Human error is South Africa's most prevalent cyber security vulnerability and the cause of 40% of cyber breaches in the country.
This is according Mimecast’s 2024 “The State of Email and Collaboration Security” (SOECS) report, its eighth edition, based on a global survey of 1100 IT and cyber security professionals.
According to Mimecast researchers, “the year ahead will be fraught with cybercrime and incidents anticipated ahead of the busy election year, where over 50 countries head to the polls, including South Africa.”
The report reveals that in South Africa, 40% of breaches stem from human errors such as stolen credentials, unauthorised access, or social engineering. Despite this, only 22% of organisations offer ongoing cyber security training. These gaps, coupled with the rise of sophisticated attacks (33%) and limited cyber security budgets (30%)underscore the need for all organisations to bolster their cyber security training, says Mimecast.
"New tools like artificial intelligence (AI) and deepfakes give attackers new tricks but the weakest link remains human error," said Mimecast CEO Marc van Zadelhoff.
According to the report, 70% of local companies have faced ransomware attacks in the last 12 months. To improve security, van Zadelhoff advises IT and business leaders to prioritise training employees to recognise these evolving threats.
The report also highlights that local organisations are increasingly concerned about the threat of AI-powered attacks, with over two-thirds of respondents expressing worry and 54% expecting to face them within the year.
While email remains the primary attack method, collaboration tools also pose a growing risk: 57% expect them to be exploited, and 60% predict their companies will experience attacks through this vector.
Brian Pinnock, VP of sales engineering for the EMEA region at Mimecast, said “As threats evolve, there are still dangerous gaps in many local businesses’ defences. Some gaps, such as human risks, remain largely unaddressed. To ensure secure operations, it's critical to have the right cybersecurity protection integrated into day-to-day operations.”
Share