Fixing SA's cybersecurity: The CSIR's Cybersecurity Resilience Report

October 2024 Information Security

South African organisations are facing persistent threats from online criminals, a situation that the country is very familiar with. A new report from the CSIR's Information and Cybersecurity Centre gives us a more tangible view of the situation, helping guide the market to tackle cybercrime today and into the future.

“Created in collaboration with the Cybersecurity Hub under the Department of Communication and Digital Technologies, the Cybersecurity Resilience of South Africa's Public Sector report focuses on the country's public sector. However, it helps reflect on the state of cybersecurity in the private sector as well,” says Gerhard Swart, Chief Technology Officer at cybersecurity company, Performanta.

"The public sector has unique or amplified challenges that differ from private sector companies, but when you look at various research, the findings here are similar to what many organisations are facing. For example, all sectors have issues with filling cybersecurity roles, and criminals frequently target their data systems. Though the CSIR's report focuses on the public sector, there are valuable insights that every organisation should think about,” says Swart.

A nation under siege

The report surveyed over 1200 individuals and organisations nationwide, gathering information on cybersecurity preparedness, policies, and compliance. It reveals positive and negative trends, demonstrating that while SA is a nation under siege from cybercriminals, it is also responding to the situation.

Starting with the negative trends, the surveys reveal that cybercriminals are not slowing down their attacks:

• 47% of organisations experienced between one and five cybersecurity incidents in the past year.

• 88% report at least one security breach, and 90% of that group have been targeted multiple times.

• 28% of attacks use ransomware. Over half of attacks use malware or phishing tactics, and a third rely on insider threats or social engineering.

Organisations are encountering issues with capacity and training:

• 63% of cybersecurity roles are unfilled or only partially filled.

• 35% of cybersecurity professionals have left for other roles, usually due to better remuneration or support from future employers.

• 68% of employees lack sufficient cybersecurity awareness training.

“These findings are among the most frequent problems faced by cybersecurity efforts. However, while the problems are still familiar, solutions to address them have matured considerably,” says Swart.

"The cybersecurity market has been changing in the past few years to better address issues such as staff shortages, costs, and support for security teams. Risk-first strategies are finally taking the lead. Responsible security providers are now creating security blueprints and strategies based on the business risks of their clients, focusing their protection and security resources where it has the most impact rather than try to cover everything at once. This approach is taking considerable pressure off security teams,” says Swart.

Refocusing cybersecurity

Organisations are taking cybercrime more seriously. According to the CSIR report, 89% have a formal cybersecurity incident response plan, and 64% review those plans at least quarterly. Two-thirds of public sector institutions feel very prepared to handle cybersecurity incidents.

Yet, less than half – 41% – are assessing and monitoring cyberthreats on a daily basis. This is a critical issue because the most effective cybersecurity has a low mean time to respond, which is the time between detecting a potential security issue and resuming normal operations.

Visibility is cybersecurity's key challenge. Modern technology systems are complex, especially when they integrate with one another, a situation that became more acute through rapid digitisation during the pandemic years. Security teams have much more to monitor, complicated by a growing flood of alerts and reports generated by those vast technology estates.

"Mean time to respond or MTTR is the best rule of thumb to evaluate an organisation's cybersecurity effectiveness," says Swart. "It represents their monitoring, capacity, user awareness, planning, policies, and technology. It is also a great way to measure security providers. If you or your provider's MTTR is slow and measured in hours or days instead of minutes, you have a challenge."

Modern risk-first frameworks are helping providers radically reduce response times. Frameworks such as Continuous Threat Exposure Management (CTEM), first published in 2022 by Gartner, have enabled leading security providers to build more advanced security systems that address the market's current challenges. They reduce pressure on security professionals, increase support across organisations, establish real-time or near real-time visibility of technology systems, and provide security that aligns properly with the organisation's priorities.

This mature approach to security dovetails with ambitions to fight cybercrime. According to the CSIR report, 95% of public sector organisations have an information security policy for access management, 50% perform automatic patches and updates, and 95% have a data backup and recovery plan.

These are signs that organisations are taking action against cybercrime. With risk-focused strategies and security partners that can guide those efforts, SA will start turning the tide against online criminals.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
From QR code to compromise
Information Security News & Events
A new attack vector involves threat actors using fraudulent QR codes emailed in PDF attachments to bypass companies' phishing security measures by requiring users to scan the code with their mobile phones.

Read more...
Organisations fear AI-driven cyberattacks, but lack key defences
Kaspersky Information Security News & Events Training & Education
A recent Kaspersky study reveals that businesses are increasingly worried about the growing use of artificial intelligence in cyberattacks, with 56% of surveyed companies in South Africa reporting a rise in cyber incidents over the past year.

Read more...
Vodacom Business unveils new cybersecurity report
Information Security IoT & Automation
Cybersecurity as an Imperative for Growth offers insights into the state of cybersecurity in South Africa, the importance of security frameworks in digital resilience and the latest attack methods adopted by cyberattackers.

Read more...
Smart surveillance and cyber resilience
Axis Communications SA Surveillance Information Security Government and Parastatal (Industry) Facilities & Building Management
South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Read more...
NIS2 compliance amplifies skills shortages and resource strain
Information Security Security Services & Risk Management
A new Censuswide survey, commissioned by Veeam Software reveals the significant impact on businesses as they adapt to this key cybersecurity directive, with 95% of EMEA businesses siphoning other budgets to try and meet compliance deadline.

Read more...
Know who’s spying on you
Kaspersky Information Security Products & Solutions
According to the latest State of Stalkerware report, 40% of the people surveyed worldwide stated they have experienced stalking or suspect they are being spied on. A solution for Android is now available.

Read more...
Cybersecurity needs 4,7 million professionals
Information Security
Despite all the efforts organisations worldwide put into preventing cyberattacks, global cybercrime has snowballed to $9,2 trillion in 2024 and is expected to grow by another 70% to $15,6 trillion by the end of a decade.

Read more...
Autonomous healing systems are the future
Infrastructure Information Security AI & Data Analytics
Autonomous healing software, an emerging technology, is gaining traction for its potential to transform how organisations manage software maintenance, security, and system performance.

Read more...
Understanding South Africa’s Cybercrimes Act
Information Security Security Services & Risk Management
The Cybercrimes Act No.19 of 2020 is a comprehensive legislative response to the evolving landscape of cyberthreats in South Africa. Its effectiveness, however, relies on enforcement, which relies on implementation, international cooperation, and collaboration between the public and private sectors.

Read more...