JOHANESBURG, January 16, 2025 - LexisNexis South Africa has noted growing concern over the use of artificial intelligence (AI) in the legal profession, following a high-profile incident likely involving...
Cybersecurity threats are on the rise, and organisations are on the back foot. This emerged at our latest LexisNexis webinar, which unpacked cybersecurity management strategies for more resilient organisations...
In 2024, we witnessed the introduction of landmark legislation, the rapid evolution of regulatory and compliance frameworks, and groundbreaking thought leadership shaping responses to these transformative...
LexisNexis South Africa has been recognised at this year’s Oliver Top Empowerment Awards for its outstanding contributions to digital transformation. The leading legal tech organisation was honoured with...
JOHANNESBURG, July 29th – As South Africa marks three decades of democracy and enters a period of post-election flux our legal landscape is expected to shift in response to the new political reality. ...
Cybersecurity threats are on the rise, and organisations are on the back foot. This emerged at our latest LexisNexis webinar, which unpacked cybersecurity management strategies for more resilient organisations.
Panellists, cybersecurity, Risk & GRC Consultant Taahir Haffejee and Bheki Gutshwa, President of the Institute of Risk Management South Africa, painted a worrying picture of our current cybersecurity landscape. However, our experts emphasised that with the proper risk management strategies, organisations can build resilience and confidently tackle threats.
“A 2023 report indicates that there has been a 76% increase in cyber-attacks on businesses in South Africa and neighbouring countries like Kenya and Zambia,” said Haffejee. He added that 82% of South African companies have experienced at least one cyber breach in the last two years and despite this, only 67% of businesses use some sort of end-point protection against cyber threats.
Gutshwa pointed to the prevalence of these threats globally referencing the Allianz Risk Barometer which named cyber events the top risk of 2024.
Despite the substantial threat to business continuity and the broader economy, many organisations are still failing to act with the urgency required.
There are numerous hurdles stalling action, including a lack of communication between the executives, risk managers, and IT departments, the cost of implementing adequate measures, and outdated methods of dealing with rapidly evolving threats. “Communication around these threats involves collaboration across departments and giving risk managers a platform to push cybersecurity to the top of the corporate agenda,” said Gutshwa. However, panellists agree that the most crucial of these hurdles is adopting a reactive approach rather than a proactive one.
Haffejee provided actionable steps for organisations to use to ensure they are fully prepared and protected against future attacks, emphasising that these steps should always be tailored to the organisation’s specific needs, and it is not a “one size fits all” approach.
The process begins with understanding the threat landscape said Haffejee explaining that organisations must conduct thorough assessments of potential cyber threats, including the tactics, techniques, and procedures (TTPs) employed by attackers. This foundational knowledge helps tailor security measures to address specific vulnerabilities and high-risk areas.
The next step is implementing risk assessment frameworks such as NIST or ISO 27001 to systematically evaluate and prioritise risks based on their likelihood and potential impact. This structured approach ensures that risk management efforts are consistent and thorough, laying the foundation for the next step, effective prioritisation of risk mitigation strategies. These strategies should focus resources on the most significant risks identified during assessments.
Following the prioritisation of risks, organisations must establish governance and oversight by creating a clear structure that includes appointing risk owners and oversight committees to ensure accountability in risk management processes. Implementing a threat intelligence program is essential for collecting and analysing emerging threats, enabling proactive defence strategies.
To ensure that they are keeping up with evolving threats, organisations should commit to regularly testing and updating security measures through vulnerability assessments and penetration testing to strengthen defences. Developing robust incident response plans is critical for minimising the impact of security breaches and ensuring a swift and coordinated response during incidents. Finally, fostering a security-first culture by engaging employees in security awareness and training programs empowers them to function as the first line of defence, encouraging proactive behaviour and adherence to security protocols.
Gutshwa referenced the value of these steps in a holistic risk management approach but advised organisations to not go about it alone, calling on specialists for support in areas where internal expertise may be lacking. LexisNexis is a trusted partner in cybersecurity risk management, providing a comprehensive Governance, Risk, and Compliance (GRC) solution that helps organisations proactively mitigate risks. This robust platform integrates corporate governance and risk management, enabling effective handling of both enterprise and regulatory risks, including compliance with data protection regulations like POPIA and GDPR.
In line with our panellists’ recommendations, this solution can be customised, allowing organisations to tailor their risk management frameworks to meet specific operational needs. By leveraging LexisNexis' extensive legal database and expert consultants, businesses can enhance their cybersecurity measures, ensuring they are effective and resilient against cyber threats. This proactive strategy not only protects sensitive data but also strengthens organisational integrity and compliance, fostering greater trust with clients and stakeholders.
The GRC solution from LexisNexis equips organisations with the tools they need to navigate the complexities of risk management in today's digital landscape. There is a lot at risk without adequate cybersecurity measures in place but with the right tools, strategies, and guidance, organisations can navigate volatility and remain resilient.