South African chief security information officers (CISOs) are seeing an increase in deliberate IT sabotage perpetrated by employees.
This was revealed by Dr Nkosi Kumalo, GM for product and capability at MTN Converged Solutions, speaking yesterday at the ITWeb Security Summit CISO Banquet 2024.
During the event, Kumalo shared the preliminary findings of the CISO Survey, conducted by ITWeb in partnership with MTN Business. The ongoing survey has so far attracted 77 responses from local CISOs.
With cyber threats ever-evolving, the CISO often has a broad range of responsibilities that require a deep understanding of both the technical and managerial aspects of information security.
“We had a 2% response rate to the survey. What we see from the research is that 66% of the people that responded work directly at the operational level with cyber security. So, we got the right target market,” Kumalo said.
“What is interesting from the research is that there is a downward trend in the people that responded in 2024 when you compare to 2023.”
He also revealed the survey found a regression in the hiring of CISOs in South Africa.
“The majority of the respondents say they are employing fewer CISOs. We don’t know whether we are getting enough CISOs, but it’s quite a surprising trend because we see a lot of vacancies out there looking for CISOs.”
According to Kumalo, 63% of the respondents said they were breached in the last 12 months, with phishing and social engineering being leading incidents.
“The other thing that is also interesting is that IT sabotage comes up for the first time from the respondents when you compare it from last year. We didn’t have anything last year, but now 6% of the respondents say sabotage has come up as one of the incidents they experienced in the past 12 months.
“The question that I am asking is how do we protect our business and to what extent? How do you ensure you are 100% covered in terms of your security posture, and can you deliver 100% compliance from a security point of view without compromising functionality?
“When you look at the damage that comes as a result of being reckless with information security, versus the returns from a functionality enablement point of view, it’s your choice.
“At MTN, we have taken zero-trust to another level; we are not taking chances and we don’t trust our own employees from an access management point of view. It goes to the extent that I cannot take a screenshot of company information on my cellphone. There are certain things that I cannot do when I am in the corporate network.”
Kumalo said almost 57% of cyber security challenges have to do with internal employees. “It is the people that are creating a problem for organisations. Therefore, when you put your plans in place, before you even start spending a lot of money on tech, you must start thinking about how do you ensure people think before they click anything.”
Share