Faculty of Commerce, Law and Management (ETDs)
Permanent URI for this communityhttps://hdl.handle.net/10539/37778
Browse
2 results
Search Results
Item Investigating cyber resilience in Small, Medium, and Micro Enterprises (SMME’s) in Gauteng(University of the Witwatersrand, Johannesburg, 2022) Kamanga, Edna Clara; Pillay, KiruCyber resilience is becoming increasingly vital for Small, Medium, and Micro Enterprises (SMMEs) to withstand and quickly recover from cyber threats. This qualitative study investigates the cyber resilience strategies, critical success factors, and best practices within SMMEs in Gauteng, South Africa. The research aims to understand SMMEs approach to cyber resilience and whether they incorporate all dimensions of the Cyber Resilience-Self Assessment Tool (CR- SAT), a framework specifically recommended for enhancing the cyber resilience of SMMEs. The study identifies key critical success factors that are prevalent among Gauteng’s SMMEs. The methodology involves semi-structured interviews with business owners, IT Managers, and cybersecurity experts within a variety of SMMEs in Gauteng. The selection of participants ensures representation across different industries to allow for comprehensive insights into the cyber resilience landscape within this economic sector. Thematic analysis of the interview data provides an in-depth understanding of the experiences, practices, and perceptions of cyber resilience among participants. Preliminary findings reveal that while some SMMEs demonstrate awareness and implementation of cyber resilience best practices, there is a varied degree of adoption concerning the CR-SAT framework. Several critical success factors emerge, these include adoption of best practices in implementation of training and awareness, risk management, business continuity, the implementation of incident response plans, outsourcing, dealing with credible vendors. However, the research also identifies significant gaps in knowledge and resource constraints, which impede full-scale implementation of recommended cyber resilience measuresItem Strategies to mitigate ransomware related cyber-attacks in South African financial institutions(University of the Witwatersrand, Johannesburg, 2023) Mahlangu, Nqobile; Pillay, KiruDigital transformation has become topical amongst many organisations and industries alike. Inherent to the adoption of technology to optimise business processes and operations, cyber-attacks have become a growing concern, with ransomware becoming a top concern for organisations. South African banks have not been immune to the associated ransomware risks, as threat actors continue to find motivation to attempt infiltrating SA banks, compromising their confidentiality, integrity, and availability thereafter and demanding a ransom. Cyber-resilience is positioned as an attractive strategy to prevent and mitigate ransomware attacks. This study investigates the effectiveness of employing a cyber-resilience strategy in mitigating ransomware attacks within South African financial institutions, in particular SA banks. The study explores various best practices and factors that influence cyber-resiliency, the role that management plays in ensuring cyber-resiliency, and finally, various methods that can be employed to assess the effectiveness of cyber-resilience as a strategy. The study employs a qualitative research approach, using semi-structured interviews to collect data. With the permission granted by participants, all interviews were recorded, transcribed, and then analysed using thematic analysis. The research questions, which delve into the outlined research objectives, serve as a guide for the discussions of the findings. Literature and findings from the study show that ransomware is considered a top concern for SA banks, with an agreement that “it is not a matter of if ransomware attacks will happen, but rather a matter of when.” In response to this, findings show that the organisations covered in the scope of the study have employed a cyber-resilience strategy for prevention and mitigation of ransomware attacks, as it is noted as an effective strategy in preventing and mitigating ransomware attacks