Intelligent CIO Africa Issue 18 | Page 45

and will go a long way in fighting the epidemic currently gripping the country. The new legislation will assist in capturing and prosecuting these cybercriminals but what happens if you’re the victim of an attack before they manage to track these malicious actors down? The cyberthreat landscape has evolved dramatically, hackers are smarter and more sophisticated, they have formed communities and share ideas and pursuits. Many organisations think that defending against spam, viruses and malware is enough, but attacks have changed. Hackers moved on years ago to using malicious URL links found within emails and documents and in recent years we’ve seen a significant increase in impersonation attacks using social engineering. A recent global study by Mimecast and Vanson Bourne saw that 92% of surveyed organisations had seen targeted spear- phishing attacks with malicious links in the past 12 months. A total of 87% had witnessed email-based impersonation attacks asking to initiate wire transfers. We’re also seeing insider threats gaining www.intelligentcio.com traction and a recent trend of supply chain attacks from so-called ‘trusted’ thi rd parties. The criminals are always one step ahead in this war and organisations are battling to keep up. Unfortunately, organisations are relying on mediocre email security that only touches the surface when it comes to protecting their business from threats. C-level executives are failing to see the importance of having advanced security, leaving IT decision makers to fight an uphill battle. Astonishingly, according to Serianu, as many as 10% of Kenyan organisations have zero budget allocated to cybersecurity products. Even more unbelievable is that this is an increase from 6% last year. Plus, the lack of skills in the country makes this war even harder – the study reports that there are only an estimated 1,600 certified security professionals in Kenya. With these factors in mind, it’s not surprising that the government has had to take steps to help curb the growing instances of cybercrime but it’s apparent that for many organisations it’s only a matter of time until they become the next victim. Relying on the basic security provided by cloud email providers is a huge risk that could dramatically impact productivity, business operations or even bottom line. Furthermore, relying on defence only is no longer enough. Organisations need to be prepared for the possibility of a successful attack and have risk mitigation techniques in place. This involves ensuring the stability of your entire email environment before, during and after an attack, by implementing a cyber-resilience strategy for email. So, if a breach occurs, you can keep email flowing with a continuity service and recover from ransomware quickly, with an archive service that allows you to recover data to the last known ‘good’ state. The new cybercrime bill is a crucial move in Kenya’s cybercrime war, but it’s up to all organisations to play their part. Laws can only do so much to protect businesses; leadership teams need to take responsibility and create a culture with targeted programs geared towards safeguarding their employees, customers and business partners. n INTELLIGENTCIO 45