New data from Mimecast shows that South African organisations are increasingly under fire from the threat of phishing, ransomware and spoofing attacks, pushing cybersecurity to the top of corporate leaders’ agenda.
According to the Mimecast State of Email Security 2023 report, 92% of local companies have been the target of a phishing attack, with six in ten reporting an increase in such attacks. More than half (52%) have fallen victim to ransomware in the past year, and nearly nine in ten (88%) were made aware of attempts by threat actors to misappropriate their email domain.
Previously, a Forbes survey of business executives conducted in 2022 found data breaches beat climate change, inflation and the prospect of another global financial crisis as the top risk facing corporate leaders.
Brian Pinnock, vice-president: sales engineering for EMEA at Mimecast, says there is growing recognition among business leaders that, in a highly digitised modern business landscape, cyber risk equals business risk.
“A successful cyberattack can halt productivity, take critical systems offline, lead to financial losses and damage an organisation’s reputation. As a result, organisations are having to continuously evolve their cyber resilience strategies, with the ultimate goal of ensuring everyone in the organisation can work protected.”
Communication, collaboration tools prime targets
The growing use of digital communication channels due to the widespread adoption of remote and hybrid work models since 2020, has also led to more threats. Eighty-six percent of South African companies reported higher volumes of email in 2022, with 44% saying the increase was significant, far ahead of a global average of 29%.
“More email has led to more email-based threats, with 68% of local companies saying such threats have increased in the past twelve months,” says Pinnock.
Collaboration tools such as Microsoft Teams were also a concern. “Eighty-five percent of local respondents said their use of collaboration tools continues to grow and seven in ten believe they pose significant new security risks,” says Pinnock. “The vast majority (94%) of South Africans also agree they need stronger protections than those that come with their Microsoft 365 or Google Workspace applications, with as many as 58% saying they strongly agree.”
Budget gap putting companies at risk
The evolving threat landscape and elevated levels of risk from cyberattacks is posing questions regarding local companies’ cyber preparedness. “Nearly three-quarters (72%) of local respondents believe their organisation’s cybersecurity budget is less than it should be, with an average underfunding of 13,5%, the highest rate of all markets surveyed and considerably more than the global average of 8% underfunding.”
Despite pervasive budget constraints, security teams are taking what steps they can to improve their cyber preparedness. More than half (55%) of local organisations already use AI or machine learning to help under resourced teams stay ahead of threats, while 39% said they’re relying less on cyber insurance and instead investing more in their own cyber defences.
“Organisations that have deployed AI and machine learning to bolster their cyber defences report benefits that include more accurate threat detection, a reduction in human error, and an improved ability to block threats,” says Pinnock.
Increased cyber awareness
Aside from adequate investment into a robust and layered cyber resilience strategy, Pinnock advises that organisations prioritise ongoing and effective cyber awareness training.
“More than half of local companies surveyed said that insufficient employee awareness of cyber threats would be their greatest security challenge in 2023. While virtually all (99%) respondents said they provide some form of cyber awareness training to employees, common mistakes still put organisations at risk. These include poor password hygiene (77%), misuse of personal email (81%) and using cloud storage and other shadow IT (78%).”