Local insurers and incident response teams report the highest level of cyberattack incidents they have ever seen, and as these attacks become more frequent and sophisticated, most local businesses can expect to suffer a harmful data breach at any given time.
This is according to Mimecast’s 7th annual State of Email Security report, which reveals that 68% of local organisations have experienced an increase in email-based threats, with 44% saying it was a significant increase – higher than all other countries and against a global average of 29%, a statement said yesterday.
“Email remains the primary communication method for businesses, mainly due to its ease of use. However, with this also come security pitfalls,” said Ryan van de Coolwijk, product head: cyber, at iTOO Special Risks.
“Business email compromise is now the most common cause of insurance claims that we are currently seeing, as some hackers are seemingly pivoting away from ransomware given the successes they are having with email-based attacks and how quickly and easily they can monetise this data.”
However, despite some cybercriminals shifting to email-based attacks, Van de Coolwijk warned that ransomware threats were far from dead, but had seen a recent resurgence – locally and internationally.
The report stated that 52% of South African companies were harmed by a ransomware attack during the past 12 months.
The research also showed that collaboration tools remain a potential vulnerability, with 93% of companies agreeing that collaboration tools were essential to the well-ordered functioning of their companies, but 70% said collaboration tools were posing significant new security risks.
In addition, 61% expect to be harmed in 2023 by a collaboration-tool-based attack.
“There has been a huge surge in the use of collaboration tools over the past three years, with many companies still operating with hybrid workforces that rely on collaboration tools to maintain contact and conduct virtual meetings. Unfortunately, it is this wide adoption and usage of collaboration tools that has made them an easy target for hackers,” said Van de Coolwijk.
In terms of cyber awareness, the Mimecast report said that eight out of 10 respondents believed their company was at risk due to inadvertent data leaks by careless or negligent employees, with a quarter saying that the risk was extremely high.
Furthermore, 52% identified insufficient employee awareness of cyber threats as their organisation’s biggest security challenge in 2023.
South African companies also expressed concern about employees making serious security mistakes in the following activities: misuse of personal email (81%), using cloud storage and other shadow IT (78%), poor password hygiene (77%) and using collaboration tools (69%). Encouragingly, 28% train their staff on an ongoing basis.
The Mimecast report showed that 97% either have a system to monitor and protect against email-borne threats or were planning to roll one out, while 94% think they needed stronger protections than those that came with their Microsoft 365 and Google Workspace applications.
“A cyber insurance policy has big value as a safety net, as it helps to protect against things you haven’t foreseen, especially in a landscape that is always changing and forcing you to catch up all the time, while having to apply more resources to implement controls to defend against threats,” he said.
BUSINESS REPORT