printer friendly version

Fixing SA's cybersecurity: The CSIR's Cybersecurity Resilience Report

South African organisations are facing persistent threats from online criminals, a situation that the country is very familiar with. A new report from the CSIR's Information and Cybersecurity Centre gives us a more tangible view of the situation, helping guide the market to tackle cybercrime today and into the future.

“Created in collaboration with the Cybersecurity Hub under the Department of Communication and Digital Technologies, the Cybersecurity Resilience of South Africa's Public Sector report focuses on the country's public sector. However, it helps reflect on the state of cybersecurity in the private sector as well,” says Gerhard Swart, Chief Technology Officer at cybersecurity company, Performanta.

"The public sector has unique or amplified challenges that differ from private sector companies, but when you look at various research, the findings here are similar to what many organisations are facing. For example, all sectors have issues with filling cybersecurity roles, and criminals frequently target their data systems. Though the CSIR's report focuses on the public sector, there are valuable insights that every organisation should think about,” says Swart.

A nation under siege

The report surveyed over 1200 individuals and organisations nationwide, gathering information on cybersecurity preparedness, policies, and compliance. It reveals positive and negative trends, demonstrating that while SA is a nation under siege from cybercriminals, it is also responding to the situation.

Starting with the negative trends, the surveys reveal that cybercriminals are not slowing down their attacks:

• 47% of organisations experienced between one and five cybersecurity incidents in the past year.

• 88% report at least one security breach, and 90% of that group have been targeted multiple times.

• 28% of attacks use ransomware. Over half of attacks use malware or phishing tactics, and a third rely on insider threats or social engineering.

Organisations are encountering issues with capacity and training:

• 63% of cybersecurity roles are unfilled or only partially filled.

• 35% of cybersecurity professionals have left for other roles, usually due to better remuneration or support from future employers.

• 68% of employees lack sufficient cybersecurity awareness training.

“These findings are among the most frequent problems faced by cybersecurity efforts. However, while the problems are still familiar, solutions to address them have matured considerably,” says Swart.

"The cybersecurity market has been changing in the past few years to better address issues such as staff shortages, costs, and support for security teams. Risk-first strategies are finally taking the lead. Responsible security providers are now creating security blueprints and strategies based on the business risks of their clients, focusing their protection and security resources where it has the most impact rather than try to cover everything at once. This approach is taking considerable pressure off security teams,” says Swart.

Refocusing cybersecurity

Organisations are taking cybercrime more seriously. According to the CSIR report, 89% have a formal cybersecurity incident response plan, and 64% review those plans at least quarterly. Two-thirds of public sector institutions feel very prepared to handle cybersecurity incidents.

Yet, less than half – 41% – are assessing and monitoring cyberthreats on a daily basis. This is a critical issue because the most effective cybersecurity has a low mean time to respond, which is the time between detecting a potential security issue and resuming normal operations.

Visibility is cybersecurity's key challenge. Modern technology systems are complex, especially when they integrate with one another, a situation that became more acute through rapid digitisation during the pandemic years. Security teams have much more to monitor, complicated by a growing flood of alerts and reports generated by those vast technology estates.

"Mean time to respond or MTTR is the best rule of thumb to evaluate an organisation's cybersecurity effectiveness," says Swart. "It represents their monitoring, capacity, user awareness, planning, policies, and technology. It is also a great way to measure security providers. If you or your provider's MTTR is slow and measured in hours or days instead of minutes, you have a challenge."

Modern risk-first frameworks are helping providers radically reduce response times. Frameworks such as Continuous Threat Exposure Management (CTEM), first published in 2022 by Gartner, have enabled leading security providers to build more advanced security systems that address the market's current challenges. They reduce pressure on security professionals, increase support across organisations, establish real-time or near real-time visibility of technology systems, and provide security that aligns properly with the organisation's priorities.

This mature approach to security dovetails with ambitions to fight cybercrime. According to the CSIR report, 95% of public sector organisations have an information security policy for access management, 50% perform automatic patches and updates, and 95% have a data backup and recovery plan.

These are signs that organisations are taking action against cybercrime. With risk-focused strategies and security partners that can guide those efforts, SA will start turning the tide against online criminals.

Share this article:

Further reading: