You may be thinking your firewall, desktop antivirus and anti-spam gateway are protecting you, but is your organization really safe from hackers, crackers and cyber-criminals? 

There is always one huge gap in your security strategy you’re overlooking – your users! Cyber-criminals know that the weakest link in any organisation is the human; the person at the other end of the screen who is fallible and susceptible to their sophisticated and wily ways.

Cyber-criminals and hackers are making use of sophisticated social engineering techniques in email and instant messages to trick your staff. They research their targets with meticulous accuracy, picking key individuals and apparent soft touches in your business; sending those people cleverly convincing emails, otherwise known as spear-phishing. The hackers have used your personal information, social media presence and publically available information to target you.  

Usually, spear-phishing emails will goad you into clicking a compromised link that leads to a malicious website, or tricks you into divulging some login credentials. From there, the hackers gain access to you or your organization’s sensitive information. Incidences of spear-phishing are on the rise across the world, including South Africa, as it becomes the tool of choice for cyber-criminals looking to break into businesses.

If you’re not careful, you might fall prey to these types of spear-phishing hackers. There’s the Crafty Colleague, who uses a disguised email address or domain to appear as one of your co-workers. Then the Dubious Banker, who kindly asks to see that your bank account details comply with regulations such as FICA, RICA and POPI.

We also can’t forget the Tricky Taxman, who acts like they are from the government and informs you of a tax-back pay-out and asks for your banking details or to open a malicious attachment. The Social Media Stalkers constantly monitor your social media accounts to learn what you personally like and use that against you in the form of a fake subscription to a hobby-related or lifestyle magazine, a voucher for a discount on something they know you’ll want or even an opportunity to trial something for free – all in the name of gaining your personal information, credit card details or access to your system. Lastly, there are the Mafia Mailers, who will exploit your fear of a cyberattack by pretending to be protected payment services that need you to update your password or financial details.

In South Africa and throughout the globe, every day people fall for attacks from each of the crafty spear-phishing hackers mentioned above, due mostly to a lack of basic security awareness. Most organizations take a reactive approach to security, only plugging gaps after details of some new exploit has hit the news or worse yet, their own network gets “popped”. National awareness programmes don’t exist, which means users simply don’t know or engage in basic security practices. As a result, at Mimecast we feel that education is hugely important and the first step on the long journey to increase our users’ security awareness.

What needs to happen for to stand a chance against cybercriminals? Locally, companies need to automate their security measures where possible and make security simple for the average user by taking the complexity out of their hands and putting it in the background, as well as making sure that users are made aware of the risks associated with things like links in emails

It takes only one click on a malicious email link for a company’s entire network to be compromised and their intellectual property to end up publically available on the Internet. Therefore, users need to be empowered to make safe choices. By bringing together education, automation and technology, companies can rest assured they’re safe behind the best technological protection available as well as an effective human security system we call the ‘human firewall’. The human firewall is the pinnacle of enterprise security, and one we should all aim for.

To help protect your business from falling victim to cyber-attacks attend the Mimecast Human Firewall Event on 10 September in Johannesburg. Register on If you can’t make it to the event, be sure to check out this on demand human firewall webinar.  


We recently released a new Targeted Threat Protection service to help protect employees from weaponized email attachments – Attachment Protect.

Malicious email attachments are a critical threat to businesses as they can easily bypass existing defences as part of sophisticated spear-phishing attacks. For example, a macro in a Word document could run when the file is opened and deploy malware onto targeted systems or attempt to download content from a malicious website. Attackers are using this weakness to infiltrate organizations in order to achieve their goals, that may include stealing data, staging ransomware demands or even a springboard attack on another company.

Mimecast Targeted Threat Protection - Attachment Protect is a fresh approach to attachment sandboxing – driving safety without added latency.
Mimecast Targeted Threat Protection - Attachment Protect is a fresh approach to attachment sandboxing – driving safety without added latency.

To counter this threat, sandboxing has become a vital technical defense. Attachment Protect offers this critical protection - incoming mail is held by the Mimecast gateway while we establish if there is any hidden code in the attachment by security checking the file in our sandbox. The sandbox spins up a virtual environment, opens the file and performs a deep security analysis on the contents. If the file is deemed safe, we deliver the mail to the recipient.

But sandboxing does have its limitations. It delays external emails and this can frustrate employees and impact their productivity. It can also be expensive. So organizations often limit who they protect to keep costs under control. That is clearly not ideal as it gives attackers a potential back door into an organization.

Mimecast Targeted Threat Protection - Attachment Protect makes it cost effective and easier to protect the whole organization.

It does this by replacing inbound email attachments that could contain malicious code (e.g. PDF or Microsoft Office files) with safe, transcribed versions – neutralizing any malicious code. Mails passing inbound through our gateway that contain potentially vulnerable attachments are processed by our Message Transfer Agent where they are transcribed to a different file format. For instance, a Word document is converted to a PDF file. The PDF file format visually renders the content in the same way to the reader. The difference is that the execution environment has changed and so any malcious macros or code are rendered inactive as part of this process.

Most employees only need to view attachments, so no further action is needed. In fact, our research shows that approximately 51% of attachments are read-only PDF files, followed by 17% Word, 9% Excel and 3% PowerPoint.* However, if employees need to edit a file, a link in the email can be used to request the original file on-demand via our sandboxing service.

It’s a fresh approach to attachment sandboxing. Administrators can choose the best mix of safety, performance and functionality for their organiziation. In addition, granular reporting allows for end-to-end, real-time threat analysis.

For comprehensive zero-hour threat protection, customers can combine Mimecast Targeted Threat Protection – Attachment Protect, with our URL Protect service. Now, in addition to link rewriting, URL Protect includes innovative user awareness capabilities so IT teams can raise the security awareness of employees.

If you’d like more information, please read more on our site here – thanks!

*Source: Analysis of 1 terabyte of Mimecast platform data, 2015


When it comes to enterprises finding innovative ways to neutralize widespread email-based attacks, I’ve made the case before that it's employees – the same “weak links” who unknowingly click on malicious email URLs and attachments – who could actually be the strongest allies of IT managers in fighting back against these threats.  

There’s one caveat, though. The “human firewall” will not be as successful if employees are merely aware that email-based threats exist. Attackers know employees either don't care about cybersecurity or don't know enough to ward off threats, which is why spear-phishing and social engineering attacks continue to be so effective.

Attackers know employees either don't care about cybersecurity or don't know enough to ward off threats, which is why spear-phishing and social engineering attacks continue to be so effective.
Attackers know employees either don't care about cybersecurity or don't know enough to ward off threats, which is why spear-phishing and social engineering attacks continue to be so effective.

To explore the problem further, last week I hosted a webinar, "The Human Firewall: Strengthening Email Security," where I was joined by Mimecast Product Manager Steve Malone and Forrester Research Analyst Nick Hayes.

 Here are three takeaways from the webinar:

 1. Shore Up Your First Line of Defense

 Picture your cybersecurity infrastructure. At the core is all the sensitive data you're trying to protect. The first line of defense should be your cybersecurity technology. This is critical. Technology is not a security guarantee, but if you have the right controls in place, like Targeted Threat Protection, then fewer threats will actually break through.

This is important because your next line of defense comprises your employees – the “human firewall.” If your technology is working correctly, employees won’t be overwhelmed by a wave of continuous threats; they'll be less likely to fall victim to the few that may enter your infrastructure.

2. Appeal to Employees' Ability and Motivation

So, what happens when a threat actually does reach your “human firewall”? Are your employees properly trained to recognize and react to it? The answer depends on how well they were trained.

To illustrate how to educate employees, Nick gave the hypothetical example of a mobile phone ringing and explained there were two reasons why someone wouldn't answer it – either they didn't have the ability to do so (too busy) or didn't have the motivation (just didn't feel like talking). 

Applying the example to cybersecurity training, "ability" refers to whether employees have learned how to recognize and respond to threats, while "motivation" refers to whether they understand the consequences of whatever action they take, right or wrong. 

The best training stresses both, and does so in compelling language that employees will remember.

3. Link Desired Behaviors to Necessary Knowledge

Once employees understand the threats at bay, the next step is to teach them new behaviors. To get to that point, employees need context. You first have to identify their current behaviors putting your organization at risk. This could be, for example, clicking on malicious links or attachments.

Once those behaviors are clear, determine the desired alternatives. So, instead of clicking on a malicious link, you'd want your employees to recognize a link or attachment as being malicious and then flag it to the IT department. By working backwards from that point, you would know exactly the knowledge you would need to impart upon your employees about email-based threats.

The Writing is on the Firewall

While it may seem farfetched that IT departments can build a savvy, well-trained army of cyber defenders from the same employees who previously snuck shadow IT into the workplace and jeopardized enterprise security, the process works. We've seen the technology and the “human firewall” go hand-in-hand to protect organizations that were previously vulnerable. And it can work for your company too.

Read More:

The Human Firewall: Why the Humans Might Be the Answer

To learn more, please play our on-demand webinar, "The Human Firewall: Strengthening Email Security." 


The Rise of Cybercrime-as-a-Service

by Orlando Scott-Cowley - Cyber Security Specialist

It’s long been said that when botnets first appeared, they were the first usable forms of cloud computing. Now with hindsight they fit the NIST definition of cloud computing very well and have become rapidly scalable and on-demand.

More recently criminal malware has taken a turn towards being more akin to enterprise-grade software through its entire lifecycle. It’s not unusual to find your rental of a botnet now comes with 24x7 support and channel reseller margins. Buying exploit kits, renting botnets, and using enterprise-grade cloud technology, Crime-as-a-Service (CaaS) has become part of the latest breed of XaaS, offering the same benefits of cost and complexity reduction as well as lower barriers to entry. Using CaaS gives anyone an instant criminal business model in the cloud.

What we know today, is that CaaS is starting to have its own marketplace, run by well organized criminal mega-gangs; support contracts for purchasers are not uncommon.
What we know today, is that CaaS is starting to have its own marketplace, run by well organized criminal mega-gangs; support contracts for purchasers are not uncommon.

CaaS has been given much publicity since the 2014 Internet Organized Crime Threat Assessment (iOCTA) report from Europol described the commercialization and availability of the technology and how it’s impacting legitimate enterprises in real time.

The rise of CaaS is another step on the roadmap of the crimeware that has been instrumental in many of the most recent attacks, where Zeus and its variants like Citadel and Gameover have led to significant loss of data. What we know today is that CaaS is starting to have its own marketplace, run by well-organized criminal mega-gangs; support contracts for purchasers are not uncommon, nor are healthcare and pension plans for employees.

This threat takes how we think about our own protection to a new level. The high-profile breaches of the last twelve months all managed to evade well known or best of breed corporate defenses, so it’s no surprise that enterprise IT managers and CIOs are starting to lose sleep about their next big breach. In many cases, this fear is born out of a realization that platforms like CaaS have become rapidly more advanced than the protections they have within their own environments.

Targeted Threat Protection is once again at the top of the agenda, for C-level managers, as well as those who deploy and run the technology. The sophistication of the attacks means we can no longer sit back and wait for our protection to do its job. We all need to become much more actively defensive – not offensive, but active in our defenses.