EDITOR ’ S QUESTION
HOW SHOULD CIOS DEVELOP THEIR CYBERSECURITY FRAMEWORK TO IMPROVE THEIR ORGANISATION ’ S OVERALL SECURITY POSTURE ?
The goal of implementing cybersecurity is to provide a good security posture for computers , servers , networks , mobile devices and the data stored on these devices from attackers with malicious intent . As cyberattacks increase in Africa , they are being designed to access , delete or extort an organisation ’ s or user ’ s sensitive data ; making cybersecurity vital . Industry pundits tell Intelligent CIO
Africa how enterprises can bolster their security posture .
Organisations in the Africa have
witnessed a significant increase in cyberattacks across industries – some of which have caused financial and reputational losses . Businesses have certainly amped up their security spending as the drive towards digitisation gathers speed and the threat landscape continues to evolve at an even rapid pace . The Middle East and Africa ( MEA ) cybersecurity pre-COVID-19 market size was projected to grow from US $ 16.1 billion in 2020 to US $ 28.7 billion by 2025 , growing at a compound annual growth rate ( CAGR ) of 12.2 % according to a report from Markets and Markets . The report projects that Post-COVID-19 the market size will grow from US $ 15.6 billion in 2020 to US $ 29.9 billion by 2025 , at a CAGR of 13.8 % during the forecast period .
Alain Penel , Regional Vice President – Middle East , Fortinet , said an unforeseeable shift in network structures and attack strategies has been dropped on the cybersecurity industry in 2020 . Penel said as the COVID-19 pandemic continues to take its toll on organisations and individuals around the globe , the industry is now dealing with a threat landscape that ’ s become more intense , complex and saturated than ever before . “ Attackers are now more targeted toward the remote worker . According to the FortiGuard ’ s latest threat landscape report , we have found that while ransomware attacks have always been a significant concern for businesses , over the past several months they ’ ve become more prevalent and costlier – both in terms of downtime and damages . Also , phishing tactics are now far more sophisticated and have evolved to target the weak links found at the Edges of business networks . Many attackers are also using Machine Learning to rapidly craft , test and distribute messages with increasingly realistic visual content that triggers emotional distress in recipients ,” he said .
Israel Barak , CISO , Cybereason , agreed with Panel on the changing threat landscape and said : “ Multi-stage ransomware attacks are rising significantly , with multiple attackers executing ransomware operations involving data theft , the stealing of user credentials and lateral movement across the victim ’ s network to compromise as many endpoints as possible .”
Barak said Cybereason is seeing ransomware capabilities deployed early in hacking operations but not immediately detonated . “ In these cases , the ransomware is detonated only after preliminary stages of the attack are finished across all compromised endpoints to achieve maximum impact on the victim .
“ Beyond ransomware , mobile phones are becoming a focal point for nation states and rogue hacking groups . Traditionally , attackers have been targeting mobile phones for taking data , performing surveillance on the users , and its location services . Recently , we have seen the transition by attackers to using the mobile phone as the penetration vector into the organisational network . That being said , there hasn ’ t been an influx of new techniques introduced into the industry for penetration – we primarily see phishing emails at the top of most threat actors ’ lists ,” he said .
With the changing threat landscape , industry experts agree that CIOs face challenges when implementing their cybersecurity strategies .
According to Cathy MacLeod , Head of Professional Services , DRS , the availability of technical skill comes top of mind and the ability to upskill resources . “ Protection of the company ’ s data and governance thereof and this includes retention and classification of data . The cost of this compliance can be crippling and the ability to keep up with the ever-changing regulatory requirements puts a heavy financial commitment on companies ,” she said .
26 INTELLIGENTCIO www . intelligentcio . com