Cybersecurity attack: It all begins with an email, says Mimecast

As email attacks become more sophisticated, organisations are at risk of financial loss and data breaches worldwide. Therefore, to combat threats like ransomware, phishing and email compromise, IT security teams and organisations must find new ways and strengthen their security posture.

Werno Gevers, regional manager at Mimecast Middle East, discusses their newly released security report and how businesses can improve their security postures in an exclusive conversation with Gulf Business.

Increasing sophistication of cyberthreats
Recently, Mimecast released its sixth annual State of Email Security 2022 report, a global survey of IT decision-makers across 12 countries. The survey, which included inputs from 1400 IT and cybersecurity professionals, seeks to shed light on three vital elements.

“Firstly, the cybersecurity challenges IT decision-makers continue to face, such as phishing and ransomware; secondly, the gains in cyber resilience that come as a result of new technology implementations; and finally, external forces, such as budget increases or government mandates, that are impacting their businesses,” explains Gevers.

Meanwhile, at the global level, the report also found that the cyberthreat landscape is dire, with nearly three in four respondents reporting that the level of email-related cyberthreats continues to rise, and majority stating such attacks are becoming increasingly sophisticated.

Gevers also highlights some other key global findings from the report, such as – nearly every company surveyed had been a target of a phishing attack and that three in four companies had suffered a ransomware attack, leaving almost half out of business for a week or more.

It all starts with an email
Although malicious attackers can get access to an organisation in multiple ways, Mimecast’s research reveals that email is the source of nearly 94 per cent of data breaches. “Email has long been the primary mode of internal and external communication for organisations. However, companies and governments grew more aligned on email collaboration tools during the Covid-19 pandemic than on any other kind of electronic communication,” Gevers adds. He also highlights how cybercriminals have redefined their tactics and sophistication of attacks during the pandemic.

Mimecast’s research found that 94 per cent of organisations in the UAE have been targets of email-related phishing attacks. Other attacks include business email compromise, spoofed emails, and internal threats or data leaks initiated by malicious insiders.

Meanwhile, the firm believes that ransomware will continue to cause business disruption and loss. According to its State of Ransomware Readiness report, eight out of 10 global companies have been hit by ransomware in the last two years, with more than a third paying the ransom.

“Cyberattacks also force companies across the region to implement additional measures to protect themselves and their customers. According to our research, roughly two out of every five UAE businesses are either partially prepared – or not prepared at all – to cope with spoofing attacks on their domains or websites,” observes Gevers.

A multi-faceted approach
Gevers believes that a multi-faceted problem needs a multi-faceted approach. “In addition to a layered security strategy, cyber awareness training is one of the most effective ways of strengthening an organisation’s overall cyber resilience and should be a top priority for business leaders in the region.”

He emphasises that the most pressing issue in most cybersecurity training programmes is participant engagement and training frequency.

Mimecast provides training and assistance, as well as tactical security testing, to help businesses of all sizes decrease the security risks associated with employee human error, which accounts for more than 90 per cent of security breaches. It focuses on three essential employee and organisational training aspects: engagement, knowledge, and confidence in their cybersecurity programme.

“Organisations need to go to greater lengths to protect their company from cybercriminals with strong cybersecurity posture and excellent training skills,” concludes Gevers.