The increasingly sophisticated, bold and resilient behaviour of cybercriminals in their endeavours have left companies worldwide feeling more vulnerable to cyberattacks, with less than half of the organisations surveyed in Cisco’s latest Annual Security Report confident in their network security applications and procedures.
The US-based information technology group’s 2016 survey found that cybercriminals had refined their back-end infrastructure and were tapping into legitimate resources to carry out efficient and profitable attacks, pitting businesses against security challenges that seemingly inhibited their ability to detect, mitigate and recover from common and professional cyberattacks.
Ageing infrastructure and outdated organisational structure and practices also placed them at risk, with the survey revealing that, between 2014 and 2015, the number of organisations that said their security infrastructure was up to date dropped by 10%.
“In 2015, security executives showed lower confidence in their security tools and processes than they did in 2014. In 2015, 59% of organisations said their security infrastructure was very up to date. In 2014, 64% said the same,” Cisco noted, pointing out that, in the face of more sophisticated threats, the confidence of security professionals appeared to be “flagging”.
South Africa was no different, with the country having the highest rate of cybercrime occurrences in Africa, as cybercriminals were becoming smarter and employing a number of personalised tactics, which placed businesses at greater risk, Cisco South Africa security solutions consulting systems engineer Greg Griessel said.
Understanding the current tactics employed by cybercriminals was an “absolute necessity”.
“The South African public and private sectors need to understand what they are up against and arm themselves before the worst case scenario becomes a reality,” he said.
The Department of Telecommunications and Postal Services implemented measures to counter the “scourge”, including the in-progress development of a Cybercrimes and Cybersecurity Bill.
The department also established a virtual cybersecurity hub to promote public and private sector collaboration to combat cybercrime and provide a platform for cybercrime reports and complaints.
Worldwide, the growing security concerns and decreased confidence in defence had motivated security executives to improve their online protection tactics.
“For example, we are seeing more security training, an increase in formal written policies and more outsourcing of tasks such as security audits, consulting and incident response.
“In short, security professionals show signs that they are taking action to combat the threats that loom over their networks,” the company explained.
Further, small and medium-sized businesses (SMBs) were seen as a potential weak link – from 2014 to 2015 the number of SMBs that used Web security dropped by more than 10%.