Subscribe

ITWeb, in partnership with Netskope, conducted a data protection survey targeting information and IT security professionals across southern Africa during March/April 2022. The survey sought to understand the current trends related to data protection, data loss and the usage of unsanctioned cloud applications (shadow IT).

The survey also asked, among other things: 

  1. How widespread are data loss incidents in the region? 
  2. What are the main avenues for external data loss? 
  3. What are the top challenges faced when trying to reduce the risk of data loss?

A total of 176 responses were captured, with 37% of respondents being in middle management, 30% IT staff and 20% at executive management (C-suite) level, and representation across a wide range of industries, although the majority of respondents came from the IT sector, followed by the financial, public and telecoms sectors.

Here are some of the key findings:

  1. Almost half (48%) of respondents said that their organisation had not lost data in the past year or had any data loss incidents. A quarter (26%) said they had lost data and/or had a data loss incident in the past year. 
  2. Of those that responded yes to the above question, 33% said the data was hosted at the user endpoint, 25% said an on-premises file server, app or database, 23% cited SaaS apps and 18% public cloud services. 
  3. Asked to say how the data was lost, answers were fairly evenly spread, with 20% saying sent to an incorrect recipient (email or file transfer), 19% chose theft from breach, 19% ticked copied to USB, 18% misconfiguration of storage (open share), and 14% transferred to unsanctioned SaaS app or web. 
  4. The vast majority of respondents say they’re confident and prepared as an organisation to deal with data loss / theft – from a technology standpoint: 38% said very prepared, 47% said prepared, 11% said somewhat prepared and 5% said they could do better. 
  5. In addition, the vast majority of survey respondents feel confident that they’re prepared from an employee training and awareness standpoint: 27% said very prepared, 47% said prepared, 21% said somewhat prepared and 5% said they could do better 
  6. More than half of respondents (53%) say that the move to remote/hybrid working has had a major influence upon their technology decision making, while 37% say it’s been a consideration. Some 10% say it’s had no impact. 
  7. Asked whether they have visibility of data being published in SaaS and IaaS applications by their staff, 32% say they have good visibility of both, 26% say they have limited visibility in each, 11% say good visibility of IaaS but not SaaS, and 11% say good visibility of SaaS applications but not IaaS.
  8. Just over half of survey respondents (51%) say users are not able to enable or disable VPN or proxy, potentially bypassing security controls, while 29% can but with controls on the data. 
  9. The top three challenges that respondents anticipate in securing their data in the next three years are: an increase in cyber attack volumes; an increase in cyber attack sophistication; and continual movement of data to sanctioned cloud services. 
  10. The three key roadblocks respondents believe they’ll face in addressing those challenges are: budgetary constraints; resource constraints; and increase in complexity. 
  11. The majority of respondents (68%) say they have visibility of data movement on the web at all times, with an additional 14% admitting to some visibility gaps. 
  12. The majority of respondents (71%) say they have visibility of data movement in SaaS applications all the time, with an additional 13% admitting to some visibility gaps. 
  13. 68% of respondents have visibility of data movement in IaaS applications all the time, with an additional 14% saying they have some visibility gaps. 
  14. The main technology used today to monitor and prevent data loss via the web, SaaS apps and public cloud services is next gen firewall (36%) followed by a secure web gateway (22%) and endpoint DLP (17%)

Share