As the COVID-19 pandemic continues to accelerate digital transformation in organisations globally, recent research by PwC has highlighted that CEOs are concerned about the impact growing cyber threats and the spread of misinformation can have on their businesses.
In fact, the PwC 24th Annual Global CEO Survey identifies cyber as the second highest concern – following the pandemic – among CEOs globally and notes that cyber is an extreme concern for 49% of CEOs in South Africa. As a result, cybersecurity frameworks must become important components of organisational risk management practices to mitigate against the cyber concern, stresses Kaspersky.
“It is not surprising that cyber has been identified as an extreme concern among South African CEOs, especially taking into account that countries like South Africa, Kenya and Nigeria saw 28 million malware attacks combined, by August last year, and that South Africa is ranked 3rd on the list of countries with the highest number of users encountering targeted ransomware, according to our research,” says Bethwel Opil, Enterprise Sales Manager at Kaspersky in Africa.
“We believe that this only emphasises that African countries are not immune to cyber risks and are in fact susceptible to them, as we hear about more organisations becoming targets of cybercriminal antics,” he adds.
Inevitably, the push towards digital transformation has seen the cyber threat landscape evolve at a rapid rate. Today, the result of a cybersecurity incident can have devasting effects on an organisation, especially when it comes to financial loss and reputational damage. Over and above this, as the Protection of Personal Information (POPI) Act will be fully enforced from 01 July 2021, data protection is another concern that must also be considered.
“Considering how quickly cyber threats have evolved and grown over the last year – think of the growth of ransomware attacks as just one example – another real concern when it comes to cyber that should be a priority for CEOs is data protection, looking at how data is being accessed in the business and how to secure it effectively. And with the POPI Act coming into effect in a few weeks, ensuring that the right IT security infrastructure and frameworks are in place is critical.” Says Charl Ueckermann at AVeS Cyber Security.
A growing threat landscape requires a solid defense
“More sophisticated hacking techniques and a growing desire amongst cybercriminals to harvest information for their own benefit are a reality putting business leaders across sectors under even more pressure. However, detecting and responding to sophisticated attacks requires specific expertise, and internal training or hiring additional experts, which in many cases may not always fit into the cybersecurity budget of a business. The reality is that a lack of resources can lead to untimely responses to incidents and, as a result, increase the losses of the organisation,” adds Opil.
This is where an optimum cybersecurity framework can enhance defensive measures against new, unknown, and evasive threats that are constantly evolving. It is especially beneficial to those smaller companies with limited cybersecurity resources to build incident response. Such a framework provides advanced detection mechanisms with machine learning-based algorithms and a sandbox, as well as enhanced threat visibility, root cause analysis capabilities, and a variety of response actions.
“Adopting such a framework and putting the associated technologies and process in place can help CEOs to implement strategies that minimise the potential risk and cost of a cyberattack. By now, most organisations should have basic cybersecurity solutions in place. The framework takes what has been done and enhances it with an additional layer of protection that better reflects changing attack vectors in a digitally-driven business environment, supporting a business to ensure that it is prepared for the growing sophistication of cyberthreats that we are seeing unfold,” says Opil.
“Cyber threats are becoming increasingly complex and malicious. CEOs must equip their companies with an array of countermeasures to deflect impending attacks while also ensuring that employees, regardless of where they are working from, are protected,” concludes Ueckermann.