Fixing SA's cybersecurity: The CSIR's Cybersecurity Resilience Report

October 2024 Information Security

South African organisations are facing persistent threats from online criminals, a situation that the country is very familiar with. A new report from the CSIR's Information and Cybersecurity Centre gives us a more tangible view of the situation, helping guide the market to tackle cybercrime today and into the future.

“Created in collaboration with the Cybersecurity Hub under the Department of Communication and Digital Technologies, the Cybersecurity Resilience of South Africa's Public Sector report focuses on the country's public sector. However, it helps reflect on the state of cybersecurity in the private sector as well,” says Gerhard Swart, Chief Technology Officer at cybersecurity company, Performanta.

"The public sector has unique or amplified challenges that differ from private sector companies, but when you look at various research, the findings here are similar to what many organisations are facing. For example, all sectors have issues with filling cybersecurity roles, and criminals frequently target their data systems. Though the CSIR's report focuses on the public sector, there are valuable insights that every organisation should think about,” says Swart.

A nation under siege

The report surveyed over 1200 individuals and organisations nationwide, gathering information on cybersecurity preparedness, policies, and compliance. It reveals positive and negative trends, demonstrating that while SA is a nation under siege from cybercriminals, it is also responding to the situation.

Starting with the negative trends, the surveys reveal that cybercriminals are not slowing down their attacks:

• 47% of organisations experienced between one and five cybersecurity incidents in the past year.

• 88% report at least one security breach, and 90% of that group have been targeted multiple times.

• 28% of attacks use ransomware. Over half of attacks use malware or phishing tactics, and a third rely on insider threats or social engineering.

Organisations are encountering issues with capacity and training:

• 63% of cybersecurity roles are unfilled or only partially filled.

• 35% of cybersecurity professionals have left for other roles, usually due to better remuneration or support from future employers.

• 68% of employees lack sufficient cybersecurity awareness training.

“These findings are among the most frequent problems faced by cybersecurity efforts. However, while the problems are still familiar, solutions to address them have matured considerably,” says Swart.

"The cybersecurity market has been changing in the past few years to better address issues such as staff shortages, costs, and support for security teams. Risk-first strategies are finally taking the lead. Responsible security providers are now creating security blueprints and strategies based on the business risks of their clients, focusing their protection and security resources where it has the most impact rather than try to cover everything at once. This approach is taking considerable pressure off security teams,” says Swart.

Refocusing cybersecurity

Organisations are taking cybercrime more seriously. According to the CSIR report, 89% have a formal cybersecurity incident response plan, and 64% review those plans at least quarterly. Two-thirds of public sector institutions feel very prepared to handle cybersecurity incidents.

Yet, less than half – 41% – are assessing and monitoring cyberthreats on a daily basis. This is a critical issue because the most effective cybersecurity has a low mean time to respond, which is the time between detecting a potential security issue and resuming normal operations.

Visibility is cybersecurity's key challenge. Modern technology systems are complex, especially when they integrate with one another, a situation that became more acute through rapid digitisation during the pandemic years. Security teams have much more to monitor, complicated by a growing flood of alerts and reports generated by those vast technology estates.

"Mean time to respond or MTTR is the best rule of thumb to evaluate an organisation's cybersecurity effectiveness," says Swart. "It represents their monitoring, capacity, user awareness, planning, policies, and technology. It is also a great way to measure security providers. If you or your provider's MTTR is slow and measured in hours or days instead of minutes, you have a challenge."

Modern risk-first frameworks are helping providers radically reduce response times. Frameworks such as Continuous Threat Exposure Management (CTEM), first published in 2022 by Gartner, have enabled leading security providers to build more advanced security systems that address the market's current challenges. They reduce pressure on security professionals, increase support across organisations, establish real-time or near real-time visibility of technology systems, and provide security that aligns properly with the organisation's priorities.

This mature approach to security dovetails with ambitions to fight cybercrime. According to the CSIR report, 95% of public sector organisations have an information security policy for access management, 50% perform automatic patches and updates, and 95% have a data backup and recovery plan.

These are signs that organisations are taking action against cybercrime. With risk-focused strategies and security partners that can guide those efforts, SA will start turning the tide against online criminals.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
Addressing today’s mining challenges: cyber risks beyond IT
Editor's Choice Information Security Mining (Industry)
Despite the mining industry’s operational technology systems being vulnerable to cyberattacks, many decision-makers still see these threats as purely an IT issue, even though a breach could potentially disrupt mining operations.

Read more...
Get proactive with cybersecurity
Information Security
The ability to respond effectively to a cybersecurity breach is critical, but the missing piece of the puzzle is a thorough, proactive evaluation to ascertain weaknesses and identify any hidden threats.

Read more...
How to effectively share household devices
Smart Home Automation Information Security
Sharing electronic devices within a household is unavoidable. South African teens spend over eight hours per day online, making device sharing among family members commonplace. Fortunately, there are methods to guarantee safe usage for everyone.

Read more...
How to securely manage your digital footprint
Information Security Training & Education
Managing your online presence is critical to safeguarding your privacy and security. It is imperative to take a proactive approach, including using robust cybersecurity best practices.

Read more...
The state of code security in 2024
Information Security
The 2024 State of Code Security survey reveals that organisations have continued to shore up application security defences over the last year, according to OpenText Premier Partner iOCO Application Management.

Read more...
What is the level of safety and integrity of the software supply chain?
Information Security IoT & Automation
Organisations are embracing AppSec practices and focusing on their software security posture. However, they highlight that insufficient funding and security resources, plus a disconnect between developers and security teams, remain major roadblocks.

Read more...
Cybercriminals target financial service providers to get at sensitive client data
Information Security
According to Ryan van de Coolwijk, Product Head for cyber at iTOO Special Risks, hackers target financial service providers because they hold sensitive client information that unauthorised individuals could use for fraudulent activities.

Read more...
Fortinet establishes new point-of-presence in South Africa
News & Events Information Security
Fortinet has announced the launch of a new dedicated point-of-presence (POP) in Isando, Johannesburg, to expand the reach and availability of Fortinet Unified SASE for customers across South Africa and southern African countries.

Read more...