Spare a thought for the modern CISO. The global cybercrime industry has been in overdrive since the start of the year, as threat actors capitalise on the disruption brought by the coronavirus pandemic, writes Brian Pinnock, cybersecurity expert at Mimecast.
The Mimecast Threat Centre found a dramatic increase in cyberattacks during the first 100 days of the pandemic. In sub-Saharan Africa, spam attacks increased by 46%, impersonation attacks by 75% and malware by a massive 385%.
Cybersecurity is a ‘complex puzzle’
To protect against these threats, organisations are having to build complex, multi-layered security strategies that safeguard customers, employees and company data. The sheer volume of threats and the abundance of attack vectors makes effective cybersecurity a complicated puzzle.
In many cases, organisations have no clear idea of how to put those puzzle pieces together in an effective way. Only 62% of South African organisations have or are actively rolling out a cyber resilience strategy, well below the global average of 77%.
What are the pieces of the cybersecurity puzzle? In our experience, the following four elements can add up to a holistic cybersecurity strategy that protects customers, employees and data from exploitation:
Without visibility over employees, data and your online brand, building an effective cybersecurity strategy is a bit like building a puzzle in the dark. Threat intelligence can play a vital role by providing insight into how organisations are targeted, what cyber threats have been blocked and why, which employees are the riskiest and what actions to take to optimise the broader cybersecurity strategy.
However, visibility should extend beyond the perimeter of the organisation. The speed at which cybercriminals can imitate brands online, makes it easy to launch sophisticated attacks using lookalike domains that can easily trick customers, partners and employees.
Tools such as DMARC, are effective and an essential piece of the puzzle, but only for protecting domains already owned by the organisation, against email brand exploitation. Supplementing DMARC with tools that protect against online brand exploitation can help identify attack patterns at the preparation stage and block compromised assets before they turn into live attacks.
To fully protect a brand, an organisation should consider implementing DMARC along with brand exploitation tools, managed from one integrated system that provides both visibility and proactive remediation.
All organisations regardless of size are at risk of cyberattack. While defences are important, being able to quickly recover from a successful attack is just as vital.
Unplanned outages – such as those typical in cloud services such as Microsoft365 – can also disrupt business and lead to losses in productivity, revenue and reputation.
Email is still the most widely used business tool and email continuity solutions provide guaranteed access to email, from anywhere and on any device even when email servers fail. Cloud archiving can further help keep corporate knowledge available despite disruptions. And specialised sync-and-recover tools can fill data recovery gaps for those instances where data is corrupted or deleted – whether intentionally or by accident.
Cybersecurity is at its most effective when every employee understands their role in protecting the organisation – and themselves – from attacks. Organisations should seek to instil a culture of cybersecurity awareness that permeates from the top to the bottom of the organisation.
Micro-learning together with engagement is the key. Ongoing training that is short, relatable, memorable and that regularly reinforces key concepts works. We know this, because during lockdown periods across the world, Mimecast researchers found that users in organisations that had Mimecast awareness training were five times less likely to fall prey to social engineering attacks than those that didn’t.
Management teams should be ready to take swift action in the wake of a data breach, to ensure the threat is contained, damage mitigated, and the organisation is not at risk of non-compliance to prevailing regulations.
With the Protection of Personal Information Act now in place, South African organisations are under immense pressure to protect customer data or risk heavy penalties. Both data management and data protection are key elements in achieving compliance. It is difficult for an organisation to achieve data management compliance with unstructured data like email. What’s key is to have a third party, independent and immutable data repository that complies to regulatory standards and mitigates legal risks.
The importance of data security and protection is elevated with significant POPIA financial and criminal penalties. Organisations also need to consider the brand damage that is associated with data breaches. Email remains the number 1 attack vector for cyber-attacks. It’s widely reported that 91% of all attacks start with an email, with some not even requiring malware.
Call for greater awareness, effort
There is no silver bullet when it comes to security, even when it comes to protecting against a specific attack – like phishing. The entire ecosystem needs to take security seriously or everyone remains at risk.
Protecting your brand and customers with solutions like DMARC and tools that prevent brand impersonation online is important. But if the organisation at the receiving end of a phishing email doesn’t have protections in place, they could fall victim to an attack.
Ultimately, the entire business world needs to prioritise security and protect each other. The first step is to consider managing security solutions and resilience tools in an integrated system that helps reduce cost and complexity, and ultimately enhances the broader security ecosystem.