Cybersecurity: focus on your people, lose the siloes
By Daan Lotter, head of innovation at Itec South Africa
Ask any South African company what their major headaches are right now, and chances are that security will be near the top of the list. Not just the burglar bars and CCTV type of security, either: as cybercrime becomes more sophisticated by the day, businesses are struggling to secure their data and company infrastructures.
Email and data security company Mimecast has just released its 2019 State of Email Security Report – and the statistics are frankly frightening. Cybercrime is on the rise, and cybercriminals are constantly evolving their techniques to steal information and disrupt businesses.
Perhaps the most concerning statistic is that people are still the weakest link in any corporate IT security system. Even in 2019, people are being tricked into clicking on fake links and email attachments, with dire consequences for their companies.
Mimecast’s report found that impersonation attacks increased almost 70 percent compared to the previous year – and three-quarters of the affected companies experienced a direct loss, whether loss of customers (28%), financial loss (29%) or data loss (40%).
Seems the old tricks still work the best for criminals. Ransomware, phishing and social engineering are all on the rise, with phishing attacks the most prominent type of cyberattack. 94 percent of Mimecast’s respondents experienced phishing and spear phishing attacks in the previous 12 months, and 55 percent saw an increase in phishing attacks over the same period.
To make things worse, nation state politics have entered the picture and are complicating things even further. A year ago, few people would have thought that going with a specific platform would potentially compromise their security. Today, you don’t even know if you can trust your hardware vendor anymore.
So how do businesses deal with an increasingly diverse threat landscape? Step one is to focus on your people. Until every person in a company understands how and why they have to protect the corporate IT assets, systems and data, businesses will remain vulnerable to attack. You need to create a culture of security with a multi-layered, holistic defence system that covers people, policies and procedures.
Step two is to lose the siloes. Many businesses that we see still adopt a patchwork approach, with different applications from different suppliers tacked together loosely to try and combat different threats: a firewall from one supplier, an anti-virus from another. This isn’t just bad security. It’s bad business.
And step three is to hire an expert to help you keep IT security costs down through a holistic, intelligent approach to security. This frees you up to focus on your core business, while reducing business disruptions and even taking advantage of new opportunities.