SA at higher risk of phishing scams: report

Read time 3min 20sec
E-mail-related threats are SA's biggest security concern.
E-mail-related threats are SA's biggest security concern.

South Africa is at higher risk of data breaches stemming from phishing scams.

This is according to the South Africa Phishing Response Trends Report commissioned by phishing defence solutions firm PhishMe and delivered by market survey consultant Censuswide.

The research is based on a survey of 100 IT professionals, largely senior decision-makers, from firms belonging to a variety of South African industries, including business services, high tech, manufacturing, healthcare, financial, retail and wholesale trades, transportation, consumer services and telecommunications.

According to the report, around 90% of respondents said they have dealt with security incidents originating from deceptive e-mails, and yet more than half of the respondents do not possess the right tools and processes to effectively mitigate such threats.

"E-mail-related threats are SA's biggest security concern with more than 60% having faced an e-mail threat more than once and nearly 20% of respondents receiving more than 500 suspicious e-mails weekly.

"Furthermore, nearly all respondents already have one security layer in place, with many respondents having more than four security layers in place. Around 95% of surveyed IT professionals plan to upgrade their phishing response and prevention," according to the report.

The report further found that that 80% of respondents had confirmed using anti-malware solutions, with 70% of respondents using computer-based training to protect against phishing attacks.

Nonetheless, with scattered technology, processes and limited resources, the majority of respondents still feel ill-prepared to adequately respond to such threats, says PhishMe.

"With the average cost of a data breach surpassing the two and a half million US dollar mark, it has become mandatory for South African organisations to rethink the way e-mail-based threats are handled internally," said Rohyt Belani, CEO and co-founder at PhishMe.

"As we have seen in other parts of the world, relying on technology alone is insufficient to defend against today's top threats, calling for a different approach based on automated phishing incident response powered by human intelligence is vital."

According to another report by the Ponemon Institute, South African organisations are more exposed to data breach incidents than their counterparts across the globe, having scored the highest probability of experiencing a data breach in the next 24 months.

In line with phishing response trends emerging from the US and the UK markets, South African businesses claimed to be more unprepared to combat phishing attacks, despite having dealt with more e-mail-related incidents, notes Ponemon Institute.

Simeon Tassev, MD and Qualified Security Assessor at Galix Networking, says 2018 will see significant investment in cyber security initiatives, as more local organisations seek to protect themselves and their customers from attacks.

"2017 saw a boom in ransomware attacks and 2018 is likely to see more. Ransomware is now considered a thriving industry in shady circles, one which is driven by the thriving crypto-currency market. Security awareness will be critical to organisational cyber security strategies, however may not be enough to combat attacks as they evolve.

"Organisations will need to start reviewing and revising their cyber security strategy more frequently, at least annually, however, bi-annually to quarterly is preferable, especially for larger concerns.

Anton Jacobsz, MD at ICT distributor, Networks Unlimited, which distributes PhishMe solutions throughout Africa, concludes: "The best form of defence against phishing is the education of your employees as the final protection layer in a holistic defence strategy, acknowledging that technology exists for, and is used by, people, who must therefore be included in the defence chain."

See also