Fixing SA's cybersecurity: The CSIR's Cybersecurity Resilience Report

October 2024 Information Security

South African organisations are facing persistent threats from online criminals, a situation that the country is very familiar with. A new report from the CSIR's Information and Cybersecurity Centre gives us a more tangible view of the situation, helping guide the market to tackle cybercrime today and into the future.

“Created in collaboration with the Cybersecurity Hub under the Department of Communication and Digital Technologies, the Cybersecurity Resilience of South Africa's Public Sector report focuses on the country's public sector. However, it helps reflect on the state of cybersecurity in the private sector as well,” says Gerhard Swart, Chief Technology Officer at cybersecurity company, Performanta.

"The public sector has unique or amplified challenges that differ from private sector companies, but when you look at various research, the findings here are similar to what many organisations are facing. For example, all sectors have issues with filling cybersecurity roles, and criminals frequently target their data systems. Though the CSIR's report focuses on the public sector, there are valuable insights that every organisation should think about,” says Swart.

A nation under siege

The report surveyed over 1200 individuals and organisations nationwide, gathering information on cybersecurity preparedness, policies, and compliance. It reveals positive and negative trends, demonstrating that while SA is a nation under siege from cybercriminals, it is also responding to the situation.

Starting with the negative trends, the surveys reveal that cybercriminals are not slowing down their attacks:

• 47% of organisations experienced between one and five cybersecurity incidents in the past year.

• 88% report at least one security breach, and 90% of that group have been targeted multiple times.

• 28% of attacks use ransomware. Over half of attacks use malware or phishing tactics, and a third rely on insider threats or social engineering.

Organisations are encountering issues with capacity and training:

• 63% of cybersecurity roles are unfilled or only partially filled.

• 35% of cybersecurity professionals have left for other roles, usually due to better remuneration or support from future employers.

• 68% of employees lack sufficient cybersecurity awareness training.

“These findings are among the most frequent problems faced by cybersecurity efforts. However, while the problems are still familiar, solutions to address them have matured considerably,” says Swart.

"The cybersecurity market has been changing in the past few years to better address issues such as staff shortages, costs, and support for security teams. Risk-first strategies are finally taking the lead. Responsible security providers are now creating security blueprints and strategies based on the business risks of their clients, focusing their protection and security resources where it has the most impact rather than try to cover everything at once. This approach is taking considerable pressure off security teams,” says Swart.

Refocusing cybersecurity

Organisations are taking cybercrime more seriously. According to the CSIR report, 89% have a formal cybersecurity incident response plan, and 64% review those plans at least quarterly. Two-thirds of public sector institutions feel very prepared to handle cybersecurity incidents.

Yet, less than half – 41% – are assessing and monitoring cyberthreats on a daily basis. This is a critical issue because the most effective cybersecurity has a low mean time to respond, which is the time between detecting a potential security issue and resuming normal operations.

Visibility is cybersecurity's key challenge. Modern technology systems are complex, especially when they integrate with one another, a situation that became more acute through rapid digitisation during the pandemic years. Security teams have much more to monitor, complicated by a growing flood of alerts and reports generated by those vast technology estates.

"Mean time to respond or MTTR is the best rule of thumb to evaluate an organisation's cybersecurity effectiveness," says Swart. "It represents their monitoring, capacity, user awareness, planning, policies, and technology. It is also a great way to measure security providers. If you or your provider's MTTR is slow and measured in hours or days instead of minutes, you have a challenge."

Modern risk-first frameworks are helping providers radically reduce response times. Frameworks such as Continuous Threat Exposure Management (CTEM), first published in 2022 by Gartner, have enabled leading security providers to build more advanced security systems that address the market's current challenges. They reduce pressure on security professionals, increase support across organisations, establish real-time or near real-time visibility of technology systems, and provide security that aligns properly with the organisation's priorities.

This mature approach to security dovetails with ambitions to fight cybercrime. According to the CSIR report, 95% of public sector organisations have an information security policy for access management, 50% perform automatic patches and updates, and 95% have a data backup and recovery plan.

These are signs that organisations are taking action against cybercrime. With risk-focused strategies and security partners that can guide those efforts, SA will start turning the tide against online criminals.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.