South Africa’s cyber security professionals have largely kept pace with changing IT environments and evolving cyber risks over the past 20 years. However, an ongoing skills shortage and a fragmented legal and regulatory framework still challenge efforts to mitigate risk.
This is according to panellists speaking during the 20th edition of the ITWeb Security Summit in Sandton this week, where they reflected on cyber security progress in South Africa over the past 20 years.
Craig Rosewarne, MD of Wolfpack Information Risk, noted that many of the presentations on the agenda at the first ITWeb Security Summit in 2006 remain topical issues today.
High-level skills shortages
Charl van der Walt, head of security research at Orange Cyberdefense, said: “In terms of people and skills, the sector has transformed. We have excellent skills and strong diversity. But where we are behind other regions is that we need to start seeing the cyber security problem as an ‘all of society problem’ rather than just thinking about cyber security’s impact on the bottom line.”
Sanet Butler, group manager: cyber risk and control at Vodacom, echoed this sentiment, saying: “In South Africa and the rest of Africa, we have some of the best talent, and we need to recognise that. The depth is there, but we are missing the breadth – we still don’t have enough people.”
Regulatory and policy lags
Butler also noted that South Africa had adopted cyber regulations like POPIA later than it should have, and said that organisations like SABRIC tend to operate in isolation and not share information.
Dr Namosha Veerasamy, principal researcher at the CSIR, said research into the South African cyber security landscape had found a fragmented legal and governance environment, with gaps in awareness and culture, technical capacity and capability, and collaboration and coordination – all of which stood in the way of cyber security becoming a national priority. She said the research was informing a roadmap for improving South Africa’s cyber security capabilities.
Cyber wish list
On the question of what they would do if they were tasked with national cyber security, panellists said they would like to see more collaboration and information sharing between organisations and industry bodies, better metrics and scorecards for organisations, and improved skills development with early cyber security awareness training for all South Africans.
Van der Walt suggested a compulsory cyber security service or reserve force of cyber security skills, which could be deployed to assist SMEs, schools and NGOs that cannot afford cyber security.
Share