How to secure your business from cyber threats using a privacy first approach

Between remote working, cloud infrastructure and third-party applications, your business's digital footprint is expanding exponentially. So is your attack surface. Managing this risk so you can compete in a digital economy requires a responsive privacy first approach. With the right partner, this is not as complicated as it sounds.

Start by arming yourself with information here and gain an understanding of:

• Your business's attack surface and the cyber threats you are vulnerable to;
• What a privacy first approach is and how it mitigates against cyber threats;
• The evolving cyber threat landscape – what to look out for in 2023; and
• How SYNAQ is evolving to thwart cyber criminals and e-mail-related threats.

Price of modernisation. Your expanding digital footprint is your attack surface – and cyber criminals know it. Peter Drucker is famously and frequently quoted as saying: “Business has only two basic functions – marketing and innovation.” However, in today’s rapidly digitising workplaces, technology must be added to this prestigious stable.

Technology is ubiquitous. It’s the infrastructure that underlies and enables all business activities – from finance to HR to operations to sales and marketing. The existence of categories like HRTech, MarTech and FinTech, to say nothing of IaaS, SaaS and PaaS, are testimony to this trend.

Leveraging these technologies effectively enhances business continuity, compliance and productivity and gives us access to data and insights previously siloed and invisible to decision-makers. And when COVID struck, technology gave us the tools necessary to enable remote working, almost overnight.

However, with all of these benefits comes risk. Functions previously ring-fenced by bricks and mortar now exist in public clouds, third-party application servers and on myriad devices in the homes of employees.

This sheer sprawl of personal and proprietary information means the surface area vulnerable to attack by cyber criminals has expanded exponentially. And simply put, the bigger your attack surface, the more vulnerable you are to cyber threats.

This hasn’t gone unnoticed by cyber criminals.

According to Randori, a subsidiary of IBM, 67% of organisations saw their attack surfaces expand in 2022 and 69% were compromised by an unknown or poorly managed internet-facing asset.

The global estimated cost of cyber crime in 2022 increased by 40% to USD8.44 trillion, according to Statistica, with the average breach costing USD4.35 million, according to IBM.

You will find more infographics at Statista https://www.statista.com/chart/28878/expected-cost-of-cybercrime-until-2027/

Interestingly, the same IBM report found that 45% of breaches were cloud-based and 19% occurred because of a compromise at a business partner.

As much as we might want to button down the hatches – send all employees back to the office and revert to on-premises infrastructure – the truth is, the horse has bolted. Competing in today’s digital economy demands that we modernise, and the pace of innovation means that partnerships with third-party experts is, more often than not, the best course of action.

The question then is how do we minimise the risk and continue to enjoy the benefits of technology? The answer lies in adopting a privacy first and zero trust mindset approach to cyber security.

A privacy first approach has become synonymous with regulatory compliance (GDPR and POPIA, for instance); however, it extends beyond the protection of personal data. It is an approach and mindset that embeds cyber security and privacy within your organisation to ensure your and your clients’ business confidential data is protected by design.

It means enshrining cyber security in every pillar of your business – be it HR, operations, sales and marketing, finance or technology – acknowledging and addressing the threat surface that each of these functions expose and proactively acting to mitigate this risk.

1. Ongoing employee education and training;
2. Confidentiality and data integrity policy creation;
3. Third-party/supplier vetting for security;
4. Risk assessment and audit implementation to ensure compliance and identify security vulnerabilities; and
5. Adopting zero trust as a best practice (a multitiered approach that is both scalable and highly secure, where users are continuously validated, reassessed and reauthorised using multiple authentication methods). Developing products/services using privacy by design principles.

Partly as a result of regulatory requirements but also in response to a real business imperative to respond to the evolving threat landscape, a privacy first approach is fast becoming best practice for today’s businesses.

We specialise in e-mail security. Since e-mail remains the leading attack vector for cyber criminals, we need to ensure our protection and resilience evolves with emerging cyber threats. In 2022, of the over 2.1 billion e-mails SYNAQ processed, close to half (41.9%) were quarantined or rejected.

Get all the stats in our annual infographic here.

In line with global trends and the predominant focus on businesses adopting a privacy first approach, we also noted that phishing tactics will remain popular in South Africa, while the number and complexity of ransomware attacks is increasing.

1. New phishing tactics

While organisations remain vulnerable to common phishing tactics like e-mail phishing, spear phishing and whaling (impersonation attacks), 2023 will see an increase in phishing campaigns that abuse legitimate services and/or platforms to transmit phishing links – making these attacks harder to detect and further increasing the attack surface.

2. Increase in ransomware attacks

Ransomware attacks are becoming increasingly sophisticated and complex. As such, organisations of all sizes need a holistic and multi-layered cyber security approach that integrates everything from anti-malware to e-mail security.

2. Human error

Human error is still one of the primary reasons for data breaches. According to IBM, 95% of cyber security breaches occur as a result of human error. Despite increased cyber security awareness, protocols, training and regulations, human error will remain the weakest link in the chain of security tools in all organisations.

We know that in the face of an expanding threat surface and a rapidly evolving threat landscape, cyber security can be daunting. While we specialise in securing your e-mail, we’re also committed to helping you enhance cyber resiliency across your digital footprint.

This year, we are establishing proactive strategies that combines education, frameworks and technology to help you protect your organisation holistically and enable proactive detection and mitigation from any e-mail-based attack.

We’re also introducing new security features and services to our existing portfolio, using privacy by design principles in the development of these new features, so you can look forward to enhanced offerings in 2023.

While the threats may evolve and change, our advice to you has not. Use privacy first principles to inform and guide your business in its endeavour to detect, mitigate and recover from cyber attacks. Using a multi-layered security approach to protect your business's attack surface, hold your suppliers and partners to account and leverage their expertise when it comes to cyber security. Your internal specialists or partners in cyber security should act as a guide and advisor and help you implement the following:

1. Privacy first and a zero trust mindset within your business;
2. Deploy a comprehensive set of layered end-to-end cyber security defences – including but extending beyond e-mail;
3. Continually educate yourself and your staff on new threats, how to detect them and how to report them should they arise within the business; and
4. Demonstrate information security best practices and legislated/regulatory compliance (eg, POPIA, GDPR, etc).

We’re here to guide and advise you on this journey and will be sharing tips, trends and insights in the coming year!

Sign up to our newsletter now.