By: Mayuran Pillay, Bryte Chief Risk Officer
As we spend more of our time in an online world, having a sound security strategy has never been more critical.
In a post-Covid world, the increasingly important role that technology plays in human life has raised the urgency to build the cybersecurity infrastructure required to provide safety for digital activities for businesses. As technology continues to adapt and evolve, businesses have become significantly more vulnerable, and cybersecurity considerations are not finding their way into digital strategies. Bringing the point home, Swiss Re, a reinsurer, has estimated that a major global cyber incident has the potential to destabilise global commerce to similar levels of COVID-19.
While the problem is global, lack of investment in cybersecurity and an underdeveloped legal framework have led to a particularly high vulnerability for South African businesses. According to a recent report by Accenture, pre-COVID-19 South Africa had the third-highest number of cybercrime victims last year. The report also indicates a rapid increase in mobile fraud banking applications which had doubled in a year, contributing to losses amounting to R2.2 billion due to sophisticated cyberattacks in the country.
The business environment has been in an influx over the past few months, as businesses were adjusting to the lockdown and its regulations, while shifting into a new era of digital transformation as working from home and hybrid (office and home) working solutions proliferate.
An increase in online interactions has resulted in three major concerns that have each contributed to the heightening of cybersecurity risk for customers and businesses. The first concern is that South African IT security teams are often overwhelmed and under-resourced, making it increasingly difficult to detect and defend against sophisticated and coordinated cyberattacks. Secondly, many end-users remain unaware of how to identify and stop incoming threats which only adds fuel to the fire by exposing companies to ransomware and phishing attacks. In fact, a recent trend found that cyber criminals are increasingly targeting people, not systems. Research from Kroll, a risk consultancy, has revealed that over 90% of confirmed security incidents are caused by the actions of an employee who had been tricked by a cyber-criminal. Lastly, many end-points and core applications systems continue to use outdated firmware and software, making them even more vulnerable to attacks.
Businesses that store large amounts of customer sensitive data, like insurers, are particularly vulnerable to online threats, meaning that they should be leading the way with investments into cybersecurity. After a few high-profile cyberattacks, one on a major insurer a few months ago and another on a consumer credit reporting company, it is evident that cybersecurity investment needs to become a priority for businesses in South Africa. Companies must prepare for future attacks and security challenges with expert analysis, predictive threat intelligence and advanced detection solutions. Limiting the potential for cyber criminals to access customer data should be high on the priority list for information-based organisations such as professional services firms, banks, financial institutions, insurance companies, telecoms, and even municipalities and power utilities. Companies need to move away from budgeting on how much they can afford to spend, but rather concentrate on the prioritisation of cyber risk and accordingly invest.
The International Data Corporation predicts that the biggest spend will be on managed security *2* services for monitoring and management of security operations centres (SOC).
These SOC’s will all be built with standard security orchestration and automation (SOAR) toolsets and processes, enhancing both artificial intelligence (AI) and machine learning (ML). The next largest spend category is network security, concentrating primarily on threat management and intelligence which includes unified threat management, firewalls and intrusion detection and prevention technologies. Other investments include integration services and next generation endpoint security software.
Security is taking on a new shape and is being integrated into new business initiatives and used as a competitive advantage. No one wants to be breached and once consumers are affected, they will fear taking their business to companies that they don’t trust. As more of the world moves online and new technologies permeate, cybercrime will inevitably intensify. This means that there will be more attacks and businesses need to understand that they will be targeted.
The best way for businesses to buckle up their cybersecurity belts is by ensuring that they have a sound and up to date security strategy and have made adequate investments into their online safety.