Skills gap poses a huge security risk for businesses in South Africa
South African businesses have a shortage of cybersecurity skills, opening them up to criminal elements, says international cybersecurity company Kaspersky.
The group said that 87% of businesses in the country do not have the required skills, and it is up to the owners of these businesses to plug the gap to protect themselves from advanced cyber threats.
A recent survey from Kaspersky showed that 45% of the surveyed South African companies had experienced a cybersecurity incident between 2021 and 2022.
Only 33% had their own internal security operations to manage tech risks.
According to Brandon Muller, technology expert and consultant for the Middle East and Africa region at Kaspersky, dedicated cybersecurity functions in businesses across Africa are not yet common, reflecting a broader concern around having access to the specialist functions to run those initiatives.
Most companies (74%) rely on IT staff to manage their technology; however, these staff members do not have the necessary resources to deal with cyberattacks and protect against them.
75% of businesses said that they would benefit greatly from expanding their cybersecurity team with further protection, said Muller.
Almost a third of the surveyed companies are now turning to third-party security experts for IT assistance as skills become more scarce.
The security firm said that companies must enhance internal initiatives to also drive cybersecurity awareness training among their current employees.
“Even if local businesses do not have specialist skills, to achieve a strong foundation of best practices and grow in-house cybersecurity skills, they must integrate cybersecurity into the company’s strategy and processes – and have this supported by continuous and up-to-date staff training programmes.”
“If all employees are aware of the importance of remaining vigilant and what to look for in potential cyberattacks, the defensive footprint will already get a significant boost,” Muller said.
In early 2022, the South African Banking Risk Information Centre (SABRIC) reported a worrying surge in cybercrime throughout the country.
This has resulted in annual losses of approximately R250 million for South African businesses due to internet fraud and phishing attacks.
The South African Reserve Bank (SARB) has also recognized the increasing use of new technologies as a significant threat to the banking industry in the country.
Businesses are facing a slew of criminal attacks, often targeting unsuspecting and vulnerable employees.
Blackmailing and ransomware attacks have been increasing in frequency as well as instances of criminals infiltrating company emails.
Kaspersky has warned that people’s work email addresses, often used to sign up for third-party websites, could be exposed in data breaches. It said this could lead to cybercriminals targeting the organization and discussing potential attacks on darknet websites.
In 2023, it is predicted that data breaches will become more personal, posing a threat to individuals’ privacy and corporate cybersecurity.
Kaspersky noted the risk of sensitive information being made publicly available and attracting cybercriminal attention.
Read: These cars are being targeted for hijacking in South Africa right now