As global cyberthreat alerts rise by around 14% year-on-year, it has emerged that South Africa, and other African countries, remain significantly unprepared for a cyberattack and its aftermath.
Advisory firm Deloitte technology, media and telecommunications leader for Africa Mark Casey believed that, for more than 70% of South African businesses, the cyberliability risks would be beyond their scope.
The cost of cyberattacks, the risk of which was increasing in Africa owing to the influx of smart technology across the continent, to businesses globally had been tagged at about $400-billion a year.
“While the recent high-profile attacks on big name companies by foreigners has prompted increased cybersecurity initiatives to protect consumers in some countries, the cost for companies [including reputational damage] is on the rise,” said Casey.
However, companies needed to be “much better” at anticipating and detecting these attacks as the mechanisms of cyberattacks were increasing at an exponential rate, he added.
Deloitte claimed that the failure to timeously detect a breach and the subsequent failure to hastily follow the regulatory requirements, were the main causes of significant reputation damage to an entity following an attack.
“What is becoming abundantly clear is that preparedness to spot and close down these attacks is paramount and companies need to make this ability their front line of defence.”
Casey explained that companies required a detailed incident management plan outlining the internal steps needed to mitigate and contain an attack.
“Organisations need to develop threat awareness throughout their processes and develop the capacity to detect patterns of behaviour which may anticipate, or even predict, the compromise of critical assets,” he noted.
A survey by Deloitte and Efma found that 99% of the responding companies considered cyberattacks an international issue, with 31% of the surveyed information technology and operation managers and CEOs reporting a rise in the number of cyberattacks this year.
Further, 45% and 35% of the respondents believed that the exposure of their companies to cyberattacks was at a medium level and a high level respectively.