. This is driving a move towards the next generation firewall, which does its job efficiently, while the cost justification is perfect," Hutton adds.

"Within networks, we can expect enterprises to look more closely at traffic filtering and move away from applying everything to everything. There is a great deal of internal traffic that requires only certain filtering functionality, so companies are becoming more prudent about how and where they inspect traffic. BYOD is a driving wireless network use, with an associated increased need for user authentication solutions, and we expect authentication to enjoy more uptake in 2016," he continues.

Security threats

Top security challenges for 2016 include the increased level of risk from BYOD, with research suggesting that wireless networks supporting BYOD are not as secure as they should be, as well as the issue of HTTP Strict Transport Security (HSTS) encryption of applications and devices.

Hutton says Internet of Things (IoT) devices will proliferate, and CIOs and CISOs will have to ensure that the IoT environment is secured. "As cloud uptake increases, enterprises are also grappling with the cloud disconnect and business continuity. They are asking 'How can we ensure staff and employee productivity if services in the cloud go down?' They are also concerned about who will take responsibility for the security of these cloud services."

George Kalebaila, senior research manager at IDC Sub-Saharan Africa, said the IDC predicts that Africa's IT security and physical security will become more connected in 2016 and that convergence could lead to a safer environment and the use of better tools to ensure security.

South African value-added distributor Networks Unlimited has stated that to cope with the exponential rise of the app, data and cloud market, the channel should look for web security solutions that offer cloud application control capabilities beyond the traditional security functionality.

Jason Gottschalk, Associate Director at KPMG, says having an effective threat intelligence capability assessment, plan and response in place continues to be a challenge for many companies.

"Businesses need to move away from believing that cyber security is a point in time exercise - a fad that is "hyped up", or that the threats of cyber-attacks will go away. Once businesses can do this, then we can start to embrace the benefits technology has enabled within the business while dealing effectively with the very real threat of cyber-crime. When it comes to protecting the businesses information from potential cyber-attacks, businesses need to understand what their "Crown Jewels" are. By knowing what the business has and what it is worth - both to the business and to outsiders – only then will the business gain a better understanding of what information needs to be protected."