THE UNDERFUNDING of critical cyber defences was leaving South African organisations exposed to increasingly damaging cyberattacks, according to the latest Mimecast State of Email Security 2022 report.
The report comes as Altron Systems Integration this week also warned South African organisations faced an escalated risk of damage via cyberattacks as a result of the war in Ukraine.
“Since the start of the war, there have been increased cyberattacks – the war is likely to redefine the relationship between kinetic and cyber warfare,” it said, adding that many South African companies used tools and technology of Russian origin, which meant that they are at risk of cyberattacks.
The firm warned that South African organisations need to be on high alert to ensure that they could pick up on any cyberattacks quickly.
Mimecast’s new research has found that 97 percent of South African organisations said they have been negatively impacted by a lack of budget for their cyber resilience efforts.
Mimecast SA cybersecurity expert Brian Pinnock said local firms faced escalating cyberattacks.
According to Pinnock, 94 percent of South African companies have been targeted by email-related phishing attacks in the past year, with nearly two-thirds citing an increase in such attacks.
“The cost of ransomware attacks are also piling up, with three in five organisations (60 percent) citing damage from a ransomware attack – up from less than half (47 percent) in 2020. And of companies paying the ransom, the average ransomware payment breached R3.2 million (Mimecast State of Ransomware Readiness report), despite nearly half (43 percent) of such payments resulting in companies being unable to recover their data,” Pinnock said.
The latest report, which tracked responses from 1 400 IT and cybersecurity professionals in 12 countries, found that South African organisations allocated on average 12 percent of their IT budgets to cyber resilience – below the global average of 14 percent.
Mimecast SA said while this might not seem like a big difference, what was interesting was that more than half of South African respondents (53 percent), have less than 10 percent of their budget allocated to cyber resilience, compared to only a third (34 percent) saying the same globally.
On average South African security professionals said they need a 21 percent budget allocation to enable them to ward off incoming cyberattacks and other threats, especially at a time when nearly all cyberattack types were growing in volume and sophistication.
The cybersecurity firm said that the impact of successful cyberattacks on South African organisations could be severe, affecting productivity, taking critical systems offline, damaging trust with customers, and leading to loss of reputation. It said that to protect against attack, 89 percent of companies either had a cyber resilience strategy or were actively planning to put one in place.
Pinnock said: “(But) the goalposts for true cyber resilience have moved just as the volume and sophistication of attacks have changed.”
Only a third of organisations surveyed stated they currently had an effective cyber resilience strategy in place, down from 41 percent in 2021. He said this pointed to growing recognition that corporate cyber resilience was often not keeping pace with the tools and techniques used by threat actors.
The costs of a lack of cyber resilience preparedness were mounting as nearly half (49 percent) of organisations experienced business disruption due to a lack of preparedness, 48 percent experienced data loss, and 42 percent saw an impact to employee productivity.
Pinnock said this was an important conversation to be had in the boardrooms of corporate South Africa as without adequate budget allocation, local public and private sectors would continue to be vulnerable to attack, with great cost to organisations and their customers.
Cyber resilience strategies were also meant to provide continuity in the event of service outages.
“Our research found that nearly two-thirds (64 percent) of Microsoft 365 users have experienced an outage in the past year, while nearly all (93 percent) feel that additional safeguards were needed to protect their Microsoft 365 applications.”
The firm said that new government mandates for cyber resilience such as those contained in legislation including Popia and the Cybercrimes Act were expected to have a significant impact on organisations’ cyber resilience. Of all the countries surveyed, South African respondents expected the greatest change.
Forty-six percent of organisations believed they would see an overall improvement in the level of cybersecurity in their business because of government mandates, while 36 percent expected a decrease in risk of cyberattacks impacting their business.
BUSINESS REPORT ONLINE