SA’s cybersecurity crisis: New research shows lack of local skills to combat threat-laden landscape

A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, hackers staged a cyber assault with a self-spreading malware that has infected tens of thousands of computers in nearly 100 countries. REUTERS/Kacper Pempel/Illustration

A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, hackers staged a cyber assault with a self-spreading malware that has infected tens of thousands of computers in nearly 100 countries. REUTERS/Kacper Pempel/Illustration

Published Sep 28, 2024

Share

South African organisations are at risk. As cyber threats escalate in frequency and sophistication, new research reveals an alarmingly high rate of security incidents over the past year, with experts pointing to a lack of awareness and qualified professionals as key contributing factors.

According to the South African data, only 4% of surveyed organisations reported no cyber-attacks in the last 12 months. A staggering 50% suffered up to four attacks, while 10% experienced nine or more. The financial impact of these breaches has been severe, with 39% of South African respondents reporting losses exceeding $1 million (R17m), and at least one organisation suffering a loss of over $6m.

Julie Noizeux, channel manager at Fortinet South Africa, said the high incidence of attacks was cause for concern:

“Clearly South Africa is a prime target for attacks, yet globally we are lagging in terms of cybersecurity investments.”

Research reveals a complex skills scenario. Some 60% of South African respondents believed attacks were due to a lack of in-house cybersecurity skills or trained IT security staff, while 58% attributed attacks to a lack of cybersecurity awareness. Paradoxically, only 36% indicated struggles with recruiting cybersecurity talent, and a mere 28% reported challenges with retention.

According to Noizeux, cybersecurity skills are in short supply globally. In South Africa, companies face the added challenge of the brain-drain of skilled professionals seeking better opportunities abroad.

“I work with organisations that continuously struggle to find talent,” Noizeux said. However, some are getting creative, countering the skills gap using partners and advanced technology. At the same time, they’re working hard to keep their top talent happy with attractive pay and perks.

“One way to secure the organisation with limited in-house skills is to leverage channel partners and companies they can outsource cybersecurity services to. We see growth in the number of organisations using Managed Security Service Providers who offer the full security stack and management of the environment,” Noizeux said.

Advanced technologies offer another avenue for organisations grappling with skills shortages. Noizeux advocates for a unified cybersecurity approach:

“By leveraging a unified cybersecurity fabric or platform that connects with multiple products, organisations can achieve a unified view of the entire environment, achieving consistent policies, management and control.”

This approach can streamline operations by reducing the number of different technologies staff need to master, potentially allowing for more efficient use of human resources.

“Machine learning and AI are increasingly taking on complex cybersecurity tasks. These technologies can automate threat detection and response, which helps reduce the burden on staff for routine, manual processes,” Noizeux added.

Upskilling existing staff is a key strategy to address the skills shortage, said Noizeux.

“At Fortinet, we practise what we preach,” she said. “We hire candidates who meet most of our criteria, then create personalised development plans to help them gain the necessary certifications and qualifications.”

Fortinet is also tackling the skills gap on a broader scale. The company offers free cybersecurity training and has set an ambitious goal to train one million people in cybersecurity skills by 2026. “We’re already halfway there,” Noizeux said. Candidates only pay for certification exams if they wish to complete these.

Addressing broader staff cybersecurity awareness gaps is crucial for reducing risk. “It should be mandatory for staff to do cybersecurity awareness training as a continuous repeated exercise because the threats are changing continually,” she said.

Looking to the future, Noizeux believes cybersecurity education should start early. “The sooner we educate kids, the more valuable it will be for them in their personal and professional lives in the future,” she said.

Fortinet is taking steps in this direction, with its local Academic Partner Programme which works with higher education institutions and schools around the world to help learners become part of an elite group of skilled cybersecurity professionals. It also has initiatives such as a local women’s employee resource group for cybersecurity in South Africa, aimed at raising awareness and inspiring girls to consider careers in the field.

As South Africa continues to face cybersecurity challenges, a multi-faceted approach combining skills development, outsourcing, advanced technologies, and early education may be key to bridging the cybersecurity skills gap and strengthening the nation’s digital defences.