Cyberattacks are growing in frequency and sophistication, which is no surprise given that today’s adversaries are well-funded and determined. And as their tools grow more and more targeted and complex, businesses are waking up to the fact that when it comes to attacks, it’s a case of “when” and “how often”, instead of “if”.

This was one of the findings that emerged when a group of technologists from some of South Africa’s biggest brands attended a roundtable event recently, hosted by TechCentral and sponsored by Tarsus Distribution and Dell Technologies.

The event aimed at unpacking the greatest data and security challenges that South African organisations are facing, and what to do about them. All agreed that cybersecurity has always been a catch-up game and an arduous and seemingly never-ending task.

They agreed that any robust security posture depends heavily on understanding an organisation’s soft spots, and where they might be vulnerable, but there are several hurdles in the way.

One is the explosion of data. A large online retailer explained that while a lot of historical data is not needed, deciding at what point to archive involves treading a fine line. Specific industries need to store data for a certain number of years and have it readily available for auditors. Unfortunately, storing everything in the cloud where it is easily accessible is not always cost-effective.

The sheer size and volume of data, and what to do with it, has become a concern, and all roundtable panellists agreed that this will only get worse as data grows exponentially. It’s hard to secure what you don’t know you have and what you can’t see, so businesses need to find solutions to the proliferation of data as a matter of urgency.

The group also agreed that humans are the weakest link when it comes to cybersecurity, and more training is needed to raise awareness of the potential risks. Being prepared is key, and this can be achieved by phishing simulations and other scenario planning. After all, being prepared makes making critical decisions a lot easier.

Use of AI

However, a panellist and leader in education commented that businesses don’t understand how a lack of insurance could affect them but added that insurers lack the skills to accurately quantify what the risk is. In this way, they said employing a hacker to identify where the company’s weak points are would almost be better than a cyber specialist.

The conversation then turned to the use of AI, and tools such as ChatGPT, which raised the question of where knowledge creation will go in the future, and whether it has the potential to make lecturers, trainers and researchers redundant. Moreover, a couple of industry leaders in education discussed how without authenticated data it is difficult to determine how competent those who use ChatGPT’s knowledge really are as AI still needs a human component.

Similarly, they said creativity and authentic thinking need to be encouraged in every industry, which is a massive challenge when tools such as these are so readily available. Making use of technology to enhance “that which is human nature”, one described as “Nirvana”, but said everything depends on the individual using the technology, how they pose the question, and what they do with that information to make better decisions.

AI can be used for good as well as for bad, and cyberattackers are also using AI tools to automate their attacks and eliminate mundane processes within the cyber kill chain. With this in mind, while all businesses need to implement technologies such as AI, people need to be taught how to use these properly. Similarly, there needs to be more critical thinking on how to apply AI. It has the power to open the door for those who are not talented and free up time for those who are talented to get on with more valuable activities. “In a few years’ time, there will be jobs that we haven’t even thought of yet,” another said.

One executive in a leading financial institution commented that his organisation is about 20 years behind the times when it comes to AI adoption. The loan application process, for example, is easier in the consumer space where there is credit bureau access. However, when handling between 20 and 40 applications a day for solar, if there was a way to match these applications with some form of AI to leverage the technology until the validation stage at a consumer level, and then scale up to a corporate level, it would be a game changer.

In ending, while the proliferation of new technologies and burgeoning amounts of data can be obstacles to cybersecurity, they can provide enormous benefits and competitive advantages to the organisation. AI can be used to improve knowledge and help entities understand threats and cyber risk better by scrutinising billions of data points and rooting out any anomalies. Similarly, data can help cybersecurity practitioners by examining the past history of the attacks to understand attackers’ behaviour, which helps to identify any potential attacks before they take place.

Get in touch

Small and medium enterprises that need assistance with their technology road map, modernisation or digital transformation strategy can contact Tarsus Distribution here.