2017: the year the board (finally) noticed information security
It was long overdue, but 2017 can be seen as the year the boards of South African companies finally sat up and paid attention to information security, says Paul Williams, Country Manager – Southern Africa at Fortinet.
“As recently as just a few months ago, the Fortinet Global Enterprise Security Survey found that 41% of local IT decision-makers believed that IT security is still not a top priority discussion for the board. But we see evidence that this is changing,” says Williams.
With the survey also finding that a full 82% of South African enterprises surveyed have been victims of a security breach in the past two years, along with the pending enactment Protection of Personal Information (POPI) Act and the Cybercrimes and Cybersecurity Bill set to hold the board more accountable, information security is becoming a business priority at last, says Williams.
“High-profile local breaches in recent months have emphasized the fact that South Africa is fully a part of the global village, and is not immune to cybercrime. In addition, many local organisations began a significant move to cloud technologies this year, making security a key consideration as part of their migration and new digital enterprise strategies.”
Williams notes that this new prioritization of information security has driven a significant increase in IT security spend in South Africa – predicted to top R7 billion this year. “This is more than double the spend only two years ago,” he says. Investment in information security is expected to climb still further next year.
Coming in 2018
Fortinet expects to see broader adoption of advanced, intelligent software defined network security in 2018, as organisations move from complex and inadequate legacy systems to integrated, intelligent and automated security.
“The arrival of intelligent network security, pioneered by Fortinet’s Security Fabric, along with pending new legislation, the growing risk faced by South African enterprises and increasing awareness of the need for proactive – rather than reactive – IT security, are all changing the IT security landscape, he says.
Williams predicts increasingly sophisticated arming of security technology next year. At the same time, he believes cybercriminals will up their game, with more significant breaches likely. “Sectors that we believe are still particularly vulnerable in South Africa are the public sector and the healthcare sector,” he says.
Cloud adoption, moves to the digital enterprise and a new focus on the Industrial Internet of Things (IIoT) will also drive the prioritisation of information security next year, says Williams.
“It was too long in coming, but South African enterprises are at last starting to integrate information security throughout their operations, focus more on security awareness and skills development, and prioritising security as part of their business strategy. We expect this trend to develop further next year,” says Williams.