There have been plenty of serious data breach incidents in South Africa in recent years. The perception is that most are caused by malicious third parties, like the group that attacked TransUnion earlier this year, or by malicious employees, like those who cost their employer Postbank as much as US$59-million a couple of years ago.

But away from the big-name headlines, there may be another, more insidious threat responsible for significant reputational and financial risk: negligent insiders. The truth is that cybercriminals have become past masters at exposing human error, and as the hybrid workplace emerges, there will be many more opportunities for them to do so.

Learn more at comforte.com

The answer for South African businesses is to focus cybersecurity on what really matters: their data. Threat actors can always bypass perimeter controls thanks to poorly protected passwords and devices. But securing the data itself will render it useless to them. It’s the first step towards mitigating cyber risk and regaining the initiative.

Breach costs mount

South Africa has had its share of big-name cyber incidents in recent years. In July last year, a suspected attack on Transnet severely disrupted operations at the Cape Town port. Then, in October, court systems across the country were crippled after a ransomware attack on the department of justice. More recently, TransUnion faced extortion demands of R220-million after a security breach.

The cost of such breaches for the organisations involved can be prohibitive. Estimated averages for data breaches stand at $3.2-million in South Africa. That’s lower than the global average but represents a 50% year-on-year increase, one of the sharpest rises in the world. In fact, just a few months after South Africa’s Protection of Personal Information Act (Popia) went into force in 2021, over 130 local organisations had notified of a data breach.

The weakest link

It’s unclear exactly how threat actors compromised the victim organisations listed above. But what we do know is that over the course of the pandemic, more attacks appear to be targeting the perceived weakest link in the corporate security chain: humans. Globally, more than half of organisations said last year they thought insider threats had increased in the previous 12 months. And negligent insiders are thought to account for over 60% of such incidents.

What kind of things are we talking about? Passwords are key. Many employees reuse simple credentials across multiple work and non-work accounts. They only need to be breached once and hackers can use them in automated attacks to unlock the other accounts they protect. Sometimes passwords are so simple this can be done in seconds. The most popular one in South Africa last year was “123456”.

Other examples of negligent staff practices include use of personal devices to access work apps and documents, sharing of these devices with other household members, and failing to apply security updates. In many cases, those working from home are also more likely to click on phishing links, either because they’re more distracted or because they’re prepared to engage in more risky behaviour than if they were in the office. Just one click could give remote attackers a pathway into the corporate network via these home workers. At the height of the pandemic in 2020, Google claimed to be blocking 18 million phishing e-mails every day.

Introducing data-centric security

This matters because hybrid working is set to become the new normal for many South African workers. In fact, 73% want to work at organisations that promote a healthy lifestyle, safety and well-being. Even with the best user education in the world, the threat from negligent remote workers combined with opportunistic hackers will lead to a surge in cyber risk. And traditional security approaches that look to spot and block malware and vulnerability exploits don’t work if those threat actors can simply waltz through the cyber front door using stolen passwords.

This is where data-centric security comes in. The principle is simple: begin cybersecurity efforts by protecting what’s most important to your business, its data. Apply techniques like encryption, tokenisation, and format-preserving hashing and masking to ensure that if anyone is able to bypass your other security filters, they will not be able to read, use or sell that data.

In this way, data-centric security can enhance compliance with regulations such as Popia and reduce cyber-related risk — such as the financial and reputational damage that often stems from serious data breaches. Yet not all data-centric solutions are created equal. It’s important to find a solution that leverages intelligent AI algorithms to continuously discover and classify data across the entire IT environment – from internal networks out to the cloud. Corporate data is in constant flux—moving location, growing in volume and then being deleted. This adaptive approach ensures it will automatically be protected wherever it is, and no matter how much of it there is. Tight integration with data flows and applications will also streamline the entire process and optimise protection.

Insider risk isn’t the only cyberthreat organisations must contend with today. But it’s on the rise. However, the truth is that with effective data-centric security in place, South African organisations can begin to grow their business with more confidence, whatever their threat profile.

Comforte AG has evolved into a market leader for data security and cloud-native tokenisation. Combining our experience in securing data in motion and rest, we took our portfolio one step further and created a “Data Security Platform” that seamlessly integrates into the most modern cloud-native environments as well as traditional core systems. Now, more than 500 enterprises, including many Fortune 500 organisations, rely on comforte AG’s solutions to secure their data. With offices in Germany, the US, Singapore and Australia, comforte AG has global reach.