The recent release by PhishMe, a provider of human phishing defence solutions, of its South Africa Phishing Response Trends Report shows some startling findings in terms of security incidents stemming from deceptive e-mails. According to the report, some 90 percent of respondents have dealt with security incidents originating from deceptive e-mails, and yet more than half of the respondents do not possess the right tools and processes to effectively mitigate such threats.
PhishMe’s South Africa Phishing Response Trends Report looked at the phishing response strategies of IT security decision-makers across a variety of industries in the South African region. The report highlights that despite technology investments, local organisations are being flooded with suspicious e-mails targeting employees, noting that 80 percent of respondents had confirmed using anti-malware solutions, with 70 percent of respondents using computer based training to protect against phishing attacks. Nonetheless, with scattered technology, processes and limited resources, the majority of respondents still feel ill prepared to adequately respond to such threats.
Additionally, according to the Ponemon Institute, South African organisations are more exposed to data breach incidents than their counterparts across the globe, having scored the highest probability of experiencing a data breach in the next 24 months according to the Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview. In line with phishing response trends emerging from the US and the UK markets, South African businesses claimed to be more unprepared to combat phishing attacks despite having dealt with more e-mail-related incidents. The report notes that in 2016, cybercriminals launched a digital offensive in South Africa, with attacks employing phishing and spear phishing tactics. According to Trend Micro, more than 6,000 local PCs were infected with banking malware.
Key findings from the survey include:
- 90 percent have dealt with security incidents originating with a deceptive e-mail.
· More than 60 percent have faced an e-mail threat more than once.
· Nearly 20 percent of respondents see more than 500 suspicious e-mails weekly.
· Nearly all respondents already have one security layer in place, with many respondents having more than four security layers in place.
· E-mail-related threats are South Africa’s biggest security concern.
· Over 50 percent of respondents highlighted that technology alone isn’t the answer to phishing.
· 95 percent of surveyed IT professionals plan to upgrade their phishing response and prevention.
“With the average cost of a data breach surpassing the two and a half million US dollar mark, it has become mandatory for South African organisations to rethink the way e-mail-based threats are handled internally,” said Rohyt Belani, CEO and co-founder at PhishMe. “As we have seen in other parts of the world, relying on technology alone is insufficient to defend against today’s top threats, calling for a different approach based on automated phishing incident response powered by human intelligence.”
Anton Jacobsz, managing director at value-added distributor Networks Unlimited, which distributes PhishMe solutions throughout Africa, concludes, “The best form of defence against phishing is the education of your employees as the final protection layer in a holistic defence strategy, acknowledging that technology exists for, and is used by, people, who must therefore be included in the defence chain. This strategy underscores the need today for a completely holistic approach to cybersecurity, which works across a number of different platforms and does not rely only on IT support and technology applications.”
The full report is available for download here: http://www.nu.co.za/phishing-response-trends-south-africa-welcome-to-the-jumble