To make progress in a changing world driven by technology and innovation, African enterprises require a holistic cyber-security strategy. This becomes all the more necessary if such enterprises embark on cloud journeys.
Experts have explained that such strategies are needed because the future is cloud-first which is why the global cloud spend is forecast to reach $178 billion in the next 12 months.
Though Africa may lag behind the rest of the world’s cloud adoption with only 15 percent penetration, the continent’s public cloud market has doubled in the past three years, according to Ola Williams, Country Manager, Microsoft Nigeria.
To remain competitive in a digitally transformed business environment, Williams says agile enterprises around the world have also adopted cloud technology to enable new ways of working for their distributed, remote- and hybrid workforce.
“And this new way of working isn’t going anywhere; 60 percent of global knowledge workers are currently remote and, at least, 18 percent will not return to the office. Africa has embraced this trend, too, Williams notes.
According to a 2022 International Labour Organization report that covered more than 1,000 enterprises in 15 African countries, nearly 36 percent of employees worked remotely during the pandemic. The report also reveals that while most future workplaces in Africa won’t be fully remote, they will be either in-person or hybrid.
Another reason cyber-security strategies are needed is that enterprise-wide cloud adoption is increasing as digital-first business leaders look to ensure flexibility through hybrid work, market agility, and business continuity throughout their daily operations.
Paradoxically, however, when a rapid digital evolution is not approached strategically with end-to-end security in mind, it can leave enterprises more vulnerable to cyber-security threats due to a wider set of risks spread across multiple surfaces and entry points.
This is particularly important during a cloud migration, when the rush to move business-critical workflows from on-premise to the cloud can unintentionally (and easily) open backdoors to bad actors.
For this reason, Williams advises that a robust, end-to-end cyber-security strategy every step of the way should be adopted by enterprises, especially those already on cloud journeys.
Cyber-security remains a significant concern for enterprises in Africa as, according to the Club of Information Security Experts in Africa (CESIA), in 2022, more than half of companies in Africa believe they are not prepared to handle a large-scale cyber-attack.
And Interpol’s Africa Cyber-threat Assessment report found that more than 90 percent of businesses on the continent operate without the necessary cyber-security protocols.
Williams cites a recent IDC security survey commissioned by Microsoft which shows that only 16 percent of organizations in Nigeria have implemented a full end-to-end security strategy with shared responsibilities, risk tolerance, classified events, and recovery plans in case of an attack.
He says that another 15 percent of surveyed organizations have implemented – but not formally tested or reviewed – a security strategy, adding that organizations in Nigeria still lag in terms of security solution implementations.
“With the acceleration of digital transformation enabling cloud-first and hybrid work environments, it’s more important than ever to have a robust, end-to-end cybersecurity strategy in place – right from the beginning of the cloud journey, and every step of the way,” he emphasized.
According to him, cloud environments are more complex to secure, and a ‘lift-and-shift’ migration approach is no longer feasible, noting that increased hardware, software, and network fragmentation (on-premise, cloud, and hybrid) result in access-control and human-error risks – the latter often being the biggest reason cyber-threats hold in the first place.
Williams also cited a Stanford University study which confirmed that about 88 percent of all data breaches are caused by an employee mistake, explaining that an employee simply failing to limit permissions on a cloud database can easily open the entire organisation to a cyber-attack.
“Approximately 20 percent of organizations in Nigeria indicated that training non-IT employees in security-awareness is one of the most important steps for increasing security. Although this percentage is fairly low, it is expected to increase, with many more organizations expected to launch security awareness campaigns,” he assures.
