BeyondTrust, the worldwide leader in intelligent identity and access security, has announced the release of a new IDC Technology Spotlight report, “Africa’s Road Map to Identity Maturity and Security Using Privileged Access Controls.” Sponsored by BeyondTrust, this report examines the need for identity-focused security in Africa, highlighting the digital adoption trends that lead to vulnerable business postures and the methods for enhancing security strategies using privileged controls. The overall goal of the report is to help establish a sound privileged access security strategy roadmap for Africa.
In this report, an IDC analyst reviewed key findings from multiple IDC Security Surveys (2022-2023) in addition to IDC’s Worldwide Security Spending Guide (2023) to assess why cybersecurity remains a challenge across Africa. The report also makes recommendations to African organizations on how to get their cybersecurity roadmap aligned with demonstrated threats.
Conclusions drawn from the report indicate that:
- There is a massive lack of maturity in identity protocols: As the physical demarcation of network perimeters expands, African organizations need to realign their IT security investments in cybersecurity protocols. IT’s focus has not evolved with the threats, and current strategies are now outdated.
- PAM and Identity security should be at the core of modern security practices: Organizations should focus on creating identity-based perimeters and access-based boundaries. IDC recommends that African organizations start by securing privileged users.
- Preparation for a breach should always be the main plan: Organizations must be prepared to enforce strong application, password management, least-privileged controls, and just-in-time access policies to prevent phishing-initiated breaches. Most compliance mandates require all privileged access sessions to be monitored and managed and evidence to be maintained.
More than ever, entities in Africa need to get serious about identity security. Investments in identity security in Africa have been low, despite the high rate of curated spear phishing attacks plaguing the continent. In early 2022, when IDC surveyed 209 organizations across Sub-Saharan Africa, just 18% said they were using PAM solutions.Shilpi Handa, Associate Director Research — Cybersecurity, IDC
Key findings from the report revealed:
Many organizations in Africa are still unprepared for cyberattacks
- More than 90% of businesses on the continent were operating without the minimum necessary cybersecurity protocols.
- Only a handful of countries have cybersecurity regulations in place to protect consumers and businesses.
- Investments in identity security in Africa have been low, despite the high rate of curated spear phishing attacks.
- Overall privileged access control adoption was surprisingly low. In September of 2022 only 18% of organizations surveyed said they were using PAM solutions, and Multifactor authentication (MFA) adoption stood at a mere 34%.
- Companies and their employees are not the only ones vulnerable to cyberthreats; individual identity itself is at risk from cyberattack in Africa today.
Phishing is the top threat in SSA
- Phishing (62%) and insider threats (51%) are among the top 5 threats in SSA.
- The rate at which phishing is growing in the region is worrisome and likely to become more severe with the increasing adoption of generative AI (GenAI) by hackers.
Zero trust initiatives were ranked second in terms of expected investment
- Automated response to security incidents is considered to be the most important investment priority (73%) in the next 12-18 months. Zero trust initiatives ranked second (52%).
- Privileged access management (PAM) and identity and access management (IAM) were key projects on the zero trust journeys of 61% of CISOs in South Africa.
- 53% of respondents in South Africa regarded cloud entitlement management (or the use of identity-specific tools to monitor/manage entitlements and access to cloud resources) as their second most important cloud investment priority for the next 12–18 months.
Securing identities and access is critical to combatting today’s cyberthreats. By securing the privileges and access that make compromised identities dangerous, we are empowering organizations to proactively safeguard the critical assets across their estate, even in today’s evolving threat landscape.Morey Haber, Chief Security Officer, BeyondTrust