Global firms tap SA’s scarce cyber security skills in 2022
While most of the world dealt with the impact and disruption of the second year of the COVID-19 pandemic last year, in 2022, they will be dealing with cyber criminals, who are expected to expanded their activities with ambitious attacks on critical business infrastructure.
This trend will see more global firms utilising SA’s already scarce security skills in efforts to stop cyber criminals in their tracks,according to cyber security companyMimecast.
Threat actors, armed with sophisticated and brute-force attack methods will continue to capitalise on the ongoing disruption of the pandemic and are leveraging the world’s shift to digital services to launch cyber attacks at an unprecedented scale, says the company.
Mimecast security experts predict that cyber crime will continue to disrupt businesses’ digital workplaces and consumer lifestyles.
"Most security vulnerabilities since the start of the pandemic have occurred because IT and cyber security teams failed to question the underlying assumptions behind their security policies,” says Brian Pinnock, senior director of sales engineering for EMEA at Mimecast.
“Mass digitisation also resulted in a digital equivalent for most business components, but the risk mitigation that is established in physical business processes is not yet evident in their digital twins. Cyber security teams will need to close that gap in 2022 to keep their businesses and users safe."
Mimecast global experts weigh in with their predictions for the year ahead:
- Social media attacks will come back to haunt firms
After years of high-volume breaches combined with employees sharing excessively via social media, the trove of personal information and intelligence available to attackers is extraordinary and beyond disturbing.
In 2022, this trend will enable adversaries to craft even more convincing attacks. They will exploit the human weakness aggressively, resulting in significant business disruptions and a corrosion of trust.
In Mimecast's State of Email Security 2021 report, 52% of South African organisations said employee naiveté about cyber security is one of their greatest vulnerabilities, but nearly half (46%) admitted to only conducting cyber security awareness once per quarter (or even less frequently).
The growing importance of business productivity suites, e-mail and cloud communication services will continue to provide attackers with optimal channels to target their victims, demanding new strategies and tools from organisations and their security teams.
- Pandemic will continue to change the cyber security game
The last two years have seen acceleration in companies' digital transformation efforts as they enabled hybrid work and explored new channels for reaching and serving customers.
However, the mass move to remote work has exposed security vulnerabilities many companies didn't even know existed. Cyber criminals have also capitalised on employees' psychological vulnerabilities through increasingly sophisticated and opportunistic social engineering campaigns.
The widespread recognition that digital work can be done from anywhere, combined with the shift in the global job market, will see global firms tapping into already scarce South African cyber security skills in 2022.
The efficacy of cyber security policies will also come into sharp focus in the year ahead. Cyber security awareness training will need to shift from an event to a culture embedded deep within the business.
- Ransomware will become a (lethal) service
Mimecast’s State of Ransomware Readiness research found that eight out of 10 global organisations suffered a ransomware attack in the past two years, with more than a third opting to pay the ransom.
It's a lucrative business for cyber criminals: The research found that South African victims of ransomware pay on average more than R3.2 million in ransom, although only a third of local companies get their data back after the payment.
A number of highly publicised ransomware attacks on public sector systems in SA during 2021 have also highlighted the harmful impact of such attacks on the ability of the state to provide essential services.
The rise of ransomware as a service is potentially arming more threat actors than ever before with dangerous cyber attack tools that could cause untold disruption and economic damage.
This trend will continue to expand and evolve, causing detrimental effects for all organisations.
- Impersonation attacks will put authenticity at the forefront
Mimecast's State of Brand Protection 2021 report found that 94% of South African companies are concerned about counterfeit websites imitating their brands, while 73% of South African organisations had been made aware of a web or e-mail spoofing attack using their domains.
An emerging threat is deepfake technology, which uses artificial intelligence and image processing to create fake images, and is advancing at an astonishing rate.
Malicious actors using deepfake technology could impersonate celebrities or even CEOs: What was once a clever phishing e-mail supposedly from a senior management team member could now become a well-crafted video soliciting sensitive company or personal information.
Companies may need to implement new processes and even deploy new technologies to verify content and designate it with a certificate of authenticity.