INDUSTRY WATCH
Ahmed Al Saadi, Vice President Middle East and Africa, Splunk
And they are using scenario planning and tabletop exercises to ensure executive teams are ready when incidents occur. This proactive approach not only improves outcomes but also gives boards and regulators greater confidence in the organisation’ s risk management capabilities.
Business risk
Perhaps the most important step security leaders can take is to elevate cybersecurity to a strategic priority. That means framing cyber risk in the context of business risk. It means linking investments in security to digital transformation, customer trust, regulatory readiness, and long-term growth.
How to protect against BEC attacks
Business Email Compromise has become one of South Africa’ s fastest-growing cyber-fraud risks, with more than seven million phishing attempts logged locally in 2023 alone. PwC’ s 2024 Digital Trust Insights survey shows 38 % of South-African executives rank BEC among their top three cyber threats, well above ransomware.
Often, a major vulnerability is the way high-value transactions still rely on unprotected email threads, loose identity checks and manual document handoffs. BEC thrives on weakness of workflow. Until organisations think about communication and signing journeys with fraud in mind, criminals will keep finding a way in.
Bobby Stewart, Product Owner, e4
It also means embedding security into decision-making at every level, from product development and supply chain management to M & A and crisis response.
This requires a mindset shift. Instead of focusing purely on threats and vulnerabilities, security leaders need to focus on opportunities. How can stronger security enable faster innovation? How can better data protection differentiate the brand? How can improved response times reduce exposure and accelerate recovery?
Transparency
Security leaders also need to lead by example.
Property and legal transactions are prime targets for BEC attacks because they move large sums, involve multiple parties and depend on trust. That sort of attack has nothing to do with firewalls and strong passwords. It happens when identity isn’ t verified and signed documents are sent back and forth via email.
A modern, fraud-resistant workflow starts long before payment instruction is sent. The best practice should be to bring all parties involved in high-value transactions, such as banks, attorneys and buyers in property transactions, into a closed, authenticated space where they can register securely, share documents through end-to-end encryption, and track progress in real-time.
That means engaging proactively with peers in finance, legal, marketing, and operations. It means developing business acumen, understanding the organisation’ s strategic goals, and communicating in terms that the board understands. It also means being transparent about risk.
Boards don’ t expect perfection, but they do expect honesty, accountability, and a clear plan for improvement.
Each message, file and banking detail are stored in an immutable archive, while milestone alerts show exactly when a deed pack is uploaded, a signature applied or funds released. When those safeguards are baked into the way people communicate most of the BEC entry points are taken care of.
As security leaders make this shift, they are not alone. The role of the CISO is evolving, and more organisations are recognising the value that strong security leadership brings.
Replacing email chains with controlled links helps block impersonation attempts. It also automates tedious manual checks. There’ s no need for anyone to stitch up email threads and every party on the transaction enjoys greater transparency and peace of mind. A secure communication hub means organisations and their customers can move sensitive information and documents off insecure channels and into a controlled environment.
Cybersecurity is no longer a technical function that sits in a silo. It is a business enabler, a risk mitigator, and a source of competitive advantage. By aligning cybersecurity with business priorities, security leaders can ensure their message is heard in the boardroom. And when that happens, the whole organisation benefits. p
66 INTELLIGENTCIO AFRICA www. intelligentcio. com