EDITOR’S QUESTION
AS A GLOBAL EMAIL
SECURITY VENDOR, WITH
A SIGNIFICANT USER
BASE IN SOUTH AFRICA,
WHAT ARE THE COMMON
THREATS THAT AFRICA
FACES ALONG WITH REST
OF THE WORLD?
Brandon Bekker is
Managing Director at
Mimecast Africa and
Middle East.
Mimecast has conducted a survey
of 600 IT security managers from
organisations in South Africa, United
States, United Kingdom, and Australia.
The initial findings of that survey
were released in 2016. The average
company goes 229 days before
realising it has been breached. By
this time cybercriminals could have
launched a variety of damaging
attacks resulting in direct financial loss,
reputational damage, and the theft of
important or highly sensitive data like
client records, trade secrets or credit
card information.
it comes to cybersecurity, with 45%
saying they are ill-equipped to cope
with the threat of malicious insiders
and 90%, calling malicious insiders
a major threat to the organisations’
security.
Mimecast’s research also
uncovered that:
• 53% of IT security decision makers
view malicious insiders as a moderate
or high threat to their organisation
• One in seven IT security decision
makers view malicious insiders as
their number one threat
• Those who say they are very
equipped on cybersecurity feel just as
vulnerable to insider threats
By concentrating predominately
on outside threats, organisations
around the world struggle with the
risk that comes from their own people,
emphasising the need for organisations
to implement employee awareness and
education as well as creating a cyber
resilience strategy. People are being duped every day.
The US FBI reported that losses from
external threats like whaling or CEO
fraud attacks alone grew by 270%
from January to August 2015 with
reported losses of $800 million in
just six months. Mimecast’s research
showed that in the first three months
of 2016, 67% of organisations had
seen an increase in attacks designed to
extort fraudulent payments and 43%
saw an increase in attacks specifically
asking for confidential data like HR
records or tax information.
Organisations around the world are
turning to the threats from within when Organisations are often their own worst
enemy when it comes to effective
www.intelligentcio.com
cyber resilience planning. External
email threats dominate as preferred
attack techniques. But, focusing only
on external threats is not enough. Too
many organisations are ignoring an
equally insidious threat from within,
the malicious insider. Email phishing
in its many forms has grown in
popularity.
Here the attacker sends email to
lots of people with a malicious web
link to steal credentials for logins
or a malware-laden attachment to
infect a machine. Every day, we trust
employees with sensitive information
and powerful tools, but we do not give
them the effective security education
and advanced cloud security solutions
that goes hand-in-hand with those
responsibilities.
Some tips:
• Implement internal safeguards and
data control to detect malicious
insiders when they do strike
• Assign role-based permissions to
administrators to better control
access to key systems and limit
insiders
• Offer employee security training
programs to deter potential
malicious insiders
• Nurture a culture of communication
within teams to help employees
watch out for each other
INTELLIGENTCIO
59