South Africa experienced 230-million cybersecurity threats in 2022, while the second most attacked African country, Morocco, experienced 71-million attacks. South Africa is particularly vulnerable because of affordability challenges, says cloud services provider Tarsus on Demand product manager Virodh Sunderlall.

“More developed countries have more funds available to buy multiple security systems. However, our economy has not been at its strongest, and people try to lower expenditure by cutting expenses that do not generate money, such as security and insurance. This leaves enterprises open to attack,” he cautions.

However, as with the protection of physical property, cybersecurity is not a luxury, and multilayered security is a key strategy for the company and its partners in 2023, and will remain so in this year, he says.

“Cyberthreats are becoming more sophisticated and diverse, and a single security layer is no longer sufficient. Multilayered security involves combining different security measures, such as firewalls, encryption, access controls, behavioural analytics and endpoint protection, to create robust defences against potential breaches.”

Further, if one layer is breached, others can mitigate the risk, reducing the chances of a successful attack.

“Multilayered security has become so important that security vendors are creating application programming interfaces (APIs) to communicate to other vendors’ products on systems. This helps them leverage each other to bolster security strength. Forward-thinking companies will implement these APIs in 2024,” he notes.

Additionally, the most-used entry points are also the most vulnerable, and 90% to 95% of all security breaches happen through email. Almost every security vendor is trying to solve this, and this area will see the most movement in 2024.

“New regulations on Domain-based Message Authentication, Reporting and Conformance (DMARC) compliance, which govern how emails are sent, also come into effect from March this year and will affect security products going forward,” Sunderlall points out.

Further, artificial intelligence (AI) will see more real-world use cases this year.

“Some great AI-based defensive tools have come out, especially in email security, and became much more accessible this past year. However, AI is also being used to attack systems, and it is not quite clear what it’s capable of yet.

“We can expect to see some big developments in the field this coming year, both good and bad,” he says.

Meanwhile, as threat vectors increase and more companies are being held ransom by attackers, cyber insurance products will become increasingly necessary.

“These products are recent, but they will become commonplace very quickly. Cyber insurance will soon be a standard and necessary business expense, like building insurance is,” he states.

The challenges posed by the sheer volume of cyberthreats, combined with economic constraints, have catalysed a strategic shift in the approach to cybersecurity. The adoption of multifaceted security measures, improved email protection, flexible vendor options, the emergence of cyber insurance and the use of AI in defence mechanisms underscore a proactive and dynamic response to the growing complexity of cyberthreats.

These developments herald a more secure digital environment, but also signify a new era of continuous adaptation and vigilance, says Sunderlall.