Mobile device security, data loss and malware detection key priority for South African firms – Sophos study

Sophos has released the findings of a regional study carried out in South Africa and the Middle East, indicating that the majority of organizations in Middle East  and Africa (MEA) are recognizing the benefits of integrated security especially the concept of linking network firewall and endpoint security for better insights.

However, the report revealed that although MEA organizations were unlikely to increase the  number of vendors they interact with, they were likely to increase the number of products in use, which highlights that organizations in the region currently do not tend to follow an integrated strategy when it comes to security.

The Sophos-sponsored InfoBrief Synchronized Security Market Analysis – Middle East & Africa, developed by International Data Corporation (IDC), revealed that the MEA countries represented a total security solutions market potential of nearly US $1.89 billion in 2015, which is expected to increase at a CAGR of 8.1% to a total of US $1.94 billion in 2020.

Key South African findings: Key MEA findings

1. In South Africa, mobile device security is the highest priority with 35% of companies. It is followed by data loss prevention (DLP) and security governance and management (28% each). While DLP is a top priority for both SMBs and enterprises, security governance and management, business continuity, and attack and penetration testing are higher priorities for larger organizations in the region.

2. Malware detection and prevention were the next most prevalent solutions, being more widespread in Turkey (85%) and South Africa (78%) while it was surprisingly low in the UAE (40%).

3. In terms of security appliance penetration, almost half (40%) of African respondents stated they planned to invest in unified threat management appliances.

4. While 42% of MEA companies have high confidence about their security posture, some companies especially in Suadi Arabia (3%) and South Africa (5%) are not confident at all.

“IT security is a top priority for companies in this region as it can impact uptime and overall service levels. In terms of plans to deploy, there is a major focus on end-to-end coverage with advanced security systems, making it apparent that respondents want to simplify and improve control over securing their organization’s assets. This is followed by plans to deploy mobile device security and cloud-specific security solutions. MEA’s mobile device proliferation is among the highest in the world, making it important to secure devices and content on devices. Increased deployment of private and public cloud services makes it critical for organizations to integrate security as a part of their cloud strategy,” said Harish Chib, Sophos’ MEA VP.

“It is clear from the responses that, in addition to threat landscape complexity, organizations do not have a holistic strategy when it comes to deploying their security solutions. With the increase in sophisticated attacks across the region, companies are now looking for smarter and simpler IT security solutions. The majority of respondents across all four countries agreed with the concept of linking network firewall and endpoint security for better insights. The acceptance is higher among larger enterprise. Synchronized security is the new key for protection against cyber threats,” Mr Chib added.

By far the biggest complexity factor found in the study was configuration and management, while security policies add to the increased complexity. In MEA, the number of vendors and products were highlighted as factors contributing to the complexity. In MEA, only 33% of the organizations have a single-vendor strategy with majority of them highlighted their multiple-vendor security environments.

In addition, organizations in MEA indicated having around 1–6 products, while a few were in excess of 13. This variance between the number of vendors and products deployed is indicative of a lack of an integrated view. However, this is likely to change in the future as the majority highlighted of organizations’ plan to invest in a centralized security management console over the next 1–2 years, with UAE organizations at the forefront, indicating their intention to invest in the next 12 months.

In the MEA region, external threats were revealed to be a major concern with viruses highlighted as being extremely significant, alongside unintentional data leakage. Skills constraints across technologies also remained a major challenge in the MEA region while the lack of real-time protection and security complexity also create limitations to improving security programs.