A recent report by international cybersecurity company Kaspersky has highlighted a growing skills gap in South African businesses, leaving them vulnerable to cyberattacks. The group has found that a staggering 87% of businesses in the country lack the necessary cybersecurity skills to protect themselves from advanced cyber threats. This shortage has opened up these businesses to criminal elements, making them vulnerable to cyberattacks.
- South African businesses are facing a severe shortage of cybersecurity skills, leaving them vulnerable to advanced cyber threats.
- A recent survey by Kaspersky found that only 33% of businesses in South Africa have internal security operations to manage tech risks, and 87% do not have the required skills to protect themselves.
- The shortage of cybersecurity skills in South African businesses has resulted in annual losses of approximately R250 million for South African businesses due to internet fraud and phishing attacks, according to the South African Banking Risk Information Centre (SABRIC).
A recent survey by Kaspersky revealed that 45% of the South African companies surveyed had experienced a cybersecurity incident between 2021 and 2022. The report also found that only 33% of these companies had their own internal security operations to manage tech risks. Brandon Muller, technology expert and consultant for the Middle East and Africa region at Kaspersky, explained that dedicated cybersecurity functions in businesses across Africa are not yet common, reflecting a broader concern around having access to the specialist functions to run those initiatives.
According to the report, most companies (74%) rely on IT staff to manage their technology; however, these staff members do not have the necessary resources to deal with cyberattacks and protect against them. As a result, 75% of businesses said that they would benefit greatly from expanding their cybersecurity team with further protection. The report noted that almost a third of the surveyed companies are now turning to third-party security experts for IT assistance as skills become more scarce.
The security firm has warned that companies must enhance internal initiatives to also drive cybersecurity awareness training among their current employees. It recommends that even if local businesses do not have specialist skills, they must integrate cybersecurity into the company’s strategy and processes, supported by continuous and up-to-date staff training programmes. “If all employees are aware of the importance of remaining vigilant and what to look for in potential cyberattacks, the defensive footprint will already get a significant boost,” said Muller.
The shortage of cybersecurity skills in South African businesses is not only a cause for concern for these businesses but also for the broader economy. In early 2022, the South African Banking Risk Information Centre (SABRIC) reported a worrying surge in cybercrime throughout the country, resulting in annual losses of approximately R250 million for South African businesses due to internet fraud and phishing attacks. The South African Reserve Bank (SARB) has also recognized the increasing use of new technologies as a significant threat to the banking industry in the country.
Businesses in South Africa are facing a slew of criminal attacks, often targeting unsuspecting and vulnerable employees. Blackmailing and ransomware attacks have been increasing in frequency as well as instances of criminals infiltrating company emails. Kaspersky has warned that people’s work email addresses, often used to sign up for third-party websites, could be exposed in data breaches. It said this could lead to cybercriminals targeting the organization and discussing potential attacks on darknet websites.
Looking ahead, Kaspersky has predicted that data breaches will become more personal in 2023, posing a threat to individuals’ privacy and corporate cybersecurity. The report noted the risk of sensitive information being made publicly available and attracting cybercriminal attention. As such, it is imperative that businesses in South Africa take cybersecurity seriously and take steps to enhance their cybersecurity initiatives and skills to protect themselves from advanced cyber threats.