Budget blues for South African business trying to protect data
Companies are either not planning properly or are so overwhelmed by the scope and scale of cyber security threats that they do not budget appropriately.
This is according to Arthur Goldstuck, CEO of World Wide Worx, who presented recent research at the Dell Technologies Cybersecurity TechByte hybrid event today.
In detailing research, The State of Cybersecurity in South Africa 2022, Goldstuck said that 91% of respondents said cybersecurity is very important to the business strategy, 51% said that costs have exceeded budget forecasts and this is a major difficulty.
Goldstuck underlined this statistic as a key concern because it shows that companies are either not planning their cybersecurity strategies properly, or they cannot manage budgets against the magnitude of the cyber threat landscape.
In May this year Goldstuck expounded on the findings of other research also pertaining to the state of South Africa’s cybersecurity and said while nearly three quarters of SA’s top 100 companies are investing more in cybersecurity than the industry average, a high percentage (almost equal proportion) do not feel fully protected.
ITWeb quoted Goldstuck as saying, “This reveals extent to which organisations understand how important cyber security is not just to keeping the lights on, but to growing the business and achieving the business goals.”
Two months down the line and the stats again reiterate that the majority of respondents feel that cybersecurity is a very important consideration, but the measures that have been put in place are a challenge because of the need for training, because they are inconvenient to manage, and/or still leave the company feeling vulnerable.
Ransomware and malware remain among the most serious threats to businesses, and specifically data.
60% of respondents name cloud-native applications pose the most serious risk to data protection. 53% mention Internet of Things (IOT), while blockchain and edge computing follow closely behind at 35% and 30% respectively.
Dell Technologies, along with industry partners Intel Security and VMWare Security, stressed that cybersecurity strategies have to change and that traditional parameter security integrated with the datacentre, for example, simply will not suffice.
This is because of the increase in value of company data, as well as the impact of remote working/ hybrid working model on business.
Goldstuck said that 55% of respondents are mostly concerned about missing/lost/stolen devices, while 35% believe non-company users accessing company data is keeping them up at night. Of equal concern is slow data processing speed due to end-to-end security protocols.
Asked what change they have seen in exposure to data loss from cyber threats with the growth of employees working from home, 53% of respondents said they had not seen any change, 45% said they had noticed “somewhat more threats” and only 1% said there were somewhat fewer threats.
The event focused on the theme fortifying the business with modern security, which is based on a recurring message within cybersecurity: the threat landscape has evolved and so too must cyber security strategies.
Cybersecurity experts continue to advocate a zero trust approach. Intel Security defines this as: “Zero-trust security is a fundamental shift in how we think about security rather than a product or service. Instead of defining an attack surface and building a wall around it to keep hackers out, all users – whether they are inside the network or not – must prove themselves trustworthy.”
Doug Woolley, Managing Director, Dell Technologies South Africa, said on there are 250 000 cyber attacks per week targeting financial institutions, and that organisations continue to grapple with limited skills sets, increasingly complexity of open systems and the need for automation amid increasing digital transformation.