African organizations lag in cybersecurity, global survey says

Few organzations have the sort of real-time insight that allows them to deal with rising security threats

Many African organizations lack the real-time insight on cyber-risks needed to combat online fraud and other IT security issues, according to the annual EY Global Information Security Survey.

More than half of the African organizations studied in the survey do not have the sort of information needed to successfully counter cybersecurity issues, said EA, the brand name for the Ernst & Young global professional services group.

Sixty-seven percent of the organizations surveyed globally and 63 percent Africa face rising threats in their information security risk environment, according to the director for cybersecurity at EY Africa, Raghuvansh Swami. Thirty seven percent of the organizations studied globally, and 57 percent in Africa, have no real-time insight to combat the threats, Swami said.

"While for the first time globally, most respondents noted that their information security budgets had flattened, respondents from Africa experience an increase in their cybersecurity investment which indicates we are catching up in this regard from prior years," Swami noted via email. "Even though budgets have grown and in some cases continue to grow, the rate on investment is not proportional to the exponentially growing threat landscape, thereby contributing to a widening gap of what is being done and what should be done."

Within Africa, more than 60 percent of respondents to the EY survey cite several issues as high risk, including: business continuity/disaster recovery resilience; data leakage/data loss prevention; IT Security and operational technology Integration; lack of fraud support; inadequate/inefficient identity and access management; and lack of regular security testing.

"We would like to emphasize that the topic of Information Security is one of those that are unbiased to geography," Swami added. "The degree of risk may vary dependent on the type of technology in use, however we all face the same security threats and challenges."

Highlighting the challenges that hinder the ability to close the gap between regions, EY noted that organizations are lagging behind in establishing foundational cybersecurity.

"The most important roadblock is the lack of cybersecurity skills. While the need for specialists deepens, every year our survey shows that the lack of specialists is a constant and growing issue," EY stated. "Also there is the need to build skills in non-technical disciplines to integrate cybersecurity into the core business."

Information security has transformed rapidly into a business survival issue that requires executive attention and support, EA said. The only way to manage the complex and dynamic environment of cybersecurity is to grasp the challenges head on -- embrace cybersecurity as a core aspect of the business, and as an integral capability to survive and thrive, EA said.

The EA report which was conducted between June and August 2014 with 1,825 respondents from across major industries in 60 participating countries recommends a three-prong approach to more advanced cybersecurity measures: activate cybersecurity efforts; adapt to changing cybersecurity requirements to keep pace and match changing business requirements; and develop tactics as they anticipate cyberattacks through a mature threat intelligence capability, a robust risk assessment methodology, an experienced incident response mechanism, and an informed organization.

Join the CSO newsletter!

Error: Please check your email address.

Tags Ernst & YoungEYsecuritydata breach

More about IT Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Olusegun Abolaji Ogundeji

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place