TALKING
‘‘ business
There is also a significant element of reputational damage , which can cause customer attrition and can make a business less attractive to partners and third parties in the value chain . No business wants to be the weakest link in the chain , so it is important to have the systems and processes in place to address compliance effectively .
Implementing and maintaining effective compliance measures as part of a comprehensive data governance and cybersecurity strategy can be a complex and overwhelming task for many businesses . In addition , while compliance requirements apply to organisations of all sizes , many simply cannot justify having an inhouse Chief Information Security Officer , CISO .
Managed service providers can prove invaluable , as they can offer a variety of solutions depending on business requirements , from CISO-as-a-Service to managed governance , risk and compliance , and more .
Expert managed service providers not only offer broad and deep experience and skills gained from a variety of customers across industries , but they can also assist in determining the scope of requirements and implementing practical , approachable steps .
Compliance can seem like a large , cumbersome exercise , but working with a managed service provider partner can help businesses to start small and align to a relevant framework to guide further steps . This can help to expedite processes and productivity and end up saving businesses money in the long term .
However , it is vital to ensure that the knowledge , competency , and habits required to embed compliance logic are permeated throughout the organisation and a culture of compliance is created . of the most powerful weapons in the cybercriminal ’ s arsenal . While some malicious emails are obvious , many are extremely sophisticated and well-written . Often , they are designed to target a very specific audience segment with content that lures them into making an expensive mistake .
For example , cybercriminals profile decision-makers within the business , and then construct an email designed to entice them to open the attachment . The fact that people keep clicking on those attachments is why emails remain at the top of the list for the easiest way to get into the organisation .
“ These emails are designed to trigger an emotive response . Some hackers even send emails that look exactly like those from reputable financial institutions claiming that your account has just been hacked and to immediately log in and change your password . The only problem is that you are changing your password for the hackers , not the bank ,” explains Richard Frost , Head of Consulting at Armata Cyber Security .
Another very common approach is to send an invoice from a regular supplier , only the latter has been spoofed and the payment is going into a hacker ’ s account . When business owners are busy and stressed , they often do not realise that the bill they are paying is a fake .
Data breaches are seen as an even greater threat than inflation and climate change . Threat actors are making more money on cybercrime than Pablo Escobar made at the height of his career . Not only are companies faced with the cost of the attack , but they are now at risk of liability and fines from the regulator . Over the past few years , some of the biggest names in South Africa have been hit by an attack , underscoring just how capable and powerful these email threats have become .
Having tools in place is only part of the picture ; there needs to be awareness and understanding of why tools and processes are necessary in the first place . This requires education and ongoing awareness , as well as buy-in from top levels of the organisation , and someone to champion governance and compliance logic .
Email security most critical
People trust emails which makes it very easy to manipulate them into making expensive mistakes . A significant percentage of attacks start with email because social engineering remains one
While the cost of doing business as an SME is high , compromising on email security is not the way forward . Investing in a solution capable of protecting your people from threats means reducing the likelihood of them clicking on that link , opening that document , or spending your money on a fake bill .
Email security is also more than just a digital security guard checking the validity of emails entering the business , many solutions and service providers also offer training , user awareness and ongoing security support to protect against the onslaught .
While SMEs face numerous cost pressures , the cost of resilient email security is only a tiny percentage compared to the devastating financial and reputational impact of a breach . p
32 INTELLIGENTCIO AFRICA www . intelligentcio . com