Amongst a busy week, Mimecast held its first Cyber Resilience Summit in Sandton yesterday at the Sandton Convention Centre. The purpose of the summit was straightforward – lift the lid on the latest cybersecurity trends, techniques and tactics to deal with both the challenges and opportunities that the current cyber landscape presents.   

Paul Stafford, Vice President of Africa at Mimecast, explained that the event created a platform for vital discussions around cybersecurity in light of a growing number of increasingly sophisticated cyberattacks aimed at African enterprises and small businesses. 

“The threat landscape is rapidly evolving, and African businesses are under constant threat of attack by increasingly sophisticated and professionalised cybercriminals. It is becoming clear that standard security tools from cloud email providers are not sufficient to protect organisations,” he elaborated.

He stressed that organisations need to build greater cyber resilience by improving security controls, heightening cybersecurity awareness, and leveraging new tools such as threat intelligence to inform their security strategies.”

The value of resilience

The first of those – resilience – was a particular focus of the morning. Indeed, the company didn’t hold back on the challenges that the country faces, both from cyber threats, and other problems, such as a stagnating economy and high unemployment. The good news, noted Stafford, is that the country as a whole is resilient, having been through challenges like economic downturns, pessimism about the direction the country is heading, and power outages in the past.

He noted that dealing with cyberthreats requires the same degree of resilience, broadly defined by the ability to get up and try again in the face of failure or defeat. As well, developing cyber-resilience is crucial, not just for organisations but as a nation. The reason for this is simple: investors are now analyzing the cyber-resilience of a country as part of their investment feasibility studies, mainly because cyberthreats are so predominant.  

Taking stock of the threats

Illustrating the point, Mimecast unpacked the findings of its latest Threat Intelligence Report: Black Hat Edition, which was released earlier this month. The report provides a technical analysis of emerging threats attempting to breach the security environment of Mimecast customers, and was compiled by the Mimecast Threat Centre. The latest edition, which covered the period April to June 2019, processed nearly 160 billion emails and rejected 67 billion emails.

“We saw that 67 billion emails displayed highly malicious attack techniques,” explained Francis Gaffney, Director of Threat Intelligence and Response at Mimecast. "Impersonation attacks showed a significant increase, with attackers using social engineering techniques to target individuals for fast and easy financial gain. A large number of known malware attacks were also observed, with Microsoft Excel emerging as the most popular file type for distributing malicious activity. Forty percent of threats detected used Excel files, while file types associated with Microsoft Word were seen in nearly 15% of threats,” he elaborated.

Damn spam!

The report also found that threat actors are becoming more organised, and now implement subscription and as-a-service based business models to deliver malware, reducing their work while improving their return on investment.

Spam email alas, has not gone away either. It was also found to be used extensively as a conduit to distribute malware, with professional education emerging as the most targeted sector for spam, thanks in part to constantly changing student populations that are unlikely to have high security awareness. It’s not just students who are coming under fire by spam. Attacks on management and consulting firms and the biotechnology sector accounted for 30% of all impersonation attacks. 

Something new to the rescue

Admittedly, it’s too easy to become despondent when these kinds of reports come out, because keeping up with the sheer volume and diversity of cyberattacks can be overwhelming. Answering this fact was the launch by Mimecast of its Threat Intelligence value-add service that gives customers a deeper understanding of the cyber threats their organisations face.

The company explained that the new set of capabilities is designed to give organisations greater visibility and access to threat data and analytics specific to their business, enabling them to respond to threats more quickly and effectively.

If there was anything that summed up the Cyber Resilience Summit, it was the opening song played at the event – Thirty Seconds to Mars’ Walk on Water – and the lyric: Do you believe you can win this fight tonight? - really driving the crux of the matter home.