Cybersecurity: focus on your people, lose the siloes

Cybersecurity: focus on your people, lose the siloes
Daniel Lotter, Channel Development Manager at Itec South Africa

Ask any South African company what their major headaches are right now, and chances are that security will be near the top of the list. Not just the burglar bars and CCTV type of security, either: as cybercrime becomes more sophisticated by the day, businesses are struggling to secure their data and company infrastructures as cybercriminals are taking advantage of the widespread global communications on the coronavirus to mask their activities.

Email and data security company Mimecast has released its 2021 State of Email Security Report – and the statistics are frankly frightening. Cybercrime is on the rise, and cybercriminals are constantly evolving their techniques to steal information and disrupt businesses.

We have seen an increase in phishing attacks that spoof internal mails coming from the likes of CEOs and CFOs. User education in this regard is more important than ever. More than that, companies should consider investing in a cybersecurity ecosystem that can automatically react to threats. This brings with it a more pro-active approach where a degree of control is taken away from the end user.

Perhaps the most concerning statistic is that people are still the weakest link in any corporate IT security system. Even in 2021, people are being tricked into clicking on fake links and email attachments, with dire consequences for their companies.

Mimecast’s report found that 85% of South African respondents indicated their companies had experienced a business disruption, financial loss or other setback in 2020 due to a lack of cyber preparedness.

Seems the old tricks still work the best for criminals. Ransomware, phishing and social engineering are all on the rise, with phishing attacks the most prominent type of cyberattack. Since the pandemic began, phishing attacks have increased in 63% of companies and 51% of Mimecast’s respondents experienced phishing and spear phishing attacks in the previous 12 months, additionally 64% saw an increase in phishing attacks over the same period.

Ransomware has also become one of the most significant challenges facing companies of all sizes, regardless of industry segment. According to the Sophos State of Ransomware 2021 report, 37% of global respondents were hit by ransomware last year while 54% of those admitted that cybercriminals had succeeded in encrypting their data.

To make things worse, nation state politics have entered the picture and are complicating things even further. A few years ago, few people would have thought that going with a specific platform would potentially compromise their security.

So how do businesses deal with an increasingly diverse threat landscape? Step one is to focus on your people. Until every person in a company understands how and why they have to protect the corporate IT assets, systems and data, businesses will remain vulnerable to attack. You need to create a culture of security with a multi-layered, holistic defence system that covers people, policies, and procedures.

Step two is to lose the siloes. Many businesses still adopt a patchwork approach, with different applications from different suppliers tacked together loosely to try and combat different threats: a firewall from one supplier, an anti-virus from another. This isn’t just bad security. It’s bad business.

And step three is to hire an expert to help you keep IT security costs down through a holistic, intelligent approach to security. This frees you up to focus on your core business, while reducing business disruptions and even taking advantage of new opportunities.