Cyberattacks on South African companies are on the rise. Local insurers and incident response teams reporting the highest level of incidents they have ever seen, as these attacks become more frequent and sophisticated, the majority of local businesses can expect to suffer a harmful data breach at any given time.
This is according to Mimecast’s seventh annual State of Email Security report, which reveals that 68% of local organisations have experienced an increase in email-based threats, with 44% saying it was a significant increase – higher than all other countries and against a global average of 29%.
“Email remains the primary communication method for businesses, mainly due to its ease of use. However, with this also come security pitfalls,” says Ryan van de Coolwijk, product head: cyber, at iTOO Special Risks.
“Business email compromise is now the most common cause of insurance claims that we are currently seeing, as some hackers are seemingly pivoting away from ransomware given the successes they are having with email-based attacks and how quickly and easily they can monetise this data.”
However, despite some cybercriminals shifting to email-based attacks, Van de Coolwijk warns that ransomware threats are far from dead, but have seen a recent resurgence – both locally and internationally. The report states that 52% of South African companies were harmed by a ransomware attack during the past 12 months.
Collaboration tools
The research also reveals that collaboration tools remain a potential vulnerability, with 93% of companies agreeing that collaboration tools are essential to the well-ordered functioning of their companies, but 70% say collaboration tools are posing significant new security risks. Additionally, 61% expect to be harmed in 2023 by a collaboration-tool-based attack.
“There has been a huge surge in the use of collaboration tools over the past three years, with many companies still operating with hybrid workforces that rely on collaboration tools to maintain contact and conduct virtual meetings. Unfortunately, it is this wide adoption and usage of collaboration tools that has made them an easy target for hackers,” says Van de Coolwijk.
In terms of cyber awareness, the Mimecast report says that eight out of 10 respondents believe their company is at risk due to inadvertent data leaks by careless or negligent employees, with a quarter saying that the risk was extremely high. Furthermore, 52% identified insufficient employee awareness of cyber threats as their organisation’s biggest security challenge in 2023.
South African companies also expressed concern about employees making serious security mistakes in the following activities: misuse of personal email (81%), using cloud storage and other shadow IT (78%), poor password hygiene (77%) and using collaboration tools (69%). Encouragingly, 28% train their staff on an ongoing basis.
Not always a hack
“It is important that organisations remain cognisant of the fact that data leak can happen due to giving the incorrect actions of employees, such as providing information to a wrong person. It does not always have to be a hack,” says Van de Coolwijk.
“It is therefore strongly advised that companies make use of additional security measures, such as two-factor authentication, longer passwords and pass phrases that are less vulnerable to exploitation.”
However, having adequate security measures in place also comes down to money. Among its other findings, the report shows that 72% of companies say they need to spend an average of 13.5% more on cybersecurity – the highest percentage globally.
“I expect this figure to increase with time and it can prove to be a big challenge due to the economic pressures that businesses find themselves under in South Africa. We are faced with rising inflation that is having an impact on the economy, as well as load shedding and higher interest rates. Thus, to find an additional 13.5% for the cyber budget is a big ask for many,” says Van de Coolwijk.
In terms of cyber defences and readiness, he notes that many local companies are taking it seriously and doing a lot to protect their environments, but some still remain badly exposed, as they have not adopted principles and processes to ensure that they are adequately protected.
The Mimecast report shows that 97% either have a system to monitor and protect against email-borne threats or are actively planning to roll one out, while 94% think they need stronger protections than those that come with their Microsoft 365 and Google Workspace applications.
Adhere to fundamentals
“We need to be cognisant that trying to find additional budget is really difficult, but adhering to some of the fundamentals of security does not have to cost a fortune. For example, companies can roll out two-factor authentication where possible, but if they lack budget, they can adopt pass phrases and more complicated credentials instead of simple passwords that can easily be compromised,” he says.
“Patching also remains important and organisations should apply security patches as close to when they are released as this can make a difference. These patches are released to address known security exploits that are vulnerable to hackers, so the longer you have the exploit available and running in your environment the more opportunities hackers have, so cut down the window of opportunity.”
Furthermore, the report shows that South African companies are divided on the value of cyber insurance policies, with 56% seeing them as worthwhile additions and 39% not seeing cyber insurance as part of a comprehensive safety net.
“The fact that more businesses are becoming aware that they have exploits that they must defend against is a positive. But while companies are constantly looking for mechanisms to secure against attacks, is an ongoing battle – just as they tick some boxes, hackers simply move the goal posts,” says Van de Coolwijk.
“A cyber insurance policy has big value as a safety net, as it helps to protect against things you haven’t foreseen, especially in a landscape that is always changing and forcing you to catch up all the time, while having to apply more resources to implement controls to defend against threats.”