Cybersecurity is a hot topic in South Africa and in fact, the world over – in the face of recent, highly publicised cybersecurity breaches and the emergence of Ransomware as a Service (RaaS) which makes the malware accessible to just about anyone with a little computer knowledge.
2018 promises to be a big year for cybersecurity as threats continue to develop and evolve, increasing the risk for organisations and putting pressure on them to be proactive and responsive.
Gartner recently revealed their top ten IT predictions for 2018, alongside five main cybersecurity trends that they have identified for the upcoming year. While many of these are global predictions, the impact on South African industry is unmissable. South Africa is no longer lagging behind technologically, and many of the technologies that Gartner foresees taking hold of the global market will certainly make its way to our shores.
From a South African perspective, I predict that there will be significant investment in cybersecurity initiatives, as more and more organisations seek to protect themselves and their customers from attack.
The increased adoption of cloud services and looming promise of hyper scale cloud environments in South Africa will place a strong focus on cloud security.
South Africa’s pending Protection of Personal Information Act (PoPI) will cause companies to rethink their data protection policy, implementing best practices alongside key data security tools to ensure compliance and maximum data protection.
Technology driven security:
Key technologies such as Artificial Intelligence (AI), machine learning, advanced biometrics and chatbots will feature more prominently in the development of cybersecurity tools and solutions. However, as more technology Original Equipment Manufacturers (OEMs) seek quicker entry times to market, less time is being spent on research and development, resulting in compromised quality. Some technologies may be slower to adopt until security measures mature enough to repel cyberthreats.
Gartner predicts that by 2020, Internet of Things (IoT) technology will be in 95% of electronics for new product designs. The sheer scale of IoT networks opens up the potential for attacks with potentially severe consequences. In South Africa, IoT is still in its infancy, and the impact will likely be centred more on private homes rather than at an organisations level – for now.
Security Operations Centres:
In line with Gartner’s cybersecurity trends predictions, there will be a larger focus on detection and repair rather than prevention. The development of incident management response strategies and security operations centres will become more of a business operational concern and less of an IT or security concern.
There will be larger spending on data protection tools such as encryption and multi factor authentication over perimeter controls, as the perimeter widens. Organisations will seek to protect data from the core rather than fencing it off at the perimeter.
Mobile device protection:
In the wake of recent ransomware attacks and the increased uptake of mobility and Bring Your Own Device (BYOD) within organisations, businesses will seek to implement mobile security to prevent infiltration via external networks outside of their control.
Increased ransomware incidents:
2017 saw a boom in ransomware attacks and 2018 is likely to see more. Ransomware is now considered a thriving industry in shady circles, one which is driven by the thriving cryptocurrency market. Security awareness will be critical to organisational cybersecurity strategies, however may not be enough to combat attacks as they evolve.
Organisations will need to start reviewing and revising their cybersecurity strategy more frequently. Businesses should relook at their strategy at least annually, however, bi-annually to quarterly is preferable, especially for larger concerns. This will be required to ensure that and organisation’s cybersecurity keeps pace with cybercrime developments and innovation. It is critical to cover all bases, and the rising cybercrime industry means that businesses cannot afford to delay cybersecurity improvements for even a year.
*by Simeon Tassev, managing director and QSA at Galix Networking