SA's response time to security breaches lags
SA's marketplace and maturity value in terms of cyber security, other security threats, and preparedness, is on par with the rest of the world.
However, SA is lagging in its response time to security breaches.
So said Paul Williams, Fortinet SA Country Manager, discussing the results of a study conducted by Forrester Consulting on behalf of Fortinet last year, which surveyed over 400 global decision-makers across a wide variety of industries who were responsible for the security of their organisation's critical infrastructure.
The survey aimed to uncover how these organisations view their progress in terms of security transformation alongside digital transformation. They were also asked about their governance and procedures around security, and qualifications and skills to manage threats.
Williams believes the lagging response rate to security breaches is the result of a skills shortage in the country. "Despite being on par with new technology to monitor, detect, and mitigate these risks, there are a limited number of people in SA with the specific and necessary skill set."
According to him, among the most concerning threats for local businesses are the expected malware attacks, ransomware attacks, botnet attacks, as well as cyber security hacks across the board. These include attacks aimed at identification documentation, other personal data, corporate espionage, and politically motivated attacks.
He said intelligent ransomware and malware attacks have also been gaining traction as new technology now enables them to do so.
"In 2018, another global occurrence we've seen is an increase in attacks on the sandbox. Attackers block and attack the solution-set where they are trying to manipulate the sandbox," he added.
Williams says the impact of a breach on a business can be minor or catastrophic, depending on the type of breach, and how it happened. "This is making training and upskilling critical."
With this in mind, Fortinet, in conjunction with universities, technikons, distributors, and their partners are driving internship programmes and training to graduates with an interest in IT engineering.
The security company has committed to training engineers on a quarterly and annual basis with basic NSE 4 and NSE 5 training to get them grounded on what the technology can do, and how to understand cyber security, threats, the security landscape, and the attack surface.