Every year, ITWeb publishes an Information Security Survey, sponsored by network technology provider VMware, that offers a view into the current state of South Africa’s cybersecurity challenges.
The latest ITWeb/VMware CISO survey received answers from chief information security officers (CISOs) at enterprise level, as well as the security-sensitive financial sector.
Some findings were discussed during the recent ITWeb Security Summit, where Jansen van Rensburg, VMware Africa’s lead technologist, also participated. Here are our key takeaways.
1. Phishing and malware still lead the cybersecurity threat war
According to the survey, most organisations are still dealing with cyber threats related to phishing and malware, showing a growing concern. 57% of respondents said their company had suffered a phishing attack, while 39% had gone through a malware attack last year.
However, only 6% of companies have reported a network breach, which van Rensburg believes may be justified by the nearly two-thirds of companies who chose to outsource external network specialists to conduct penetration testing for their enterprise networks.
2. Companies see internal threats as the biggest concern
Insider attacks remain the biggest concern of cybersecurity-aware companies. Only 9% of organisations view malware as a serious top threat, compared to 29% who rather focus on internal threats.
According to VMware Africa, this is not surprising. Software-defined network segmentation inside the datacentre and the network becomes critical in eliminating security threats from within the ecosystem.
Virtualization can increase IT agility, flexibility, and scalability while creating significant cost savings. Workloads get deployed faster, performance and availability increases and operations become automated, resulting in IT that’s simpler to manage and less costly to own and operate.
3. Cloud security is a growing trend
Managing networking and security in the cloud environment is a new challenge for enterprises fast transitioning to a cloud-first strategy. This entails that the entire infrastructure needs to be moved an adapted to work in the cloud.
The major challenge comes when companies have to consider securing the public cloud and not just their network. They may not have the required skills and expertise to do so, says VMware’s van Rensburg, who recommends a network vendor with tried-and-trusted cloud security pedigree.
4. Security budgets are still difficult to justify
Almost 45% of surveyed organisations agree that investments in security are often difficult to justify in terms of ROI, although it is well-known that damages from major data breaches can irrevocably affect a brand’s reputation in the market.
Furthermore, 75% of respondents believe that delayed security investments mean additional costs further down the line. In terms of security spending, companies do it to protect customer information (this year’s 19% compared to last year’s 24%) and for data compliance’s sake (22%), which refers to GDPR and PoPI legal requirements.
Click here to view more key findings.
Does your IT infrastructure provide the scalability and performance your business requires?
VMware’s cloud technologies assist organisations to fully and securely leverage VMware hybrid clouds and native public clouds for increased agility, accelerated innovation, and optimised costs.