As email-borne threats become more prevalent and sophisticated, many organisations are shifting to a cyber resilience strategy to better protect their business, data, and employees.
In 2017, two massive malware attacks occurred within a month of each other – Petya and WannaCry – and both targeted vulnerable Microsoft computers.
Each of these global ransomware outbreaks seized hundreds of thousands of systems – from healthcare, to government, to transportation – across 150 countries.
South Africans at risk
“Whether they say it or not, on some level, people believe cybercrime won’t affect them – especially C-level execs who genuinely believe that they are cyber resilient and should rather focus on business growth,” said Francis Cronje, data protection and information governance specialist.
Cronje was speaking at Mimecast’s POPIA and cyber resilience update, where he shared stats from the Ponemon Institute’s study: 2017 Cost of Data Breach Study.
According to the stats, of the 11 countries considered, South Africa has the highest probability of experiencing a data breach in the next 24 months – at 41%.
“Malicious outsiders are the biggest threat to organisations, with data breaches costing organisations an average of $3.6 million in disaster management, forensic investigations, and business continuity,” said Cronje.
“Over and above the costs and loss in share price, which drops 5% on average immediately after a breach is announced, the damage to your brand and reputation can be irreversible.”
Cyber resilience is a paradigm shift in cybersecurity
“Cyber resilience is an acknowledgement that attacks on email systems are likely to continue, and despite best efforts, they will sometimes be successful,” said Cobus Benade, cyber resilience expert at Mimecast.
He said that a cyber resilience strategy should focus not just on combating attacks, but on ensuring continuity during an attack and fast recovery after a threat is neutralised.
“We need to look at what happens before, during, and after attacks occur, because the quicker you are able to respond to a breach, the better you are able to recover your share value, customer loyalty, and brand reputation,” he said.
For organisations implementing a cyber resilience strategy for email, Mimecast offers an all-in-one suite of solutions to address risks associated with email security, enterprise archiving, and email availability.
The pillars of cyber resilience for email
Mimecast offers four pillars on which to build a cyber resilience plan for email:
- Security: Security is the frontline defence, and a layered approach is key. Aim for an email security scanning layer that not only blocks spam and viruses, but also protects users from phishing, ransomware, and impersonation fraud.
- Data protection: As threats like ransomware evolve, it’s more important than ever to have a separate and safe copy of your data. Your business needs to function; end-users need the ability to find what they need when they need it; and you need fast search and e-discovery capabilities to meet regulatory compliance and governance requirements – no matter what.
- Business continuity: Email systems, whether hosted on-premises or in the cloud, can go down and you need to be prepared to quickly and seamlessly switch to an available service.
- End-user empowerment: Technology features can create a powerful human defence against email-borne threats, but employees need to understand how to use them, what to look for, and how to respond. Regular end-user training can help maximise your organisation’s agility to respond to cyber threats.
“At Mimecast, we can help you to think holistically about safeguarding against email-borne threats, mitigate risk, and implement a cyber resilience strategy,” Benade concluded.
For more information, visit the Mimecast website.