South Africa key to Mimecast's business strategy - new CEO

South Africa remains a key pillar for email security company Mimecast's business strategy, and the company plans to further expand its operations across Africa and hire more local talent.

That's according to new CEO Marc van Zadelhoff, who spoke to Connecting Africa during a recent trip to the company's South African offices.

"As Africa's most advanced economy, South Africa is a prime target for cyberthreats. Many of the tactics used we are witnessing been used around the world are also deployed to target businesses in the country," van Zadelhoff told Connecting Africa in an interview.

Mimecast is a global cybersecurity company, but many might not know it was founded by two South Africans – Peter Bauer and Neil Murray – back in 2003.

"Of all our operational markets, we have the highest market penetration in [South Africa]. So, my visit is not only about our heritage, it is also an example of what a mature Mimecast market looks like," he added.

"More than anything, my visit to SA is to ensure preparedness and alignment, helping our customers stay one step ahead of existing and emerging cyberthreats," the new CEO continued.

Van Zadelhoff is only Mimecast's second CEO, with co-founder Bauer acting as CEO for over 20 years. Bauer passed the torch in mid-January 2024 but remains a key Mimecast shareholder, active advisor and member of the board.

Before Mimecast, van Zadelhoff spent three years as CEO of Devo, a cloud-native security analytics company, and was also one of the founders of IBM Security, serving as GM/CEO of the $2.5 billion business unit he helped found.

Marc van Zadelhoff became Mimecast CEO in January 2024, taking over from co-founder and long-time CEO Peter Bauer. (Source: Mimecast)

Van Zadelhoff said that Mimecast has significantly expanded its operations globally since its inception two decades ago. Globally it now has over 42,000 customers, more than 4,400 of which are based in South Africa.

Today the company operates in North America, Europe, Africa, the Middle East and Asia-Pacific, and is headquartered in London, UK.

Alongside its global expansion, it is still heavily invested in South Africa and has a strong local presence with 350 employees and is actively hiring in the country.

"When I think of the vision for Mimecast's future, I think about the person behind the computer screen – they spend their workday collaborating, sharing data and rapidly moving from tool to tool: How can we protect them without interrupting their efficiency? Email remains the number one attack vector, but the work collaboration surface has expanded, and cybersecurity solutions must match that," he said of his vision for Mimecast going forward.

He plans to expand Mimecast's protection beyond email and collaboration solutions, to human risk management.

African growth story

Van Zadelhoff said that Africa is a mature market for Mimecast and a region where it is planning further expansion.

The African Development Bank predicts that Africa's GDP growth is expected to average 3.8% and 4.2% in 2024 and 2025, respectively, however with this growth comes more opportunistic cybersecurity threats.

"The continent has a youthful and tech-savvy population that are using mobile and Internet connections to start businesses, content creation, remittances and much more. The continent is also home to various tech hubs in key cities such as Cape Town, Lagos and Nairobi to name a few," he said.

"We are finding that more and more business across the continent needs our services. As we expand our capabilities, more businesses are moving to our platforms. As a result, we are expanding our operations [in Africa] and hiring more talented young people to keep local businesses secure," he added.

2024 cybersecurity trends

Mimecast's business strategy is based on the fact that email remains the simplest and most used attack vector for cybercriminals, not only in Africa but globally.

Email-borne attacks range from phishing and ransomware to social engineering, payment fraud and impersonation.

"This attack vector is not one-size-fits-all. As threat actors have evolved their email tactics over time, so have we. When email attachments became a big threat, we found an efficient way to block them. Same was true when they evolved to URL links," van Zadelhoff said.

He said the company is now seeing a big shift with the rise of artificial intelligence (AI) and Large Language Model (LLM) based attacks and is leveraging AI to counter these threats.

"When I think about trends, I think first and foremost in terms of the sophistication of cybercriminals, and the pace in which they operate. In January 2024 we blocked 250 million attacks against Mimecast-protected systems – a new all-time high for one month," the CEO said.

Mimecast's recent Global Threat Intelligence Report showed that small and medium enterprises (SMEs) faced a surge in threats when compared to larger corporates, with opportunistic attackers increasingly targeting SMEs with phishing and ransomware campaigns.

In 2023 the group also observed a rise in sophisticated impersonation tactics – with a 12% surge in attempts and a 22% increase in malicious links per user.

Attackers also leveraged PDF and Microsoft Excel formats, with a notable 158% rise in malicious PDFs and an 86% increase in various Excel formats, according to the global report.

Mimecast blocks email-borne attacks like phishing, ransomware, social engineering, payment fraud and impersonation. (Source: Image by Freepik)

When it comes to Africa specifically, Mimecast's 2023 State of Email Security (SOES) report found that two-thirds of South African's surveyed believed that cyberattacks are becoming increasingly sophisticated.

Over half of South Africans reported being harmed by a ransomware attack, while 92% said they were targeted by email-based phishing attacks. In response, organizations are deploying layered security strategies that protect communications, data and people.

"Brand impersonation is also a trend to be taken seriously. It takes years to build a successful brand, but all that loyalty can be lost in an instant if consumers think their personal data has been abused or made public. According to the SOES [report], 44% of companies have seen an increase in misuse of their brand via spoofed email," van Zadelhoff said.

He believes that with the growth of online threats and increased digitization of our personal and professional lives, maintaining safe online behavior has become essential to halt devastating cyberattacks in African organizations.

AI threat vs. opportunity

Van Zadelhoff told Connecting Africa that cybercriminals are leveraging AI to optimize brute force attacks, generate malicious deepfakes, propagate advanced phishing and malware campaigns, and increase the overall volume and velocity of their attacks.

"The rise of natural language processing (NLP) technology has also significantly impacted the AI battlefield. Cybercriminals use AI platforms to gather information about targets, craft realistic emails, and manipulate their targets, allowing cybercriminals to broaden their reach while maintaining personalization," he added.

However, on the other side of the coin, AI presents a great opportunity for the cybersecurity industry and van Zadelhoff sees the benefits as "clear and impactful."

"Through the power of machine learning and social graphing, solutions are made smarter and can work faster. With NLP, organizations will have more data at their disposal to make informed decisions and speed up the process of identification and remediation," he said.

Follow Connecting Africa on our new X account @connect__africa to get the latest telecoms and tech news across Africa.

"In simple terms, AI systems are driven by humans striving for different goals: defenders protecting critical data, and cybercriminals aiming for financial gain or sabotage," he concluded.

*Top image source: Image by rawpixel.com on Freepik.

— Paula Gilbert, Editor, Connecting Africa