Company News, Technology News

SA cybersecurity, compliance inadequate as criminals gain ground

  • A single successful attack on a single unprotected device can prove crippling for an organisation
  • Countries in the world’s top 10 in terms of cyber security maturity keep getting better while South Africa lags
  • Average time to detection is 287 days, and most organisations find out about it from third parties.
  • Gijima to host virtual sessions on understanding Zero Trust in enabling Business Resilience and how you can rearchitect your Security Landscapes post the COVID-19 outbreak

Except for pockets of excellence, much of South Africa is falling further behind the world in terms of cyber security preparedness, and with it, business resilience.

According to 2021 data published by Comparitech, South Africa achieved a risk score of 20.29, a small improvement from 34.39 in 2019 but South Africa moved further down the list which means we are not keeping up. By comparison, Denmark improved from 12.04 in 2019 to 3.55 in 2020 and remained in first place.

In a conversation with renowned cyber security expert and Specialist Sales Executive: Security at Gijima, Lukas van der Merwe, he notes that recent high-profile attacks illustrated not only the vulnerability of local organisations, but also the impact that attacks can have on business operations. “As we have seen, a single successful attack on a single unprotected device can prove crippling for an organisation,” says van der Merwe.

Based on the Comparitech data and Van der Merwe’s assertion, it goes without saying that many South African organisations – even large enterprises – often do not attend to even the most basic cyber security controls. There are however pockets of world class excellence, such as major banks in the country. “Overall, South Africa appears to be lagging the rest of the world in this regard. Countries in the world’s top 10 in terms of cyber security maturity keep getting better, while those at the lower end continuously get worse. We are not where we should be; and anyone who says they haven’t been breached may just not be aware of it, since the frequency and sophistication of attacks make it inevitable,” he says.

According to van der Merwe, organisations with inadequate security infrastructure may well have been breached or have malware in their environment. He notes that “for example, IBM reports that the average time to detection is 180 days, and most organisations find out about it from third parties. Not everything is as obvious as ransomware, which is immediate, absolute and can’t be missed. But a data breach with the quiet exfiltration and sale of data could potentially be far worse.” 

Van der Merwe, who has worked in the field of cybersecurity in countries such as the United Kingdom and is a thought leader and sought-after speaker in everything cybersecurity asserts a lack of proper security and data governance also means many organisations may not yet be compliant with the Protection of Personal Information Act (POPIA). “The extent of the challenge to identify and classify information and put access roles in place – which is necessary both for POPIA compliance and a Zero Trust environment – is such an immense task many cannot get their heads around it.  A number of organisations are simply not POPIA compliant, and there is still a lot of work to be done.”

The question, however, remains: is the implementation of advanced cyber security defence and an effective Zero Trust framework a solution, How prepared are companies in investing in such a solution? 

“Only a handful of organisations are implementing a Zero Trust framework and investing heavily on cyber defence. For most, it seems prohibitively expensive and complex,” say van der Merwe. He believes that, if you decide to do it inhouse and using a go-alone approach, this is an intensive project that could run months before seeing results, and it’s a never-ending process as new threats and technologies emerge. “This is where managed service providers such as Gijima offer significant value – with shared investment lowering the barrier to entry, and skills onboard to support the entire spectrum of controls and technologies.”

Gijima’s capabilities are the result of the acquisition of T-Systems South Africa’s cyber defence centre as well as over ten years of diligent investment in skills and processes. “At the core of our end-to-end security portfolio is advanced cyber defence, which is supporting major enterprises in South Africa, Europe and North America. However, this enterprise-grade advanced cyber defence is accessible to even smaller and mid-sized organisations: our smallest customer has only around 60 employees,” he concludes.

Gijima’s, one of South Africa’s Level B-BBEE ICT providers will be hosting a virtual discussion on the Advanced Cyber Defence security capabilities and Zero Trust framework. This discussion will be breaking down the various steps into the Zero Trust framework and how cybersecurity is a component of building Business Resilience in the evolving age where businesses have been forced to implement changes in their approach to security because of employees working remotely.

If you are interested in the virtual discussion on understanding Zero Trust in enabling Business Resilience, you can express your interest to join their series of roundtables that will focus on rearchitect Security Landscapes post the COVID-19 outbreak you by registering here  <<link to contact form on microsite>>


Issued by: For enquiries:

Roberta Gumede

Chief Marketing Officer


010 449 5000

For enquiries:

Thamsanqa Malinga

Communications Specialist


010 449 5000

083 301 7878

[email protected]