SA is the second most targeted country globally when it comes to phishing attacks, says Drew van Vuuren, CEO of information security and privacy practice, 4Di Privaca.
With the cost of phishing in SA amounting to approximately $320 million in 2013 alone and with SA accounting for 5% of the total volume of all phishing attacks globally, it's not a matter of if you or your company are going to be a target, but when, says Van Vuuren, adding that if you are not worried about phishing attacks, you should be.
Phishing is a form of e-mail deception where cyber-criminal attempts to obtain sensitive information or cause disruption to an organisation's business operations, he explains. Phishing can be defined as an act of sending an e-mail to the user in order to steal his personal information such as bank account details, credit card information etc.
He notes that the e-mail falsely claims to be from an established organisation and makes the user surrender his private information that will be used for identity theft.
Such e-mails may direct the user to click on a link, which is a Web site where they are asked to update their personal information like passwords, credit card details, social security number or bank account number. This type of bogus Web site is specifically designed for information theft.
The most common form of the practice is "spear phishing", a more targeted version of phishing where an e-mail is sent that appears to be of significant interest to the recipient, says Van Vuuren. He points out that spear phishing often has a high success rate as it bypasses traditional security defences and exploits vulnerable software.
"Most companies choose to downplay the inevitable threat that phishing attacks pose, despite the many publicised cases that have resulted in personal, corporate, financial and reputational damage.
"Most, if not all, businesses spend money on external safeguards and security. They may invest in security personnel, closed circuit television cameras, alarms and perhaps on a more rudimentary level, a visitor sign-in book. What they neglect to consider, is that threats also lurk online. Such risks can be dangerous and often devastating."
Van Vuuren also notes that the targeted nature of spear phishing can unleash a major attack on corporate well-being and an attacker may gain access to e-mail systems, social media, banking details and corporate log-in details. "Another impact of successful phishing attacks is reputational, with the impact of the attack being almost immeasurable. Additionally, high-profile individual victims can also take hits to their reputation, which in turn harms the company's brand."
To Van Vuuren, the most effective defence against phishing attacks is prevention. "To prevent, or at least cut down on, phishing attacks, businesses need to start a continual education programme that implements security awareness among its staff. Ignoring the pitfalls of phishing can put a company at risk. Organisations should be educated on behavioural practices that prevent successful phishing.
"Implementing and adopting a security awareness capability will foster an environment that will empower organisations users with the ability to separate the wheat from the chaff so to say. With South Africa having such a diverse economic landscape and many of the financial services being delivered in the mid-tier market, valuable personal information on individuals is handled daily by these companies.
"These organisations are the ones that are targeted most regularly by nefarious groups, intent on ensuring the inadvertent sharing of that valuable information so that they can benefit profitably from selling that information on or using it to perform fraudulent activities," he concludes.
Share