We have heard many times over the years about the importance of being cybersecurity ready. Given the proliferation of threats that have only grown, and businesses being warned that it is a matter of when rather than if they are compromised, cybersecurity should be top of mind.

And yet, according to a recent indepth briefing with Cisco, cybersecurity readiness remains a complex topic and an ongoing challenge.

Nabeel Rajab, the cybersecurity technical solutions architect at Cisco South Africa, explained that the company's latest cybersecurity assessment revealed that in South Africa, cybersecurity readiness remains low, with little improvement from last year.

He explained that the company's Cybersecurity Readiness report  is intended to provide the market with an indication of where we are from a risk perspective. Apparently though, the net assessment was that there is much room for improvement in South Africa's readiness for a cybersecurity attack.

While apparently a lot of organisations are waking up to the fact that they could be a target, there are certain aspects of protection still being missed. Rajab elaborated that the report took into account five key pillars: cybersecurity, identity, intelligence, machine trustworthiness, network resilience, cloud reinforcement, and AI fortification.

''Naturally, artificial intelligence (AI) is still the hot topic. But companies continue to grapple with complexities AI is introducing, including GenAI deployment risks,'' he noted.

As one of the main pillars of cybersecurity readiness, AI Fortification is maturing, predominantly because AI is such a large focus. When looking at AI as regards cybersecurity, he explains that the crux of the matter is dealing with data being compromised.

''Ransomware, for example, can be isolated, but with AI, we are dealing with a brand new interface to one's data,'' he pointed out.

Additionally, another vulnerability that AI brings to cybersecurity is the poisoning of data, where models have been poisoned with skewed or wrong data to distort the results.

Furthermore, cybercriminals are using AI to make their attacks look more legitimate and indistinguishable from the genuine article. This can be seen with phishing sites or emails, for example. Whereas a phishing email from a bank used to be more clearly suspect, with spelling mistakes, poor grammar and formatting errors, now, because they are generated by AI, a well crafted phishing effort can trap more people. 

''While AI adoption is a good thing, in that it drives innovation, it also introduces new complexity when it comes to security. It means that security teams have to increase their defenses against AI fueled attacks, which bad actors are also using, '' added Smangele Nkosi, the  GM/Country Leader for Cisco South Africa.

But AI is not the only metric when evaluating cybersecurity readiness. Rajab explained that along with AI fortification, the other pillars include  identity intelligence, machine trustworthiness, network resilience, and finally, cloud reinforcement

Of them, identity intelligence is the one that is most underestimated.

''Attackers are starting to realise, why go through hassle of trying to deploy malware, phishing or deploy complex attack process, when we can just get the credentials of someone? Why hack in when you can log in? '' warns Rajab.

At the same time, the awareness of this pillar remains unchanged from last year. As well, companies are at a disadvantage, in that they are bringing in younger workforces that don't necessarily have a mature mindset with regards to cybersecurity. There is also not a lot of attention paid to their credentials and their digital self, so identity intelligence is not given much attention. And this is further exacerbated by the fact that companies cannot control over who their employees hand their devices to when they are outside of the office.

''From an education perspective, many employees have admitted that they just let kids use their work devices, who don’t understand the ramifications of clicking on suspect links. Parents don’t always conceptualise that just giving child a phone for ten minutes can create an attack, just because the children don’t know what they are doing,'' notes Ameera Cassoojee, the cybersecurity sales specialist at Cisco.

As well, cloud adoption remains a challenge, with the report finding there is more focus on applications and workloads rather than security. Rajab stresses that is why security should be embedded from the outset, so that a breach of one's cloud doesn't become a major hurdle to innovation.

Sadly, one of the major hurdles that remains unchanged is the issue of talent shortages. According to the report, talent shortages remain a barrier to readiness and impede the pace at which solutions can be deployed. Furthermore, 50% of those surveyed have more than 10% of their cybersecurity teams headcount unfilled. This is exacerbated by a sharp decline in the number of companies that allocate more than 10% of their IT budget towards cybersecurity.

Rajab notes that particularly alarming is that 87% of respondents said their organisations have experienced AI related security incidents in the past 12 months, and 54% reported that their organisations had experienced at least one incident in the past 12 months.

And yet, despite that stark statistic, 75% were very confident of their team's ability to navigate through cybersecurity challenge with their current infrastructure.

''My main takeaway to companies would be if you feeling very confident of where you stand with regards to your cyber readiness, you may want to reevaluate,'' he concludes.