Many African organizations lack the real-time insight on cyber-risks needed to combat online fraud and other IT security issues, according to the annual EY Global Information Security Survey.
More than half of the African organizations studied in the survey do not have the sort of information needed to successfully counter cybersecurity issues, said EA, the brand name for the Ernst & Young global professional services group.
Sixty-seven percent of the organizations surveyed globally and 63 percent Africa face rising threats in their information security risk environment, according to the director for cybersecurity at EY Africa, Raghuvansh Swami. Thirty seven percent of the organizations studied globally, and 57 percent in Africa, have no real-time insight to combat the threats, Swami said.
“While for the first time globally, most respondents noted that their information security budgets had flattened, respondents from Africa experience an increase in their cybersecurity investment which indicates we are catching up in this regard from prior years,” Swami noted via email. “Even though budgets have grown and in some cases continue to grow, the rate on investment is not proportional to the exponentially growing threat landscape, thereby contributing to a widening gap of what is being done and what should be done.”
Within Africa, more than 60 percent of respondents to the EY survey cite several issues as high risk, including: business continuity/disaster recovery resilience; data leakage/data loss prevention; IT Security and operational technology Integration; lack of fraud support; inadequate/inefficient identity and access management; and lack of regular security testing.
“We would like to emphasize that the topic of Information Security is one of those that are unbiased to geography,” Swami added. “The degree of risk may vary dependent on the type of technology in use, however we all face the same security threats and challenges.”
Highlighting the challenges that hinder the ability to close the gap between regions, EY noted that organizations are lagging behind in establishing foundational cybersecurity.
“The most important roadblock is the lack of cybersecurity skills. While the need for specialists deepens, every year our survey shows that the lack of specialists is a constant and growing issue,” EY stated. “Also there is the need to build skills in non-technical disciplines to integrate cybersecurity into the core business.”
Information security has transformed rapidly into a business survival issue that requires executive attention and support, EA said. The only way to manage the complex and dynamic environment of cybersecurity is to grasp the challenges head on—embrace cybersecurity as a core aspect of the business, and as an integral capability to survive and thrive, EA said.
The EA report which was conducted between June and August 2014 with 1,825 respondents from across major industries in 60 participating countries recommends a three-prong approach to more advanced cybersecurity measures: activate cybersecurity efforts; adapt to changing cybersecurity requirements to keep pace and match changing business requirements; and develop tactics as they anticipate cyberattacks through a mature threat intelligence capability, a robust risk assessment methodology, an experienced incident response mechanism, and an informed organization.