The Council for Scientific and Industrial Research (CSIR) Information and Cybersecurity Centre, in collaboration with the Cybersecurity Hub under the Department of Communication and Digital Technologies, on October 8 highlighted the findings of four national cybersecurity surveys conducted at the end of the 2023/24 financial year.

These comprehensive surveys delve into areas including cybersecurity preparedness and resilience in the public sector, cybersecurity skills gaps, cybersecurity incidents and the digital identity landscape in South Africa.

National Policy Data Observatory cybersecurity centre technical head and information head Dr Jabu Mtsweni pointed out that cyberattacks had increased considerably over the past decade, globally and in the country.

This necessitated contextual and local data to enable informed decision-making and policy formulation, he emphasised.

The insights gleaned from these showed that organisations or individuals were not immune from cyberattacks and risks, Mtsweni said.

Also, South African organisations were found to be ill-prepared to deal with cybersecurity incidents, he warned. There do, however, seem to be better results in the public sector.

Only 41% of organisations are assessing and monitoring cyberthreats on a daily basis, indicating that majority of organisations are not prepared to deal with cyberthreats.

Two-thirds of organisations surveyed do not prioritise cybersecurity awareness.

Only four in ten organisations see cybersecurity as part of their daily operations.

Notably, there is a global challenge of a cybersecurity skills gap, which has been exacerbated by remote/hybrid work, and this is also a challenge locally, impacted on by regional factors.

ORGANISATIONAL READINESS
Outlining the cyberattack incidents in South Africa survey was senior cybersecurity specialist Homba Ngejane, who said recent findings from IBM showed that South African organisations were facing an increase in cyberthreats and data breaches, with the average cost per breach having increased to R53.10-million from R43-million in 2022/23.

Ngejane reiterated that South African organisations were critically unprepared for cyberattacks.

According to the survey, the top three prevalent attacks in South African organisations are malware, application attacks and insider threats.

There is also a pattern of repeated attacks following an initial successful one.

Root causes of attacks include third parties being connected to an enterprise and phishing, and also hardware-based attacks.

The survey indicated that the higher the impact of the attack, the longer it took to recover.

The CSIR had proffered four key recommendations to mitigate against this, namely, adherence to strict governance and risk management; employees being aware of cybersecurity; disabling USB ports for external storage to avoid insider threat data leaks; and implementation of multifactor authentication, Ngejane said.

PUBLIC-SECTOR READINESS
Junior researcher Thuli Mkhwanazi outlined findings from the cybersecurity preparedness in the public sector survey, which had 301 respondents, and showed that these were somewhat more prepared and proactive, although they were also at high risk of threats.

The survey showed the public sector institutions in the country conduct cybersecurity risk assessments relatively frequently, with 68% doing so at least monthly.

However, a small percentage, at 6%, lack confidence in handling cybersecurity incidents.

While there is a positive trend in employee cybersecurity awareness training, there is potential for improvement, with 7% not training any employees and 32% training about 1% to 25%.

The survey indicated that 47% of respondents have experienced between one and five incidents in the past year, showcasing the prevalence of cyberthreats.

Positively, 89% of institutions have a formal cybersecurity incident response plan.

The most prevalent threats they face are malware and phishing.

Also positive was that 64% review their response plans at least quarterly, showing a proactive approach.

SKILLS GAP
The cybersecurity skills gap survey showed an inherent skills gap in the country.

The survey identified incident response, cloud security, and risk, governance and compliance as the most valued skills. Skills that are required are in AI, threat intelligence, data breach and privacy enforcement.

The survey showed that cybersecurity skills are in higher demand than IT skills, with a greater shortage of these.

The current skills shortage is in cybersecurity education, threat intelligence, and risk and governance.

There is a lack of congruance between the high level of demand and the low level of supply for skills, with many applicants not having the requisite qualifications, the survey showed.

It indicated that 63% of cybersecurity roles are partially or fully unfilled.

There are also challenges in recruitment and retention of skilled workers. In terms of the latter, 35% of professionals cited better offers, lack of training opportunities, and other factors as reasons for leaving their current positions.

While there is investment in cybersecurity resources, not enough of this is being allocated to skills development, CSIR cybersecurity principal researcher Dr Namosha Veerasamy pointed out.

Seventy-seven per cent of respondents said that the need for specialised cybersecurity skills has increased owing to remote work.

They also identified a gender gap, with 82% of the view that cybersecurity positions are male-dominated, and 61% believing that women face challenges in cybersecurity roles owing to gender bias, lack of awareness and discrimination, besides others.

Veerasamy said that the skills gap was widening, and this called for innovative approaches to combat this and the challenges identified. She said that a solution being explored was that of learning factories, which would be an emulated environment that trained individuals to practically apply concepts, tools and cognitive skills to solve real workplace problems.

It would provide the necessary skills training, upskilling, experiential learning, on-the-job training, targeted training, and exposure to critical cybersecurity skills.

DIGITAL IDENTITY
Senior biometrics engineer Samuel Lefopane outlined the digital identity landscape survey, with key findings including that financial institutions (88%) were considered the most important driver of the South African digital identity market.

Over two-thirds of respondents mentioned both encryption and privacy technologies (71%) and biometrics (68%) as drivers, while half reported identity theft being a serious concern that can be addressed by digital identity.

A third of respondents rated data breaches and phishing attacks as the highest security risk to digital identity.

Positively, about three-quarters felt that cybersecurity legislation in the country was addressing data security during the use of digital identity. Also, the majority of respondents were of the view that there were protections in place to limit access to the digital trail of personally identifiable information created using digital identity, by both the private and State sectors.

Respondents were more likely, however, to trust the private sector than the public sector in terms of digital identity credential issues.