A recent research study Mimecast conducted with Vanson Bourne revealed that 66% of the surveyed South African businesses said that they thought it likely that their organization would suffer from cyber-criminal activity in 2017.
So said Mimecast MD Brandon Bekker, adding that there are three major threats his organization believes SA businesses are facing in terms of IT security.
“Ransomware will explode to become one of the biggest threats, fuelled by smaller ‘opportunist’ attackers using off-the-shelf kits to deploy malware. This is an easy and cheap attack method that produces fruitful results. Few organisations have effective defenses against this type of malware and now with bitcoins enabling the perpetrators to increase distance from their victims further, it has never been so easy to get away with it,” he adds.
When asked how to prevent or mitigate attacks of this nature, he says cyber criminals are becoming increasingly more sophisticated and insidious, and are continually revising, updating and re-inventing their tactics and technologies to carry out an attack.
Because of this, preventive systems, such as anti-virus and intrusion prevention systems, are rendered inadequate. “Planning exclusively to help prevent cyber-attacks, like ransomware, isn’t enough. It’s time for businesses to implement a total cyber resilience strategy that includes security, continuity and data recovery.”
In his view, the ideal approach is to layer together state-of-the-art preventive systems, point-in-time recovery measures, and a means to maintain business continuity during a ransomware attack. He adds that education, or ‘building a human firewall’ plays a vital role, because the more staff can be aware of attacks such as ransomware, the more educated eyes can be on the problem.
The insider threat
According to Bekker, insider threats are also high on the list, and according to a Forrester Technology Adoption Profile study, these threats impact 99% of organisations surveyed.
In addition, these businesses said they had experienced some form of insider security incident in the past 24 months and 36% discovered insiders e-mailing sensitive data out of the organisation.
“With the POPI Act in the spotlight, organisations need to ensure that sensitive corporate data is not being accidentally or purposefully leaked externally; no business wants to be made an example of by the Information Regulator,” cautions Bekker.
The third threat was revealed to be e-mail impersonation, or whaling, which continues to plague businesses in South Africa. The Mimecast study showed that 51% of those surveyed reported seeing an increase in impersonation fraud where recipients are asked to make wire transactions.
Bekker says impersonation technology, in conjunction with regular employee education, will help business protect themselves from these attacks.
What we’re doing wrong
Speaking of what SA companies are doing wrong in light of these three threats, Bekker says although many SA businesses are developing stronger cyber resilience strategies, and cyber activity is being discussed seriously and regularly in boardrooms across the country, IT budgets still limit organisations that need the advanced, layered protection required to protect them from the evolving threat landscape.
“In their move to the cloud, many organisations believe that sufficient security is being built into their messaging platform. We are finding that the increased pace of development in the cybercrime underworld needs to be matched by a focused security solution that integrates with the messaging platform but focuses on the protection of corporate data.”
In terms of what businesses could be doing better, Bekker says there is a vast amount of information out there and many perspectives about what the future holds. “IT managers need to continue exploring all the options, researching the options and meeting with different providers to better understand how they can build a strong cyber resilience strategy and how to layer the right set of solutions into that strategy.