ITWeb, in partnership with Vodacom Business, conducted a survey on cyber security threats to gain insight into the threats that South African businesses are most concerned about – and how they’re mitigating them.
There were 215 valid responses captured, with 55.81% of respondents at executive or mid-management level and 44.19% at IT staff or consultant level. Just under half (41%) of respondents work in the IT sector, 13% come from government and 10% from financial services.
Almost half of the survey respondents (47%) believe everyone in the organisation is responsible for cyber security. A third of respondents (33%) believe it’s the security team’s responsibility and 16% say the CIO or CTO. “These statistics corroborate an ongoing trend of making cyber security everyone’s responsibility, so that businesses can build a more resilient defence against cyber threats. Findings from the 'Cybersecurity as an Imperative for Growth' report, released by Vodacom Business and Omdia last year, highlight that the shortage of skilled cyber security professionals is particularly pronounced in South Africa and across the broader Africa region. To bridge this gap, organisations need to focus on an essential but often underutilised resource – their employees,” says Lukanyo Zahela, Acting Executive Head cloud hosting and security at Vodacom Business.
Sixty-two percent of respondents say they would never connect to WiFi when working from a space outside the office, like a coffee shop, hotel or airport; 20% say they would only connect on their laptop with its anti-virus software; and 17% say they would connect to WiFi. “As cyber criminals become more advanced in their tactics, there’s an increasing shift towards stronger awareness about security protocols, such as connecting to an unsecure network, as this figure highlights,” notes Zahela.
More than three-quarters (78%) of survey respondents say they have never accidentally opened a suspicious e-mail or link on a work device or while connected to their workplace network.
The majority (87%) of survey respondents are extremely aware of their organisation’s cyber security protocols, while 12% say they remember the basics. Zahela says it’s important to create awareness and education to mitigate risks, particularly those stemming from accidental or negligent actions. “In our latest research, respondents reiterated that security awareness training should not be treated as a one-off event, but rather as an ongoing initiative focused on changing behaviour.”
Eighty percent of respondent organisations conduct regular cyber security training…
This can be done in several ways, including continuous employee programmes that incorporate real-world examples and success stories, regular security drills and simulations utilising external learning resources and third-party expertise, and creating incentives for engagement. Businesses should ultimately embed cyber security into company culture so that all employees understand their role in safeguarding an organisation’s assets.
Twenty-nine percent of respondents say they have made an error at work that could have potentially impacted the security of the business. Of those, 25% reported it immediately. “Human error remains one of the most significant vulnerabilities in any organisation’s framework. Cyber security experts in our recent report agree that there are many accidental issues that happen in the workplace and social engineering remains a key focus for attackers,” says Zahela.
The top three cyber security measures that respondents use to protect their home networks are password protection (82%), anti-virus software (68%) and changing the default router credentials (47%).
More than half (56%) of respondents update their password every one to three months; 18% do it every three to six months; 11% every six to 12 months; 11% change their password less than annually; and 5% never do it.
“Strengthening these defences requires ongoing engagement with cyber security experts and leveraging external resources to ensure an organisation’s overall security posture is continuously improving. This partnership allows companies to enhance their cyber security capabilities, mitigate risks more effectively and focus on their core business functions,” concludes Zahela.
Share