Security breaches from phishing emails are on the rise but users still don’t properly guard against them.
PhishMe’s “South Africa Phishing Response Trends Report” shows that, while 90% of respondents have dealt with security incidents originating from deceptive e-mails, more than half of the respondents do not possess the right tools and processes to effectively mitigate such threats.
The reports looks at the phishing response strategies of IT security decision-makers across a variety of industries in the South African region. It highlights that, despite technology investments, local organisations are being flooded with suspicious e-mails targeting employees. IT notes that 80% of respondents confirmed using anti-malware solutions, with 70% using computer-based training to protect against phishing attacks.
Nonetheless, with scattered technology, processes and limited resources, the majority of respondents still feel ill prepared to adequately respond to such threats.
According to the Ponemon Institute, South African organisations are more exposed to data breach incidents than their counterparts across the globe, having scored the highest probability of experiencing a data breach in the next 24 months.
In line with phishing response trends emerging from the US and the UK markets, South African businesses claimed to be more unprepared to combat phishing attacks despite having dealt with more e-mail-related incidents.
The report notes that, in 2016, cybercriminals launched a digital offensive in South Africa, with attacks employing phishing and spear phishing tactics. According to Trend Micro, more than 6 000 local PCs were infected with banking malware.
Key findings from PhishMe’s survey include:
* 90% have dealt with security incidents originating with a deceptive e-mail.
* More than 60% have faced an e-mail threat more than once.
* Nearly 20% of respondents see more than 500 suspicious e-mails weekly.
* Nearly all respondents already have one security layer in place, with many respondents having more than four security layers in place.
* E-mail-related threats are South Africa’s biggest security concern.
* Over 50% of respondents highlighted that technology alone isn’t the answer to phishing.
* 95% of surveyed IT professionals plan to upgrade their phishing response and prevention.
“With the average cost of a data breach surpassing the two and a half million US dollar mark, it has become mandatory for South African organisations to rethink the way e-mail-based threats are handled internally,” says Rohyt Belani, CEO and co-founder of PhishMe. “As we have seen in other parts of the world, relying on technology alone is insufficient to defend against today’s top threats, calling for a different approach based on automated phishing incident response powered by human intelligence.”
Anton Jacobsz, MD of PhishMe distributor Networks Unlimited, adds: “The best form of defence against phishing is the education of your employees as the final protection layer in a holistic defence strategy, acknowledging that technology exists for, and is used by, people, who must therefore be included in the defence chain. This strategy underscores the need today for a completely holistic approach to cybersecurity, which works across a number of different platforms and does not rely only on IT support and technology applications.”