The Real Cybersecurity Threats Facing South African Business with Rui Marques

Rui Marques on South Africa's cybersecurity skills gap, POPIA's impact, and why awareness is the key defence for businesses against rising threats

The greatest cybersecurity threat to South African businesses is not a specific virus or hacker, but a pervasive internal deficit of skills, awareness, and proactive culture.

This is starkly confirmed by cybersecurity expert Rui Marques. In our interview, he argues that the root cause of most breaches in South Africa is a critical gap in both technical knowledge and security mindfulness, from the C-suite to the end-user.

He details how this skills crisis, compounded by the new urgency of POPIA compliance, creates a perfect storm for organisations, leaving them vulnerable to even the most common attacks. Marques provides a clear-eyed view of the challenges and the emerging technologies, like AI and Zero-Trust, that are helping to turn the tide.

Interview with Rui Marques

Biggest cyber‑security problems South African companies face?

I believe security awareness and technical skill is the largest issue in South Africa at the moment from a cyber-security perspective.

A lot of South African companies are suffering from attacks due to a lack of concern and/or knowledge for cyber-security from IT and Risk Management.

While now, due to regulatory requirements, cyber-security is hopping onto a radar.

A lot of organisations, especially in the SME space, build services and solutions without even thinking of security, and as these organisations scale, so do their vulnerabilities and points-of-failure.

I have observed a trend in an attitude of "If it's not broken, don't touch it" and you would expect it's a trade-off of security in favour of uptime and availability, but instead it's due to a lack of skills and knowledge of how technologies and security integrate with one another.

There is a lack of drive to educate and inform users and staff about cybersecurity, and this is present in both end-user training as well as technical management and deployment of IT infrastructure.

Attacks succeed because users are not trained to identify and report them, cyber-security solutions and software are not managed and configured to prevent them.

A perfect example of this is when a phishing email hits an organisation.

This is a very common attack vector globally, but especially effective in South Africa.

A user would be expected to be trained to identify malicious links, attachments, and sender-addresses. However more often than not, users are not trained, and will fall for this.

Then on the other hand, the technology deployed by the organisation is expected to be configured to detect these indicators before it reaches the user. However more often than not a tool is deployed, and not configured to it's full capability, or not configured correctly at all.

Why cyber‑security is becoming more important for South African businesses?

South Africa is being increasingly targeted due to the fact that it's cyber-security industry is not as mature as other countries. Again this is due to a lack of drive or skills.

However, now that POPIA has become a requirement, there is a large push to improve organisational cyber-security in order to protect user data and privacy.

POPIA (Protection of Personal Information Act) is similar to GDPR in the EU, and requires that user data be processed with specific security and privacy controls and rules.

Thanks to POPIA, organisations are now looking to further improve their cyber-security, and there is a large push to become secure and meet requirements for cyber-insurance as well in the event of a breach.

What makes it hard for companies to improve their cyber‑security?

As per my answer to question 1, lack of knowledge or drive for cybersecurity historically makes improving cyber-security difficult.

This leads organisations to not implement relevant security, and have to catch-up to meet standards or requirements over time.

Once the teams realise they need to beef up cybersecurity and start looking, the largest deterrent I've observed is the sheer magnitude of what is required to actually become compliant and cyber-secure, as well as the budget that comes with that.

This leads organisations to take a slow approach to get things going, and they often lag behind in terms of patching, secure configuration, and data practices.

For organisations that are taking security seriously, budget and lack of skills is still a concern. Finding a good service provider can be costly, but so can finding the time to hire and up-skill someone with the relevant skill-set required for security maintenance. Good security architecture and implementation is expensive, and more often than not IT teams struggle to convince executive decision makers to purchase the relevant solutions, or hire more staff to optomise existing solutions due to a disconnect between business and information technology.

Are there enough skilled cyber‑security professionals in South Africa?

No. Even for our organisation, and the organisations we manage, it's difficult to find the right attitude and skills required for the industry.

Many people will apply for positions with the relevant industry certifications, but once those individuals are tested with practical demonstrations and theoretical scenarios, it's clear that brain-dumps or cramming was used.

Cyber-security is more than a certification, it's understanding business, technology, networks, data-flows, compliance, governance and people, and the way they all integrate into information technology.

If someone has the right attitude, and mind-set they can be trained into excellent security professionals, but more often than not, the job-market is filled with money chasers who would not add value to an organisation.

Which types of businesses need the most cyber‑security protection?

All of them. Businesses and individuals alike are targets of threat actors and will be exploited where possible.

To be more specific however in terms of priority, I've noted that critical infrastructure for government, has been heavily targeted. For example the South African Broadcasting Corporation (SABC) which is government owned and managed, was breached within the last 2 months due to a business email compromise, which was then leveraged to send phishing emails to all it's partners and contacts. Transnet, another government owned organisation responsible for a large portion of local logistics was breached within the last 5 years as well.

Businesses however would likely be banks and manufacturing facilities. Banks are always targeted, but manufacturing facilities that process food, and have OT infrastructure are heavily targeted due to the multitude of vulnerabilities legacy SCADA systems have, and the lack of security around HMI and IO devices. More often than not OT environments are a lot less hardened, and secured than they should be.

Which new technologies helping South African companies stay safe online?

As with the rest of the world, and all other industries the rise of AI-driven technology and assistance within the cyber-security space has been exponentially more apparent within South Africa.

Whether it's in-house built tools for threat-analysis, the reduction of alert-fatigue and an extra tool for log parsing and threat intel, or purpose built-tools such as Mimecast's AI enhancements for mail security, AI is being leveraged to enhance security efforts.

The most popular technologies observed would be for example SOC driven AI tools, such as Darktrace Antigena AI, as well as ZTNA tools.

Zero-trust is becoming a more common approach for South African businesses as it is more cost-effective than a full-blown SASE solution. Good examples I've seen include Forti-ZTNA and Sophos ZTNA for network access. and while SASE is a superior solution, ZTNA is a lot more cost-effective and simpler to manage for companies in South Africa. As South Africa matures in it's cyber-security industry, SASE will likely become the standard in future.