31 January 2023

How to Secure your Business from Cyberthreats Using a Privacy First Approach

Your expanding digital footprint is increasing your businesses’ attack surface

Between remote working, cloud infrastructure and 3rd party applications, your businesses’ digital footprint is expanding exponentially. So is your attack surface. Managing this risk so that you can compete in a digital economy requires a responsive Privacy First approach. With the right partner, this is not as complicated as it sounds.

Start by arming yourself with information here and gain an understanding of:

  • Your businesses’ attack surface and the cyberthreats you are vulnerable to.
  • What a Privacy First approach is and how it mitigates against cyberthreats?
  • The evolving cyberthreat landscape – what to look out for in 2023.
  • How SYNAQ is evolving to thwart cybercriminals and email related threats.

Introduction

Price of Modernisation | Your expanding digital footprint is your attack surface – and cybercriminals know it. Peter Drucker is famously and frequently quoted as saying “business has only two basic functions – marketing and innovation”. However, in today’s rapidly digitising workplaces, technology must be added to this prestigious stable.

Technology is ubiquitous. It’s the infrastructure that underlies and enables all business activities – from Finance, to HR, to Operations, to Sales and Marketing. The existence of categories like HRTech, MarTech and FinTech, to say nothing of IaaS, SaaS and PaaS, are testimony to this trend.

Leveraging these technologies effectively enhances business continuity, compliance and productivity and gives us access to data and insights previously siloed and invisible to decision makers. And when COVID struck, technology gave us the tools necessary to enable remote working, almost overnight.

However, with all of these benefits, comes risk. Functions previously ringfenced by bricks and mortar now exist in public clouds, 3rd party application servers and on a myriad of devices in the homes of employees.

This sheer sprawl of personal and proprietary information means that the surface area vulnerable to attack by cybercriminals has expanded exponentially. And simply put, the bigger your attack surface, the more vulnerable you are to cyberthreats.

This hasn’t gone unnoticed by cybercriminals.

According to Randori, a subsidiary of IBM, 67% of organisations saw their attack surfaces expand in 2022, and 69% were compromised by an unknown or poorly managed internet-facing asset.

The global estimated cost of cybercrime in 2022 increased by 40% to USD8.44 trillion according to Statistica, with the average breach costing USD4.35 million, according to IBM.

Infographic: Cybercrime Expected To Skyrocket in Coming Years | Statista

You will find more infographics at Statista https://www.statista.com/chart/28878/expected-cost-of-cybercrime-until-2027/

Interestingly, the same IBM report found that 45% of breaches were cloud-based and 19% occurred because of a compromise at a business partner.

As much as we might want to button down the hatches - send all employees back to the office and revert to on-premises infrastructure – the truth is, the horse has bolted. Competing in today’s digital economy demands that we modernise, and the pace of innovation means that partnerships with 3rd party experts is, more often than not, the best course of action.

The question then is how do we minimise the risk and continue to enjoy the benefits of technology? The answer lies in adopting a Privacy First and Zero Trust mindset approach to cybersecurity.

Privacy First Approach

A Privacy First approach has become synonymous with regulatory compliance (GDPR and POPIA, for instance), however, it extends beyond the protection of personal data. It is an approach and mindset that embeds cybersecurity and privacy within your organisation to ensure your and your clients’ business confidential data is protected by design.

It means enshrining cybersecurity in every pillar of your business – be it HR, Operations, Sales and Marketing, Finance or Technology – acknowledging and addressing the threat surface that each of these functions expose and proactively acting to mitigate this risk.

This can include:

  1. Ongoing employee education and training,
  2. Confidentiality and data integrity policy creation,
  3. 3rd party/supplier vetting for security,
  4. Risk assessment and audit implementation to ensure compliance and identify security vulnerabilities and
  5. Adopting zero trust as a best practice (a multitiered approach that is both scalable and highly secure where users are continuously validated, reassessed, and reauthorised using multiple authentication methods). Developing products/services using Privacy by Design principles.

Partly as a result of regulatory requirements but also in response to a real business imperative to respond to the evolving threat landscape, a Privacy First approach is fast becoming best practise for today’s businesses.

The Evolving Threat Landscape

We specialise in email security. Since email remains the leading attack vector for cybercriminals, we need to ensure our protection and resilience evolves with emerging cyber threats. In 2022, of the over 2.1 billion emails SYNAQ processed, close to half (41.9%) were quarantined or rejected.

Get all the stats in our Annual Infographic here.

In line with global trends and the predominant focus on businesses adopting a Privacy First approach, we also noted that phishing tactics will remain popular in South Africa, while the number and complexity of ransomware attacks is increasing.

What can we expect in 2023?

  1. New phishing tactics:

    While organisations remain vulnerable to common phishing tactics like email phishing, spear phishing and whaling (impersonation attacks), 2023 will see an increase in phishing campaigns that abuse legitimate services and/or platforms to transmit phishing links – making these attacks harder to detect and further increasing the attack surface.

  2. Increase in ransomware attacks:

    Ransomware attacks are becoming increasingly sophisticated and complex. As such, organisations of all sizes need a holistic and multi-layered cybersecurity approach that integrates everything from anti-malware to email-security.

  3. Human Error:

    Human error is still one of the primary reasons for data breaches. According to IBM, 95% of cyber security breaches occur as a result of human error. Despite increased cybersecurity awareness, protocols, training and regulations, human error will remain the weakest link in the chain of security tools in all organisations.

How SYNAQ is responding

We know that in the face of an expanding threat surface and a rapidly evolving threat landscape, cybersecurity can be daunting. While we specialise in securing your email, we’re also committed to helping you enhance cyber resiliency across your digital footprint.

This year, we are establishing proactive strategies that combines education, frameworks and technology to help you protect your organisation holistically and enable proactive detection and mitigationfrom any email-based attack.

We’re also introducing new security features and services to our existing portfolio, using Privacy by Design principles in the development of these new features, so you can look forward to enhanced offerings in 2023.

In Conclusion

While the threats may evolve and change, our advice to you has not. Use Privacy First principles to inform and guide your business in its endeavour to detect, mitigate and recover from cyberattacks. Using a multi-layered security approach to protect your business's attack surface, hold your suppliers and partners to account and leverage their expertise when it comes to cybersecurity. Your internal specialists or partners in cybersecurity should act as a guide and advisor and help you implement the following:

  1. Privacy First and a Zero Trust mindset within your business,
  2. Deploy a comprehensive set of layered end-to-end cybersecurity defences – including but extending beyond email,
  3. Continually educate yourself and your staff on new threats, how to detect them and how to report them should they arise within their business and
  4. Demonstrate information security best practices and legislated/regulatory compliance (e.g. POPIA, GDPR, etc.).

We’re here to guide and advise you on this journey and will be sharing tips, trends and insights in the coming year!

Sign up to our newsletter now.