The vast majority (95%) of South African organisations use third-party solutions in addition to what is offered by their email providers to help secure their email against the growing volume of cyberattacks.
This is among the findings from new Mimecast research that provides key insights into the challenges and risks to South African organisations’ business email platforms. Mimecast commissioned a survey of 331 South African IT and security directors in the financial services, healthcare, manufacturing & utilities, professional services and public sectors.
The research indicates that the Covid-19 pandemic and resultant switch to remote or hybrid work models, has exposed organisations to increased cyber risks, with threat actors deploying a broad range of tools in attempts to breach organisational defences.
Eighty-two percent of respondents said that cyber attackers have become more sophisticated since the start of the pandemic, with 71% seeing an increase in security issues involving email. Seven out of 10 (72%) found that email-borne attacks are now more likely to find some measure of success.
Additionally, 85% of the organisations surveyed said they are accelerating their digital transformation plans, with more than half (55%) saying it is to be better protected against cyber threats.
“A changing regulatory landscape is putting further pressure on organisations, with the Protection of Personal Information Act (POPIA) now in full effect. Considering that the grace period ends on July 1st, 2021, it was surprising to see only two in five IT decision-makers believe their business email systems are fully POPIA compliant,” says Brian Pinnock, cybersecurity expert at Mimecast.
Mimecast research also found that IT decision-makers report an average of 3.2 email service outages per year. The most common ways downtime affects South African organisations include reduced productivity (59%), inability to provide services to customers (47%), loss of production time (44%), damage to their reputation (36%) and loss of revenue (36%).
“With the vast majority of organisations depending on Microsoft 365 for their business email, any service interruption could significantly affect the productivity of an organisation or in some cases an entire sector of the economy,” says Pinnock. “In the public sector, the rate of outages is even higher at nearly four (3.8) per year.
“In light of the vital importance of public services – especially during the ongoing pandemic – suffering regular email outages could significantly undermine the delivery of essential services to those most in need. Public and private sector organisations need additional solutions that can ensure the effective running of the business even during an email outage.”
Built-in email security ‘not enough’
While South African organisations stated high levels of confidence in the security of their business email services, the vast majority deploy additional security solutions for the following reasons:
To halt attempted phishing attacks (38% of respondents).
To increase the organisation’s overall resilience (34% of respondents).
To stop ransomware attacks (31% of respondents).
“The general consensus over implementing additional layers of security on top of security built into business email platforms such as Microsoft 365, points to growing recognition that defence-in-depth is necessary in the current threat landscape”, says Pinnock. “Email remains the number one business application and is even more important to the effective running of an organisation with the switch to remote or hybrid work models. With the volume of all attack types growing over the last year, and an increasing reliance on a few dominant email platforms, organisations are at unprecedented risk from costly business interruptions due to email vulnerabilities. Deploying specialised security solutions that offer the best-in-class protection against specific attack types gives organisations greater overall resilience.”
To download Mimecast’s “Business email platforms: how well are South African organisations protected from email-borne attacks?” report, which highlights the key findings from the research, click here. For more information about Mimecast, visit: www.mimecast.com.