ITWeb, in partnership with Arctic Wolf, recently conducted an online survey to investigate the South African cyber security market.
The objective was to gain insight into where local businesses are on their security transformation journey and what their biggest challenges – and concerns – are.
Nearly three-quarters (74%) of the survey’s respondents said their cyber security budget for 2023 would increase, while 22% said it would stay the same. Jason Oehley, regional sales manager for South Africa at Arctic Wolf, says he’s encouraged by this outcome. “In view of the pushback on budgets that we’re seeing across other areas of business, it's interesting that cyber security is starting to see a more strategic approach from business.”
Going into 2023, businesses said they’re most concerned about continued cyber attacks (77%), the talent shortage (47%) and inflation (38%). “Out of all business concerns, cyber attacks are the number one worry, which makes sense as small, medium and large businesses are experiencing an increase in attempted attacks, while the lack of security skills is a common challenge, and has been for a while.
“Our goal is to provide customers with full attack surface coverage while reducing the need for high-end security skills in their environment.”
Going into 2023, 77% of businesses said they’re most concerned about continued cyber attacks.
The types of cyber attacks that businesses are most concerned about facing this year are ransomware (77%), followed by business email compromise (62%) and cloud breach (46%). Oehley says: “This trend is common across the globe. We’re seeing an explosionin cloud adoption in South Africa currently with data centres coming into the region.
We’re also seeing an increase in business email compromise. And ransomware is never going to go away; there have already been a few attacks this year. Cyber crime has turned into big business, with an estimated $1 billion in annual revenues and a ransomware attack every 11 seconds.”
Three quarters of respondents (74%) say that, in the past 12 month, they’ve received an email at work that they believe to be a phishing attempt to collect their credentials.
Respondents
A total of 163 responses were captured, with 62% of respondents being at management level, and working in a range of major industry sectors. Some 38% of respondents came from the IT sector and 23% came from the financial services and government sectors.
Half (47%) have received an email or text message that they believe impersonated an executive at their company. Another 47% have received an invite or message on a social networking site (e.g. LinkedIn) that they believe to be malicious in nature.
“This is where staff education and awareness become key. You need to conduct security awareness for your extended staff, not just for the security or tech team.” A third (33%) of respondents said their organisations had experienced a cyber incident in the past 12 months. Half of respondents (52%) said they hadn’t. “As much as half of the survey’s respondents say they haven’t had an actual incident, but have seen a massive increase in attempted attacks; it’s become a case of when I get breached, not if.”
Oehley finds it interesting that three quarters of respondents (72%) say they have a 24/7 security solution in place, and believes this statistic may be owing to a misperception of what a 24/7 security solution entails. “Between 90% and 95% of the businesses that we speak to don’t have a proper 24/7 security operations environment. There’s a difference between having tools in place that run 24/7 compared to having eyes on your environment 24/7, where someone is looking at your environment, doing threat hunting and filtering information. They simply aren’t the same thing. A 24/7 tool isn’t a 24/7 security operations environment.
“What we’ve seen, with this and other surveys as well as our events, is that there’s a common thread across small, medium and large customers when it comes to security. The challenges are very similar, but their focus might be in different areas.”
Share