Recruiting and retaining qualified cyber professionals in the region remains a pressing concern
With 87% of South African businesses experiencing a cybersecurity skills shortage, decision-makers must identify alternative methods of plugging this gap if they are to safeguard systems and data against an increasingly advanced cyber threat landscape. This is according to Kaspersky, who recently conducted a survey in South Africa which also found that almost half of companies surveyed (45%) have experienced a cybersecurity incident in 24 months (2021-2022). Yet, only 33% of respondent organisations had an internal security operations centre (SOC) in place to manage IT within the business.
According to Brandon Muller, technology expert and consultant for the MEA region at Kaspersky, dedicated cybersecurity functions in businesses across Africa are not yet common reflecting a broader concern around having access to the specialist functions to run those initiatives.
“Most organisations surveyed (74%) rely on IT staff to manage the technology function. However, this does not account for the critical need to have resources in place to safeguard organisational assets against cyberattacks. A further 75% of businesses indicated that they would benefit from expanding their cybersecurity team with additional experience and protection,” says Muller.
This has resulted in almost a third (28%) of South African decision-makers turning to external IT security experts for assistance. Furthermore, 44% of local businesses surveyed indicated that outsourcing the cybersecurity function is a possibility as the availability of specialist skills become even more scarce.
In addition to outsourcing, companies can also leverage the likes of Managed Detection and Response (MDR) to improve their defences.
“MDR delivers advanced, round-the-clock outsourced cybersecurity protection from the growing volume of threats circumventing automated security barriers. This is a continuous incident detection service where the focus is on cyber threat hunting especially when it comes to new malware detection, non-malware attack detection, and APT attack detection. MDR should be seen as a way to augment existing cybersecurity practices,” says Sergey Soldatov, head of the Security Operations Centre at Kaspersky.
However, for outsourcing and MDR to truly be effective, companies must enhance internal initiatives to also drive cybersecurity awareness training amongst their current employees.
“Even if local businesses do not have specialist skills, to achieve a strong foundation of best practices and grow in-house cybersecurity skills they must integrate cybersecurity into the company’s strategy and processes – and have this supported by continuous and up-to-date staff training programmes. If all employees are aware of the importance of remaining vigilant and what to look for in potential cyberattacks, the defensive footprint will already get a significant boost,” says Muller.
