Intelligent CIO Logo
Enterprise SecurityRegional News

Email hacking: it’s about compromising humans, not infrastructure

Email hacking: it’s about compromising humans, not infrastructure

Brandon Bekker, Managing Director at Mimecast Africa and Middle East

Intelligent CIO caught up with Mimecast’s MD for Africa and Middle East, Brandon Bekker, at GITEX to discuss Africa’s cybersecurity landscape.

Q: How has Mimecast witnessed cyberattacks in Africa evolving in the last couple of years? What do you currently identify as a cybersecurity priority for the continent?
It’s quite difficult also to be generic about Africa. We originated in South Africa where we have a substantial business, which is also the strongest economy in Africa, other than Nigeria from time to time. A lot of the thought leadership actually emanates from South Africa into Africa, not pervasively but there is a lot of that kind of thought leadership. Vendors will set up in South Africa, for example, and then move up through. Typically, what they’re looking for is regions that have stable economies.

I think the first thing is to identify where the good places are to do business. For us, South Africa obviously and then neighbouring countries to South Africa. We’re focusing quite a bit on East Africa, which is quite an advanced IT economy specifically in Kenya in Nairobi.

I can’t tell you what is going on in Algeria and Ivory Coast, for example. We’re just not exposed to that. But in terms of the countries that we operate in, the landscape mirrors anywhere else that we operate. Targeted threats are a pretty generic and pervasive threat across all countries where email is a big part of daily business, which is just about any country, certainly in the western world.

Where there’s email, hackers are trying to penetrate those email systems because human beings are the soft underbelly. It’s not always about infrastructure being compromised, it’s about compromising humans. Humans have email addresses and that’s a very vulnerable point in terms of where cyberattacks can emanate from.

Perhaps one area that Africa doesn’t have as much exposure is that they don’t have as much user awareness training that you get typically in First World kinds of economies. Maybe the user behaviour is a little less aware and educated than it would be in South Africa or anywhere else that we do business.

But we are picking on those, there are compromises in those regions that we are operating in and that’s lending itself to an opportunity for us.

Q: Is Mimecast looking to expand throughout other areas of Africa?
Yes, but organically from where we have a presence and that is in South Africas, which covers South Africa and neighbouring countries such as Botswana, Zambia, etc. Then out of East Africa which is Kenya, Tanzania.

Q: Do you see cybersecurity investment as proactive in Africa, or is it more often reactive when a breach has already happened?
I think businesses that have a high-risk awareness and high levels of governance and compliance obligations, they are proactive and they invest to protect themselves. But a lot of business, probably the majority, don’t. They’ll have layers of security, but they’re not necessarily proactive in how they invest.

Unfortunately then, when they get breached then that’s a call to action. In our experience in Africa, businesses aren’t as proactive at this point in time, but we expect them to become more so, as the examples of the targeted threats are exposed in the media.

%d bloggers like this: