Catching the big phish
South Africa’s largest university, and a global leader in distance learning, The University of South Africa, faces some of the biggest challenges when it comes to mitigating cyber threats posed to its environment. Like all organisations, reducing the risk and exposure of phishing attacks is something that is at the forefront of the fight against cyber crime.
"We get thousands of e-mails every day from external sources, some legitimate, some with ill intent. We needed to generate awareness within the university of what phishing e-mails look like and what to be aware of when receiving e-mails. It is so easy to miss something small within an e-mail, personal or work related, and assume it is a legitimate e-mail, as not all users are aware of the indicators of risk," says Musa Mfeka, Deputy Director: Networks and Communications at UNISA.
It is estimated that, globally, billions of fake e-mails are sent every day in an attempt to bypass traditional cyber security silos, with 90% of successful breaches in the past year having resulted from phishing. With over 200 000 users within its landscape, the problem UNISA faced was mammoth, but not insurmountable.
"We decided to change our approach in terms of how we got the message to our users and we needed a team of experts to help develop, deliver and report on how vulnerable we are to phishing e-mails. Beyond this, we needed to implement a long-term plan to fight back against cyber crime, one that the entire institution could buy into; the KHIPU team was able to deliver exactly this. Their team of experts assisted in the customised simulated phishing campaigns, the delivery of the simulated phishing e-mails to various departments within the university as well as training our ‘at risk’ users in an effective, non-intrusive fashion and we are already reaping the benefits," says Mervyn Christoffels, Snr ICT Executive Leader at UNISA.
Cyber criminals have realised that their time is best spent trying to attack the one area institutions are unable to fully control, its users. This trend is not likely to change in the near future, with more and more organisations falling prey to the various type of phishing scams that have now become commonplace; UNISA has invested in its own staff and students to ensure that it isn't the next big phish.
“Awareness is vital and our service helps organisations understand their risk to these types of cyber attacks both from a user awareness and security infrastructure perspective. This allows them to then provide the right recommendations based on the findings. This isn’t just about sending e-mails to users and providing a report; we work in partnership with our customers to develop and implement a cyber security strategic plan that gives them contextual insights into their security systems, processes and users," says Chris Butler, Business Development Manager at KHIPU Networks.
For more information on KHIPU’s simulated phishing service: