Towards an active cyber defence framework for SMMEs in developing countries


  • Nombeko Ntingi ECCWS
  • Prof Sebastian von Solms
  • Dr Jaco du Toit



SMMEs, active cyber defence, proactive, artificial intelligence, SOC as a service, security service provider


Small, medium, and micro enterprises (SMMEs) are obliged to adopt digital technologies to render services to their clients and remain competitive. The COVID-19 global crisis has accelerated the cyberfication of systems and services. The move to digital platforms has afforded SMMEs opportunities to offer their services to a broader geographical area. However, this has also presented opportunities for cybercriminals to invade the digital infrastructure. Adopting digital transformation has put SMMEs in a vulnerable position since they need to manage their cybersecurity while lacking the necessary skills and ICT infrastructure. The inability of SMMEs to defend themselves against cyberattacks compels them to outsource their security needs to external security service providers. These external security service providers offer security services based on a hierarchical operating model. Essential security services are offered at a lower level. If the paying clients require advanced security services, they may be provided as an add-on to the contractual agreement resulting in additional cost.


This paper explores the active cyber defence (ACD) approach to enhance cybersecurity defence while minimising service costs. Therefore, the primary objective and outcome of this paper are to identify some of the essential drivers that will contribute towards developing the active cyber defence framework for SMMEs in developing countries. For purposes of clarity, essential drivers are the gaps highlighted during the literature review and will be referred to as “essential drivers” throughout the paper. The essential drivers, together with suggested recommendations, will be consolidated. The essential drivers were drawn from existing literature by going through peer-reviewed academic papers and company whitepapers.


To achieve the primary objective, we need to establish whether SMMEs are utilising the services of external security service providers. The external security service providers will be referred to as “Security Operation Centre - SOC as a service” throughout the paper. The secondary objective of this paper is to determine whether SMMEs are utilising the SOC as a service and if they do, whether they realise value for money.



Author Biographies

Prof Sebastian von Solms

Prof. Basie von Solms is a Research Professor at the Academy for Computer Science and Software Engineering at the University of Johannesburg. He specialises in Cyber Security. He is a Past President of the International Federation for Information Processing (IFIP).




Dr Jaco du Toit

Dr Jaco du Toit is working as a senior lecturer at the Academy of Computer Science and Software Engineering at the University of Johannesburg. He is responsible for lecturing courses in Computer Science and Information Security. He is also the deputy director at the Centre for Cyber Security at the University of Johannesburg.