Cybercriminals exploit human error as biggest security flaw

As the digital world expands and more countries prepare for elections this year, cybercriminals are escalating their attacks on businesses, capitalising on employees’ mistakes as the biggest security vulnerability, according to a new report by the cybersecurity company Mimecast.

The company’s annual “State of Email and Collaboration Security” report, released on Sunday, is based on a global survey of 1,100 information technology and cybersecurity professionals. It found that a staggering 70 percent of South African organisations have experienced ransomware attacks over the past 12 months.

“Human risk is today’s biggest security gap, and IT teams must better equip employees with the right tools and training,” the report stated. It revealed that 40 percent of all cyber breaches in South Africa were caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering tactics that manipulate people into sharing sensitive information.

Despite this glaring risk, only 22 percent of organisations regularly train their employees to identify cyber attacks on an ongoing basis, the report found.

Marc Van Zadelhoff, CEO of Mimecast Limited

Marc van Zadelhoff, the chief executive of Mimecast, emphasised the need for cybersecurity teams to work closely with business leaders to prioritise understanding and mitigating human risk. “With the right tools and education, companies can better safeguard against threats and manage human risk,” he said.

The report also highlighted the increasingly sophisticated attacks deployed by cybercriminal groups and the challenges posed by insufficient cybersecurity budgets as major threats facing South African organisations.

As emerging technologies like artificial intelligence (AI) and deepfakes make it easier for threat actors to perpetrate successful phishing and ransomware attacks, over two-thirds of respondents expressed concern about new AI-driven threats. Fifty-four percent said their organisations would likely face AI-driven attacks in the coming year.

While email remains the primary vector for cyber threats like phishing, spoofing, and ransomware, the report found that collaboration tools pose new and dangerous entry points for bad actors. Fifty-seven percent of respondents expect collaboration tools to pose new threats, and 60 percent believe their company will likely be harmed by an attack targeting these platforms.

“Emerging tools and technologies like AI and deep fakes, along with the proliferation of collaboration platforms, are changing the way threat actors work, but people remain the biggest barrier to protecting companies from cyber threats,” Mr. van Zadelhoff said.

Brian Pinnock, Mimecast’s Vice President of Sales Engineering for Europe, the Middle East, and Africa, emphasised the need for organisations to integrate robust cybersecurity measures into their daily operations to ensure secure and sustainable business practices in the increasingly digital-first economy.

As cyber threats continue to evolve, the report underscores the significant and dangerous gaps in many South African businesses’ defensive measures, particularly in addressing human risks, which remain largely unaddressed.

Featured image: Brian Pinnock, Vice President of Sales Engineering EMEA at Mimecast

Read next: Cyber Risks Threaten Businesses – But Detection and Response Can Help



Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Ventureburn

Sign up to our newsletter to get the latest in digital insights.