Fixing SA's cybersecurity: The CSIR's Cybersecurity Resilience Report

October 2024 Information Security

South African organisations are facing persistent threats from online criminals, a situation that the country is very familiar with. A new report from the CSIR's Information and Cybersecurity Centre gives us a more tangible view of the situation, helping guide the market to tackle cybercrime today and into the future.

“Created in collaboration with the Cybersecurity Hub under the Department of Communication and Digital Technologies, the Cybersecurity Resilience of South Africa's Public Sector report focuses on the country's public sector. However, it helps reflect on the state of cybersecurity in the private sector as well,” says Gerhard Swart, Chief Technology Officer at cybersecurity company, Performanta.

"The public sector has unique or amplified challenges that differ from private sector companies, but when you look at various research, the findings here are similar to what many organisations are facing. For example, all sectors have issues with filling cybersecurity roles, and criminals frequently target their data systems. Though the CSIR's report focuses on the public sector, there are valuable insights that every organisation should think about,” says Swart.

A nation under siege

The report surveyed over 1200 individuals and organisations nationwide, gathering information on cybersecurity preparedness, policies, and compliance. It reveals positive and negative trends, demonstrating that while SA is a nation under siege from cybercriminals, it is also responding to the situation.

Starting with the negative trends, the surveys reveal that cybercriminals are not slowing down their attacks:

• 47% of organisations experienced between one and five cybersecurity incidents in the past year.

• 88% report at least one security breach, and 90% of that group have been targeted multiple times.

• 28% of attacks use ransomware. Over half of attacks use malware or phishing tactics, and a third rely on insider threats or social engineering.

Organisations are encountering issues with capacity and training:

• 63% of cybersecurity roles are unfilled or only partially filled.

• 35% of cybersecurity professionals have left for other roles, usually due to better remuneration or support from future employers.

• 68% of employees lack sufficient cybersecurity awareness training.

“These findings are among the most frequent problems faced by cybersecurity efforts. However, while the problems are still familiar, solutions to address them have matured considerably,” says Swart.

"The cybersecurity market has been changing in the past few years to better address issues such as staff shortages, costs, and support for security teams. Risk-first strategies are finally taking the lead. Responsible security providers are now creating security blueprints and strategies based on the business risks of their clients, focusing their protection and security resources where it has the most impact rather than try to cover everything at once. This approach is taking considerable pressure off security teams,” says Swart.

Refocusing cybersecurity

Organisations are taking cybercrime more seriously. According to the CSIR report, 89% have a formal cybersecurity incident response plan, and 64% review those plans at least quarterly. Two-thirds of public sector institutions feel very prepared to handle cybersecurity incidents.

Yet, less than half – 41% – are assessing and monitoring cyberthreats on a daily basis. This is a critical issue because the most effective cybersecurity has a low mean time to respond, which is the time between detecting a potential security issue and resuming normal operations.

Visibility is cybersecurity's key challenge. Modern technology systems are complex, especially when they integrate with one another, a situation that became more acute through rapid digitisation during the pandemic years. Security teams have much more to monitor, complicated by a growing flood of alerts and reports generated by those vast technology estates.

"Mean time to respond or MTTR is the best rule of thumb to evaluate an organisation's cybersecurity effectiveness," says Swart. "It represents their monitoring, capacity, user awareness, planning, policies, and technology. It is also a great way to measure security providers. If you or your provider's MTTR is slow and measured in hours or days instead of minutes, you have a challenge."

Modern risk-first frameworks are helping providers radically reduce response times. Frameworks such as Continuous Threat Exposure Management (CTEM), first published in 2022 by Gartner, have enabled leading security providers to build more advanced security systems that address the market's current challenges. They reduce pressure on security professionals, increase support across organisations, establish real-time or near real-time visibility of technology systems, and provide security that aligns properly with the organisation's priorities.

This mature approach to security dovetails with ambitions to fight cybercrime. According to the CSIR report, 95% of public sector organisations have an information security policy for access management, 50% perform automatic patches and updates, and 95% have a data backup and recovery plan.

These are signs that organisations are taking action against cybercrime. With risk-focused strategies and security partners that can guide those efforts, SA will start turning the tide against online criminals.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Continuous security optimisation.
News & Events Information Security
Cymulate has announced its partnership with SentinelOne, a threat exposure validation and AI-powered cybersecurity platform. The collaboration delivers self-healing endpoint security that empowers businesses to increase protection for every endpoint on their network.

Read more...
Protect your smart home devices
Kaspersky IoT & Automation Information Security Smart Home Automation
Voice assistants, kitchen robots, smart lights and many other intelligent devices have become part of our everyday life. However, with the rise of smart technology comes the need for robust protection against potential vulnerabilities.

Read more...
ISPA’s take-down process protects from local scams
News & Events Information Security
During the recent school holidays, parents could rest a little easier knowing that ISPA, SA’s official internet industry representative body, is removing an average of three to four problematic websites from the local internet every week.

Read more...
NEC XON disrupts sophisticated cyberattack
Information Security
NEC XON recently showcased its advanced cyberthreat detection and response capabilities by successfully thwarting a human-operated ransomware attack targeting a major service provider.

Read more...
What’s your cyber game plan?
Information Security
“Medium-sized businesses are often the easiest target for cyber criminals, because they are just digital enough to be vulnerable, but not mature enough to be fully protected," says Warren Bonheim, MD of Zinia.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.