Internal threats, identity theft, cloud security and AI-infused attacks keep CISOs awake at night. These issues now define Africa’s ever-evolving cyber threat landscape and organisations must adopt a multi-layered, proactive, and end-to-end approach to defence.
This is according to delegates who attended the annual ITWeb CISO dinner in Cape Town this week.
The event was a precursor for the ITWeb Security Summit Cape Town eing held today, 28 May, at the Cape Town International Convention Centre.
At the dinner, the audience of mainly cyber security professionals and C-suite decision makers said threat actors are becoming more sophisticated and operate as legitimate businesses, making it more difficult for organisations to defend themselves.
A lack of visibility over infrastructure, as well as increasing complexity in running cyber security solutions are additional challenges.
George Little, partner, cyber security, data & privacy global lead, and head of office at Brunswick Group in Washington DC, said CISOs have one of the toughest jobs.
“They have to guard the parameter, large internal and external teams, external relationships, budgets, and more … the stakes have never been higher,” said Little.
Threat actors are aware of the value of data as the most tradeable entity.
Little added that sophisticated attacks by hybrid quasi nation state groups on critical infrastructure can have severe real-world repercussions.
“Threat actors can access medical records for example and manipulate the data, they can access financial reports on the stock exchange and manipulate data,” said Little.
He added that cyber security 'is a team sport' and is the collective responsibility of everyone in the organisation.
Always-on cyber security playbook
Cyber security professionals agree that cyber criminals continue to move threat vectors and are ready to apply emerging technology like AI and cloud in their arsenals.
They said business leaders must realise that effective cyber security demands an ‘always-on’ mindset, meaning there can be no let-up in simulation testing, compliance checks, access control, efforts to ring-fence and lock down data.
The defence playbook must adapt to the evolving threat landscape and consider the financial and reputational risks to companies. It must also acknowledge that human behavior remains a weak link in the cyber security chain.
Factors such as ethical hacking, governance and regulatory compliance, resource allocation, and skills development will continue to shape cyber security postures.
Share