Although cybercriminals and scammers are increasingly using social media to launch attacks on companies and individuals, they haven’t abandoned e-mail as a channel. In South Africa malicious e-mail traffic is amongst the highest in the world and so is the phishing rate.
“E-mail born security threats remain a major concern for local users. While individuals and companies may have the basics in place such as antivirus and anti-spyware software, these aren’t always updated with appropriate frequency to keep pace with threat evolvements. This leaves systems vulnerable to newer attacks.
“Robust, up-to-date e-mail security is as important as it has ever been,” says Richard Broeke, sales manager at Securicom, a specialist provider of managed IT security services in southern Africa.
Citing from the Symantec: Internet Security Report 2013, he says one in 178 e-mails are identified as malicious – putting the country in the top four geographies where malicious e-mail traffic is high. Malicious code includes programmes such as viruses, worms and Trojans which are secretly installed on computer systems to destroy or compromise data or steal sensitive information.
Phishing is another major concern, with more than one in 200 e-mails in South Africa identified as phishing. This high phishing rate puts South Africa second only to the Netherlands.
Phishing is an attempt by a third party to solicit confidential information from an individual, a group, or an organization by spoofing a specific, usually well-known brand. Users are usually tricked into revealing personal or sensitive information which phishers then use to commit fraud. Phishing e-mails convincing bearing the branding of banks, well-known retail stores, and SARS are common.
Spam, a bandwidth guzzler and often used as a conduit for malicious code, is also a problem. Globally, Symantec found around 30-billion spam e-mails in circulation every day – accounting for 68,5% of e-mail traffic. Broeke explains that malicious activity typically affects computers that are connected to high-speed broadband internet because these connections offer larger bandwidth capacities, higher speeds and the prospect of constantly-connected systems.
“This makes it easier and more convenient for attackers and spammers to inflict systems. Generally, attackers aren’t concerned about the size of the organization. As long as there is a stable and constant connection to the internet, small businesses and individual home-users can be targets.
“In fact, small to medium-sized businesses are often perceived as softer targets because they aren’t likely to have high level security measures in place as larger corporates typically do. The fact of the matter is that no organisation of any size can afford to go bare on e-mail security nowadays. If you’re vulnerable, cybercriminals and scammers will find you. Nobody thinks it will happen to them until it does,” he says.
Broeke says companies need to go beyond antivirus, anti-spam and anti-spyware software to mitigate these e-mail threats.
“Unfortunately, it is not only about stopping bandwidth wastage and preventing systems from being infected with destructive programmes. Companies need to exert greater control over the type of information that employees can send and receive over e-mail to prevent sensitive information from being intercepted, stolen and compromised.
“Data breaches, as well as the circulation of inappropriate and offensive content, by employees can land companies in hot water, and even lead to fraud and espionage. The only way to gain visibility and control over what employees use their e-mail for is to employ content filtering and enforce corporate e-mail usage policies to define and limit employees’ e-mail use,” he advises.
Securicom offers a premium e-mail security and content management service, ePurifier, which effectively protects companies against internet threats coming in via e-mail. The just launched ePurifier Version 5, although a cloud-based system, gives companies sophisticated tools and functionality typically of on-premise systems.
This includes the ability to create rules around which employees can receive certain types of e-mails and when – to the point that e-mails can be intercepted en route and re-routed to the most-appropriate person.
ePurifier is a complete message management solution encompassing comprehensive message content filtering, anti-SPAM, recipient validation, anti-phishing and three layers of anti-virus.
It is based on best-of-breed scanning and security technologies which are packaged as an integrated solution to protect against internet threats, reduce spam, eliminate viruses, prevent phishing, and stop the circulation of inappropriate material based on individual companies’ specific rules.
Because it is a cloud service, Broeke says is it extremely cost-effective for companies that don’t have the budget to buy and maintain an on-premise solution of the same standard.
“Companies shouldn’t skimp on e-mail security,” he concludes.