SA financial orgs face pressure to increase security

98% of IT decision-makers working in banks and financial service institutions (FSIs) in South Africa are under pressure to level up their security protocols, according to new research from Citrix. This comes as 75% see IT security risks in the industry increasing since the start of the Covid-19 pandemic. Employees are most likely to be pressurizing their organisation to increase security, with 55% of IT pros reporting pressure from this group, followed by government (48%), customers (43%) and shareholders (33%).

Perhaps in response to these demands, 61% of respondents report that security has become a top priority in their organisation over the past 18 months. They join the further 30% who report that it has been a top priority “for years”.

“It is no surprise that security has become an even greater priority since the pandemic began,” says Amir Sohrabi, area VP for emerging markets at Citrix. “As remote work became ubiquitous overnight, and employees were more likely to be distracted by personal and professional stressors, cyberattacks have increased across the globe. This research highlights that both internal and external stakeholders have recognised the challenges, which are especially pertinent in a sector like finance.”

Technology maturity, namely Zero Trust and digital workspace, is driving confidence

However, despite the increase in cyber-attacks and the changing demands and pressures upon them; 89% of IT decision-makers claim they are comfortable with their IT security provisions, with 36% of those saying they are “very comfortable”. 87% also believe that the IT security teams in their organisations have “all the skills necessary” to handle today’s challenges.

This confidence may come, at least in part, from the fact that many organisations are replacing their traditional VPN solutions with Zero Trust, cloud-based services. 48% of respondents have already implemented this, with another 44% planning to do so in the next 12 months. A further 7% plan to follow suit in the longer term. The biggest drivers behind this decision are improving security for access using BYO devices (41%), improving end-user experience (37%), consolidating multiple point products (35%) and having an agile and secure remote work strategy (33%).

In addition, 86% of IT decision-makers report that they are satisfied with the digital workspace solutions their organisation has used to support remote work, over the past 18 months. 45% of respondents implemented these digital workspace solutions in response to the mandate to work from home last March, while a further 46% already had them in place prior to the pandemic. Just 9% plan to provide their teams with digital workspace solutions in the future, leaving a mere 1% without this technology in the long term.

Of the other technologies that organisations have in place to support remote working, the most popular are virtual desktops and apps (51%), video conferencing / streaming (47%), and collaboration tools such as Slack or Microsoft Teams (42%).

Skills and training gaps present potential vulnerabilities

Whilst the majority of IT decision-makers feel they have the right teams in place to support their organisations’ current security posture, there may be challenges on the horizon. 74% of respondents admit that they will need to hire externally to get the right skills in the future, while 64% feel that at some point, IT security teams in their organisation “will need to be entirely reskilled”.

Additionally, the research uncovers some gaps in wider security training for employees of banks and FSIs. 43% of respondents say that security training for all employees at their organisation is provided less than once a year, with 1% admitting it is “never” provided.

“The challenges caused by the pandemic and the pressures put on IT decision-makers by key stakeholder groups, have led to security soaring up the priority list for many financial organisations,” says Sohrabi. “The last 18 months have clearly been a time of great change, with new technologies being implemented, so it’s highly encouraging to see most IT managers in this sector adapt and accelerate, to ensure they have the correct security posture in place.

“However, this is no time to get complacent and there is clearly an opportunity for businesses to future-proof their security by upskilling their IT teams and providing regular training for the wider employee group. There has been an alarming increase in cyber-attacks since the start of the pandemic, and many of these come as a result of human error. The importance of dedicated annual training, therefore, cannot be underestimated.”