Almost half of South African companies needed overhaul after cybersecurity incidents
Cybersecurity company Trellix's 'Mind of the CISO 2023' report found that nearly half of South African organisations found it necessary to completely overhaul the skills and qualifications of their cybersecurity teams and make significant process and technology improvements following major cybersecurity incidents in 2023.
The report surveyed 500 security executives from 13 countries around the world, including South Africa. South African respondents represented organisations with staff sizes ranging from 1 000 to 10 000 employees, mainly in healthcare, energy, manufacturing, financial services and the public sector, the Trellix Advanced Research Centre said.
Most respondents said cybersecurity incidents involved phishing at 40%, ransomware at 36%, business email compromise at 32%, credential stealing at 28% and distributed denial of service (DDoS) attacks.
Respondents also shared that 28% of attacks were State-sponsored, which are hacking syndicates backed by hostile States, while 24% of threat actors were insiders.
Further, the leading cause of major cybersecurity incidents was password misuse at 56%, followed by insider threats at 44%, supply chain breaches at 40%, non-detection by existing technology at 40%, missed vulnerabilities at 36%, and various forms of malware.
“The persistence of threat actors from around the world, and Africa’s rapid economic growth and industrialisation is placing incredible pressure on large organisations and their cybersecurity teams,” said Trellix South Africa country lead Carlo Bolzonello.
“South Africa, as a leading technological, political and economic nation, is especially targeted. Organisations of all sizes need to start adopting a more comprehensive approach to cybersecurity, driven by smart tools, shared data, and close collaboration with internal and external stakeholders,” he noted.
South Africa is the most targeted African State, accounting for 42% of all detected ransomware attacks and more than half of business email compromise attacks on the continent.
INCIDENT IMPACTS
In 56% of cases, these incidents mainly led to a loss of customers, in 48% led to significant stress to security operations teams and business downtime in 44% of cases.
In 28% of incidents, companies suffered reputational damage, damages due to third parties, regulatory penalties and higher insurance premiums, and only 60% of respondents were fully covered by their cybersecurity insurance.
In cases of ransomware, 78% of South African companies paid a ransom of between $5-million, or R93.7-million, and $10-million, or R187-million.
“Following major incidents, 44% of South African organisations had to completely overhaul the skills and qualifications of cybersecurity teams, compared to 34% globally.
In South Africa, 36% of organisations made significant improvements following a cybersecurity incident, similar to 35% globally. Also, in line with the total global pool, 32% of local companies overhauled their processes, while 40% overhauled technology, compared to 35% globally.
”After a breach, 48% implemented new frameworks and standards, and 52% increased their budgets for additional technologies and tools, which they said significantly enhanced resilience following an incident,” the report showed.
Meanwhile, 48% of cybersecurity operators said they received significantly more support from their boards following incidents, but 52% received only a little bit more support and cited a lack of skills and security operations centre analysts, threat hunters or incident responders as major setbacks.
A vast majority, at 76%, of respondents stated that technology vendors were vital in not only providing the best tools, but also a deep understanding of the threat landscape and intelligence at 76%. They also expect detailed debriefs of incidents, as well as steps for remediation or avoidance of similar incidents in the future from vendors, at 72%.
Only 20% of organisations switched vendors, while 12% stated plans to switch. Around 68% decided to stick with their existing vendor, with 71% saying the cost and effort of transitioning were too great.
In terms of the technologies used prior to and then after an incident, 52% of respondents used extended detection and response (XDR) before, and 36% adopted it after the incident.
Of the respondents, 64% used Endpoint Detection and Response (EDR) before an incident and 24% adopted it afterwards, and 44% of companies used Security Information and Event Management (SIEM) before, with 36% adopting it post-incident.
Similarly, 40% of respondents used network detection and response (NDR) prior to an incident, and 44% adopted it after, while 44% used managed detection and response (MDR) before an incident, with 48% adopting it post-incident.
Additionally, 28% of companies used data loss protection (DLP) prior to, and 48% then adopted it after the incident, while 44% used threat intelligence platform (TIP) before, and 40% adopted it post-incident.
In terms of security orchestration and automation platform (SOAR), 48% of respondents used it prior to an incident and 32% adopted it afterwards, while 60% used email security before an incident, and 24% then adopted it after an incident.
“In more than half of all cases, a switch to XDR solutions led to faster and more efficient threat detection, and many professionals admitted that major incidents could have been prevented. However, most of the time technology was simply not configured correctly and, detection policies were not enabled,” highlighted Bolzonello.
“This is why it is so important that, as threat actors collaborate with each other, large organisations need to adopt a holistic security strategy that involves close consultation with technology vendors, foreign partner nations and global law enforcement to rapidly and effectively erode the power of threat groups,” he advised.
Comments
Press Office
Announcements
What's On
Subscribe to improve your user experience...
Option 1 (equivalent of R125 a month):
Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format
Option 2 (equivalent of R375 a month):
All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors
including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.
Already a subscriber?
Forgotten your password?
Receive weekly copy of Creamer Media's Engineering News & Mining Weekly magazine (print copy for those in South Africa and e-magazine for those outside of South Africa)
➕
Recieve daily email newsletters
➕
Access to full search results
➕
Access archive of magazine back copies
➕
Access to Projects in Progress
➕
Access to ONE Research Report of your choice in PDF format
RESEARCH CHANNEL AFRICA
R4500 (equivalent of R375 a month)
SUBSCRIBEAll benefits from Option 1
➕
Access to Creamer Media's Research Channel Africa for ALL Research Reports on various industrial and mining sectors, in PDF format, including on:
Electricity
➕
Water
➕
Energy Transition
➕
Hydrogen
➕
Roads, Rail and Ports
➕
Coal
➕
Gold
➕
Platinum
➕
Battery Metals
➕
etc.
Receive all benefits from Option 1 or Option 2 delivered to numerous people at your company
➕
Multiple User names and Passwords for simultaneous log-ins
➕
Intranet integration access to all in your organisation