Mikey Molfessis, a cybersecurity expert at Mimecast
Roughly 18 months after the first lockdowns were implemented, most organisations are following a hybrid work model that sees employees working from the office some of the time, in between periods of remote work.
Unfortunately, a new picture is emerging. The global cybercrime industry – already experiencing a period of unrestrained growth and expansion thanks to new attack tools and the growing digitisation of our everyday lives – is pouncing on the opportunity to exploit vulnerabilities in hybrid work models.
Hybrid work models offer a plethora of potential attack surfaces, with remote working employees especially vulnerable due to the generally lower levels of protection against cyberattacks on home networks and personal devices.
Based on data gathered by Mimecast researchers, there are a few main risks – internal and external – threatening the defences of South African organisations:
Risk 1: User Behaviour
User behaviour plays a major role in strengthening organisational defences and building greater resilience against data breaches. However, employees working in isolation while dealing with the mental impact of a global health crisis are more psychologically vulnerable, increasing the rate of risky user behaviour.
One example is the use of work devices for personal matters: research conducted by Mimecast in 2020 found that 74% of respondents from South Africa stated they extensively use their company-issued devices for personal use.
More worryingly, while 94% of South African respondents said they were aware that links found in emails, on social media or within websites can infect their devices, half still admitted to opening emails they thought suspicious.
With some studies estimating that nine of out ten successful data breaches involve human error, organisations should invest in ongoing awareness training to equip end-users with knowledge and skills that can help avoid risky behaviour.
Risk 2: Online Brand Exploitation
Globally, a sharp rise in brand impersonation attacks is a cause of concern. Mimecast threat intelligence detected a 44% rise in brand impersonation emails directed at Mimecast customers in 2020, reaching an average of 27 million such emails every month.
Top brands were welcome targets of fraudsters and cybercriminals to exploit. According to Mimecast’s State of Brand Protection report, companies on the Brandz Top 100 Most Valuable Global Brands 2020 index experienced a massive 381% increase in brand impersonation attacks in May and June 2020 compared to January and February, before the pandemic struck.
Thirty-eight percent of South African respondents to the Mimecast State of Email Security 2021 report saw an increase in brand impersonation via counterfeit websites, and nearly half (47%) had a rise in malicious email spoofing.
Organisations across South Africa will need to look beyond their own perimeters to protect customers and partners from attack. Tools Protocols such as DMARC are essential in protecting their own domains from compromise, but that‘s only one step in protecting a brand from exploitation.
Machine learning powered web scanning and analysis of key indicators – such as new domain registrations and the issuing of security certificates – could help organisations stop cybercriminals before they can take their impersonation attacks live.
Risk 3: Lack of defensive depth
An over-reliance on boxed security solutions that accompany popular business productivity tools such as Microsoft 365 could be leaving organisations vulnerable to sophisticated attacks.
The maths is simple: if data is the new gold, and the majority of companies are on the same cloud platform – such as Microsoft 365 (M365) or Zoom – that platform becomes a veritable ‘gold mine’ for threat actors.
A defence-in-depth strategy can improve an organisation’s overall security posture and mitigate security risks. Such a strategy needs to provide protection and visibility within the organisation, at the email perimeter, and beyond, where the aforementioned brand exploitation and impersonation attacks can wreak havoc on organisations and their supply chains.
The goal of a good defence-in-depth strategy is that, when one defence fails, other steps in to fill the gap. Organisations are taking notice: in a recent survey conducted in South Africa, 95% of IT decision-makers said they use third-party solutions to secure their business email platforms against cyberattacks.
Without layered security, organisations are left vulnerable to advanced cyberattacks and the potential loss of important company information. Additionally, without implementing appropriate and reasonable organisational and technical measures, such as a solid DiD strategy, they may not comply with data protection regulations such as the Protection of Personal Information Act (POPIA).
In fact, the same research found that only two in five organisations believed their business email systems are fully POPIA-compliant.