Craig Rosewarne, MD of Wolfpack Information Risk, delves into the world of cybercrime threats that South Africa faces in 2016, as well as how the pending Cybersecurity Bill might take some of the pressure off business.
According to the 2015 International Business Report (IBR) focused on cyber security, one in ten South African businesses have experienced a cyber-attack in the past year. While cybercrime incidences have been on the rise over the past few years, the sheer level of these attacks is now starting to make business sweat.
A major trend that experts have started to pick up on is whaling, referring to targeted emails that pretend to come from the likes of senior executives within the organisation. Due to the fact that these emails are coming from positions of power within an organisation, there is little reason for employees to suspect foul play.
Organisations are also forking out large sums of money in a desperate attempt to stop cybercriminals from leaking illegally obtained company information.
With the cost of cybercrime in South Africa reaching nearly R5.8 billion in 2015, according to the Global Cost of Cyber-crime report, organisations feel that they’re now in dire straits, but where do they go from here?
A solution on the horizon?
Contrary to popular belief, South Africa is in a very good legislative position to prevent cybercrime and malicious attacks. But beyond legislation, the issue we currently face is the inability to put the structures in place and manage them appropriately. Having the right structures in place to report crimes, monitor them, and enforce the law is something the Cybercrimes and Cybersecurity Bill hopes to address.
The bill aims to keep the people of South Africa safe from cybercriminals and breaches. It also consolidates South Africa’s cybercrime laws into one place, providing an excellent mechanism to bring criminals to justice.
While the bill looks to eventually level the cyber playing field, it is still currently stuck in the deliberation pipeline. So how do businesses move forward until it comes into action? Third party solution providers, like Mimecast, are there to provide safety nets to keep criminals at bay.
One solution to protect employees from phishing emails, provided by Mimecast, is its Targeted Threat Protection service. It protects again common spear-phishing email attacks where the victim is given a malicious web link to click on or a malware-laden attachment to open. Each link and attachment is reviewed by Mimecast before it can be clicked or opened.
But technology like Mimecast Targeted Threat Protection is only part of the story. Education is key when it comes to keeping your personal and organisational information safe from prying eyes. By educating employees about the threats they face and giving them the means to report suspicious activity, organisations can unlock the power of their human firewall to thwart attacks that are growing in sophistication.
An educated workforce protected with the best security technology will help to ensure that your private data is kept just that – private.