Trisha Govender Manager, MANCOSA School of Information and Digital Technology (SIDT)
Over the past 10 years, the South African Reserve Bank (SARB) and the Department of Public Works lost over R400m to cyber attacks. Further, the breach of the National Health Laboratory Services and the Companies and Intellectual Property Commission this year has exposed South Africa's weaknesses regarding cyber security and the growing global tech skills shortage when addressing these risks.
"The World Economic Forum (WEF) released a report in January that provided a global outlook for cybersecurity. While cyber inequity is a major issue, the growing skills shortage is a major issue that will make addressing this risk very difficult," says Trisha Govender manager: Mancosa School of Information and Digital Technology (SIDT).
Cyber inequity
According to many risk analysts, cyber risk is one of the biggest growing concerns that countries need to deal with. As evidenced by the SARB and Department of Public Works losses, cyber events can be crippling for economies, with many companies not having the ability to recover from a R400m loss.
The WEF points out that the growth of cyber risk has been significant. In 2022, the cybersecurity economy grew twice as fast as the global economy. The report adds that in 2023, this growth was four times faster.
Conversely, the report adds that cyber resilience has dropped by 31% since 2022, with the distance between cyber-resilient organisations enough to survive significant attacks and those who are fighting from the trenches growing at an alarming rate. The cost of accessing adequate cyber services, tools, and talent and the adoption of cutting-edge technology by larger organisations in the ecosystem are two core factors contributing to this inequity.
"This is a massive problem with potentially groundbreaking ramifications," warns Govender.
Contextualising the South African skills shortage
Govender points out that the South African cyber skills shortage has been growing over the past several years.
"According to a new whitepaper published by Cisco in collaboration with public policy consultancy Access Partnership and the Centre for Human Rights at the University of Pretoria, South Africa (titled Elevating Africa's Cyber Resilience), despite having over 57,000 cybersecurity professionals, South Africa is still under-resourced and faces significant challenges. However, it fares better than other African countries like Nigeria, which has just 8,352 cybersecurity professionals. Among the top African nations facing these threats, South Africa experiences an average of 1,450 attacks per organisation weekly, marking a 4% increase from the previous year. Meanwhile, Kenya and Nigeria also rank high in terms of cyber threats. Overall, the continent is struggling with visibility and resources in the cybersecurity domain," says Govender.
While critical strategies such as upskilling, leveraging managed services, and adopting automation can help mitigate the cybersecurity skills shortage in South Africa, more is needed to eliminate the associated risks. The shortage persists due to the dynamic nature of cyber threats, slow talent pipeline growth, and reliance on human factors, which remain vulnerable to error. "To effectively manage these risks, businesses must adopt a comprehensive, long-term approach that includes strong leadership commitment, ongoing employee education, and risk-based resource allocation. Additionally, government support and global collaboration are essential to bolstering these efforts," says Govender.
Taking the lead
Mancosa, through the SIDT, is one of the many higher education providers in South Africa taking the lead in addressing this skills shortage by offering several courses and qualifications that will produce world-class IT professionals.
However, the WEF report points out that the rate at which cyber risks evolve is quicker than skills development efforts.
"The risk of cybersecurity skills lagging behind evolving threats is significant. For example, the 2021 Colonial Pipeline ransomware attack demonstrated this issue. Attackers used advanced techniques like double extortion, which many cybersecurity training programs did not fully address. Consequently, even skilled professionals faced challenges in effectively countering these sophisticated threats. This skills gap leaves organisations vulnerable and highlights the need for educational institutions to rapidly update their curricula to match the latest cyber risks and technologies. Bridging this gap is crucial for enhancing cyber resilience and preparing professionals to tackle emerging threats effectively," says Govender.
One of the ways to address this effectively is through artificial intelligence (AI). Govender points out that AI can analyse vast amounts of data to identify patterns and anomalies that signal potential threats, improving the speed and accuracy of threat detection and response.
Automation: AI can automate repetitive tasks such as monitoring, alerting, and responding to specific threats, reducing the burden on human teams and increasing efficiency. Further, AI algorithms can predict and model potential attack scenarios, helping organisations proactively strengthen their defences.
However, AI is not self-designing, and the role of tertiary education is to provide skills that can build AI protocols that can become an integral part of any cybersecurity response.
Muted optimism
According to the WEF Report, only 15% of respondents to the report said that they are optimistic that cyber skills and education will improve significantly over the next two years. Govender points out that Mancosa is ensuring that it sets the benchmark when it comes to addressing the cyber skills gap.
Mancosa addresses the cybersecurity skills gap through its Mancosa skillME platform, which offers targeted short courses designed to equip professionals with the essential skills needed in this rapidly evolving field.
“Mancosa ensures its short courses are up-to-date and industry-relevant, providing practical, hands-on training that can be immediately applied in the workplace. Focusing on critical areas, like threat detection, incident response, and data protection, these courses help bridge the skills gap for individuals and organisations alike,” says Govender.
Additionally, Mancosa collaborates with industry experts to develop and deliver these courses, ensuring participants gain insights from cybersecurity professionals. This approach allows Mancosa to remain agile and responsive to emerging trends and challenges in the cybersecurity landscape.
“Through Mancosa skillME, the institution plays a vital role in upskilling professionals and contributing to the broader effort to close the cybersecurity skills gap, even as it explores the potential for more formal learning programmes,” says Govender.