There is no doubt that cybersecurity has become an increasingly relevant issue in an always-on world, with data breaches becoming frequent. Being affected has become less akin to being struck by lightning, and increasingly a likelihood. The silver lining, according to Fortinet, which recently released the findings of its 2017 Global Enterprise Security Survey, is that attitudes to cybersecurity are changing, with there being a greater awareness of and accountability for the dangers therein.

A clear indication that cybersecurity is not just a prime concern for developed nations anymore, Paul Williams, Fortinet’s country manager for South Africa, noted that for the first time, South Africa has been included in the report, alongside participants from France, Germany, Italy, Spain, the UK, Poland and the Middle East.

Danger ahead

From a global point of view, the report notes that there has been a considerable increase in ransomware and malware, with these threats specifically affecting 47% of the organisations surveyed globally. If that doesn’t sound like such a high percentage, the next statistic certainly offsets it. A large majority, 85% of the businesses globally and 82% of South African businesses, reported that they had been the victim of a breach in the past two years.

Williams pointed out that furthermore, South African companies that have been affected by malware or data breaches are often not aware of it or are simply not reporting it.

Somewhat of a silver lining, and logically considering both the scale and impact of the cybersecurity threat, Williams relayed that IT security has become a key investment to businesses as part of their IT strategy.

Paul Williams, country manager for Fortinet, South Africa

Ignorance is not bliss

According to the survey, three out of every five spend 10% or more of their IT budget on security, while 71% spend more than they did one year ago. While businesses for the most part invest in keeping solutions up to date (67% in 2017), Fortinet’s report found that there is also more expenditure being made in new security solutions and services, perhaps reflecting the ever changing nature of security threat. Meanwhile, 60% invested in new security solutions and services in 2017 and 56% expect to do so in 2018.

This means that companies are on top of the imminent cyber threat, right? Well, not quite. According to Fortinet, despite the clear and present danger, board members are simply not making cybersecurity enough of a priority. The report found that  almost half (48%) of IT decision makers believe that cybersecurity is still not a top priority discussion for the board. In fact, the security agenda appears to be essentially reactive. According to the survey, increases in cybersecurity investment come either in the wake of global cyberattacks like WannaCry (49%) or to comply with government regulations (34%).

According to respondents, the board appears to be more involved in post-breach management than prevention – only taking action as a result of security breaches in 93% of cases. Indeed, in the wake of a breach, the vast majority (77%) seem to turn their attention to identifying the cause of the breach and reviewing IT security processes, but only two-thirds (67%) want to review or increase the budget in response.

Cloud to the rescue

Before users run and hide in the bunker of their choice, there is an up side, and it is being brought by the transition to cloud. According to the report, the digital transformation journey that so many businesses are undergoing may eventually result in a greater focus on cybersecurity.

A key driver behind this is that the business benefits of migrating key applications and data to the cloud are so clear that 77% of IT professionals globally and 74% of local IT professionals believe the transition to the cloud is a priority for the board. The end result is that 74% of respondents believe that migration to the cloud will make cloud security a growing priority in the future.

This trend is actually supported by the fact that, today, only 37% of respondents say that cloud security emerges as the most disregarded area when it comes time and/or resource allocation. As a result, half of businesses globally (50%) and 56% locally are already planning investment in cloud security over the next 12 months. This is a clear call to arms for IT professionals everywhere.

According to Fortinet, the cloud already has the board’s attention, and provides for an opportune moment to ensure that cybersecurity in general is firmly placed on the agenda as well.

Making lemonade from lemons

From a local perspective, Williams noted that there is another potentially exciting opportunity as well. It’s no secret that skills has been and remains a challenge for South Africa, with it taking two to three years to get a graduate to a level of proficiency. However, he enthused, security professionals are highly in demand, with those who have a certification all but guaranteed a job.

On the one hand we have a security gap, with cyberthreats becoming more real and more frequent. On the other, in South Africa there is a deep need for the country to address unemployment for skilled and literate individuals, address a lack of opportunities and create good paying jobs.

Williams concedes that certainly, opting for and promoting individuals to become security professionals certainly can address, although not entirely solve, the unemployment issue faced by the country. Could it be, from South Africa’s perspective, that the cyberthreat landscape may just be a blessing in disguise? Perhaps.