Key Findings

ITWeb, in partnership with CyberAntix, conducted a cyber security survey that interrogated the current status of South African organisations’ incident response preparedness.

The survey ran online during June and aimed to establish which security solutions organisations have in place. The survey looked into how businesses are handling alerts, their alerting configurations and how alerts are responded to.

In this survey, we asked, among other things:

  • Which security solutions does your organisation currently have in place?
  • How are you handling alerts?
  • Are you scanning your environment for vulnerabilities and is this performed internally or procured from a 3rd party service provider?

A total of 205 responses were captured, with 56% of respondents being at executive or middle management level, working across a range of industries, with the majority of respondents coming from the software and internet, computers and electronics and government sectors.

Here are some of the key findings:

1. The top five security solutions that respondents’ organisations had in place were Antivirus (69%), Active Directory (50%), Web Application Firewall (45%), Endpoint Detection and Response (41%) and DNS Protection (35%).

2. 63% of respondents say they receive alerts directly in dashboards or mailboxes. A quarter – 23% - centrally collect all logs and send alerts from a SIEM solution. And 10% don’t receive any alerts at all.

3. When it comes to the alerting configuration of their security solutions, 41% of respondents say some of the alerts are vendor default and they have configured some customised alerts to suit their organisation's specific requirements. 36% say a large amount of alerts have been configured to suit their organisation’s specific requirements. A quarter (23%) say all of the alerts are vendor default and they haven’t configured any customised alerts.

4. 61% of respondents are responding to alerts in a timely manner. 21% respond to alerts in machine time. 11% respond to alerts long after detection.

5. 38% of respondents are doing internal vulnerability scans and are actively managing vulnerabilities. 29% do internal vulnerability scans themselves mostly to receive a report for compliance requirements. 21% outsource this function to a third party. 13% don’t scan for vulnerabilities within the environment at all.

6. The majority (67%) of responding companies perform vulnerability scans on a monthly basis. 21% do it quarterly, 8% do it biannually and 5% do it annually.

7. Asked which compliance requirements their organisation needed to adhere to or would like to adopt in the future, 68% said POPIA, half (47%) said ISO 27000 and 37% said COBIT5. These were followed by NIST and GDPR, with 26% each.