Cybersecurity is more than just a top priority for modern enterprises that have had to adapt to widespread change and the move to remote and hybrid workplaces in the past 18 months. This is according to the Enterprise Security Trends in South Africa survey, conducted by the IDC and commissioned by Microsoft, which highlights the latest cloud security developments across all industries in South Africa.
Nearly half (48%) of organisations in the country are using cloud as a platform and driver of digital innovation and 61% of South African organisations say they plan to spend more on cloud solutions in 2022.
In fact, the research reveals that security now acts as an enabler for the rapid digital transformation needed for South African companies to remain competitive – which is increasingly driven by the adoption of cloud capabilities and the flexibility, agility, resilience and security the cloud offers.
The research shows that cloud security is the number one priority for investment, with 28% of South African business leaders stating they will move to the cloud to help address security priorities.
Cloud security is proving to be vital for protecting organisations from exposure to any kind of cyber risk and South African business leaders are well aware of the threat. The research shows that 50% are concerned with the consequences of security breaches, particularly in terms of damage to brand reputation and financial loss.
“The accelerated pace of digital transformation and the huge amount of data processed and stored in the cloud is attracting the attention of threat actors. Attacks are continuing to evolve, with more sophisticated attack vectors from a greater number of bad actors and enterprises are becoming more vulnerable,” says Mark Walker, associate vice-president for sub-Saharan Africa at IDC.
Making skilling a security priority
53% of the country’s business leaders say skilling is one of their top security transformation priorities and increasing technical knowledge of cybersecurity is a critical need.
“Critically, however, security transformation is no longer just about strengthening corporate security. In addition to investing in the most advanced tools and solutions to build layers of security that will protect the organisation’s data, apps, databases, networks and systems, it is about upskilling/reskilling security experts, redesigning security strategies and improving employee and executive security awareness,” says Colin Erasmus, modern workplace and security business group lead at Microsoft South Africa.
There is also widespread recognition of the need to build a security culture in order to increase the understanding of security’s value to the business, as well as drive security awareness.
“People, process and technology need to be in harmony because businesses can have the most sophisticated technology and comprehensive processes in place to monitor, detect and respond to breaches, but if a person gives their password away or clicks on a phishing email, it becomes exponentially more difficult to protect the organisation,” says Erasmus.
In this way, the building blocks of skilling and raising security awareness start with identity, since it remains where people are most vulnerable. The research shows that business leaders in South Africa understand this: confirming users’ identities, together with an additional layer of security, is emerging as the most important security priority for 49% of business leaders in South Africa in the next six to 18 months.
The Zero Trust principle
The need to confirm identity is a central feature of the Zero Trust principle, which is emerging as a guiding security strategy for businesses in the face of rapid change to workplaces. This model means trusting no individual or system, needing to explicitly verify their identity, using least privilege access to give them access only to what they need, for as long as they need it, and always assuming breach.
“As well as adopting security strategies like Zero Trust and skilling their employees in these principles and how to handle new types of attacks from multiple different vectors, South African businesses need to develop an organisational understanding to manage cybersecurity risk to systems, people, assets, data and capabilities,” says Walker.
“The good news is that most organisations in South Africa continue to increase their security budgets, with 53% increasing their investments in the past two years and 51% responding faster and more effectively to new threats. An ongoing investment in strengthening security postures will act as a differentiator and competitive advantage in a rapidly evolving business landscape,” says Erasmus.
To find out more about cloud security trends in South Africa, read the Cybersecurity: a Digital Transformation Imperative whitepaper via the short URL: www.securitysa.com/*cyber2
© Technews Publishing (Pty) Ltd | All Rights Reserved