Like many of their peers around the world, South African organisations may be eyeing the coming year with some trepidation. With rising interest rates, power supply issues and weak demand constraining both local and export-orientated businesses, the outlook is for a miserly 1.5% growth in 2023. This will make digital transformation initiatives even more critical to help organisations do more with less, and respond to changing market conditions with agility. However, such investments also open the door to new cyber risks.
That’s why cybersecurity must be designed into these projects from the start – so that they can reach their full potential without creating additional financial and reputational challenges. When done right, security can even become a competitive differentiator.
This way to the cloud
Digital transformation begins and ends with the cloud. It will be the foundation for innovative applications to power the South African economy in 2023 and beyond – enabling firms to localise their services and adhere to data sovereignty requirements. According to Google-commissioned research by AlphaBeta Economics, the South Africa cloud region will add more than US$2.1-billion to the country’s GDP and support the creation of more than 40 000 jobs by 2030. That’s why Google recently picked South Africa as the base for its first cloud region on the continent, following Microsoft in 2019, Amazon Web Services in 2020 and Oracle in 2022.
However, while this digital transformation will ultimately help local businesses to grow, scale and become more cost-efficient, it also expands the cyberattack surface – by providing more assets and more pathways to those assets for cybercriminals to target. Organisations must understand this as they migrate their critical customer data to the cloud, especially in the context of the Protection of Personal Information Act (Popia).The law allows regulators to levy fines of up to R10-million for serious offences, and assign criminal liability to organisations that fail to properly protect sensitive data, or “special personal information”.
The financial burden on local firms is already high – South Africa is the only southern hemisphere nation to make it into the top 10 most costly countries for data breaches. On average, a breach here now costs $3.36-million per organisation, a 5% increase on 2021’s figure, according to IBM.
What’s new for 2023?
Cybercriminals will always follow the money, so we can expect them to target areas of high growth where security may not yet have bedded in, like cloud. That’s why we can expect more attempts to steal cloud credentials in 2023 – whether by phishing or by breaching other providers and hoping that employees reuse their logins across multiple accounts. Credentials will give them access to critical corporate systems like ERP and CRM, and data contained therein.
These cloud apps are being used with ever greater frequency due to an increase in hybrid working. In fact, a third of South Africa’s middle class now split their time between home and office, rising to nearly half (46%) of high earners. They may also be running less well-secured devices at home than would be the case in the office, and are more exposed to device theft when travelling between the two locations, adding further pressure for security teams.
Cybercriminals will always follow the money, so we can expect them to target areas of high growth where security may not yet have bedded in, like cloud
These pressures will grow in 2023 given worsening industry skills shortages. A 2022 KPMG study reveals that 75% of African companies found challenges recruiting and retaining security professionals, with only a third claiming to have access to a sufficient talent pool. This could create additional challenges in cloud security such as system misconfigurations stemming from human error, which can expose cloud data stores. Cybercriminals are actively searching the Internet for such configuration mistakes that they can exploit.
Finally, there’s ransomware. South Africa is already said to be the biggest target for ransomware actors on the continent, and ranks eighth globally despite having a GDP in 32nd place worldwide. That’s because cybercriminals will always seek out what they deem to be easier targets. Expect more attacks over the coming year targeting cloud data stores for ransom and data theft.
Time to consolidate and differentiate
All of this might seem like a depressing vision of the coming year. But it doesn’t need to be. If IT leaders focus on getting rid of redundant or duplicated tools, and focus their efforts on platform-based approaches, they can reduce costs, eliminate security gaps and empower stretched teams to be more productive. By focusing on what matters most, their data, and finding ways to automatically and continually discover, classify and protect it, they’ll go a long way in mitigating the risk of theft from cloud-based information stores.
As part of a layered defence-in-depth approach to security focused on protection, detection and response, this offers South African businesses the best opportunity to manage risk and accelerate digital projects with confidence. Because the very last thing they want is to have important initiatives derailed by a major breach. When used right, organisations can even use their enhanced security posture as a differentiator – to build customer trust, reduce financial and reputational risk, and support compliance efforts. That’s a more positive outlook for 2023.
About comforte AG
Comforte AG has evolved into a market leader for data security and cloud-native tokenisation. Combining our experience in securing data in motion and rest, we took our portfolio one step further and created a “Data Security Platform” that seamlessly integrates into the most modern cloud-native environments as well as traditional core systems. Now more than 500 enterprises, including many Fortune 500 organisations, rely on comforte AG’s solutions to secure their data. With offices in Germany, the US, Singapore and Australia, comforte AG has a global reach.
- This promoted content was paid for by the party concerned