South Africa is the second most targeted country globally when it comes to Phishing attacks, says Drew van Vuuren, CEO of information security and privacy practice, 4Di Privaca. With the cost of phishing in South Africa amounting to approximately $320 million in 2013 alone and with South Africa accounting for 5% of the total volume of all phishing attacks globally, it’s not a matter of “if” you or your company are going to be a target, but “when”. If you are not worried about phishing attacks, you should be!
Phishing is a form of e-mail deception where cyber-criminal attempts to obtain sensitive information or cause disruption to an organisation’s business operations. Phishing can be defined as an act of sending an email to the user in order to steal his personal information such as bank account details, credit card information etc. The email falsely claims to be from an established organisation and makes the user surrender his private information that will be used for identity theft.
Such emails may direct the user to click on a link which is a website where they are said to update their personal information like passwords, credit card details, social security number or bank account number. This type of bogus website is specifically designed for information theft.
The most common form of Phishing is, “Spear Phishing”, a more targeted version of Phishing where an e-mail is sent that appears to be of significant interest to the targeted individual. Spear Phishing often has a high success rate as it bypasses traditional security defences and exploits vulnerable software.
Most companies choose to downplay the inevitable threat that Phishing attacks pose, despite the many publicised cases that have resulted in personal, corporate, financial and reputational damage.
Most, if not all businesses, spend money on external safeguards and security. They may invest in security personnel, closed circuit television cameras, alarms and perhaps on a more rudimentary level, a visitor sign-in book. What they neglect to consider, is that threats also lurk online. Such risks can be dangerous and often devastating.
The targeted nature of spear phishing can unleash a major attack on corporate well-being and an attacker may gain access to e-mail systems, social media, banking details and corporate log-in details. Another impact of successful phishing attacks is reputational, with the impact of the attack being almost immeasurable. Additionally, high profile individual victims can also take hits to their reputation, which in turn harms the company’s brand.
The most effective defence against phishing attacks is prevention. To prevent, or at least cut down, on phishing attacks, businesses need to start a continual education program that implements security awareness amongst its staff. Ignoring the pitfalls of phishing can put a company at risk. Organisations should be educated on behavioural practices that prevent successful phishing.
Implementing and adopting a security awareness capability will foster an environment that will empower organisations users with the ability to separate the wheat from the chaff so to say. With South Africa having such a diverse economic landscape and many of the financial services being delivered in the mid-tier market valuable personal information on individuals is handled daily by these companies.
These organisations are the ones who are targeted most regularly by nefarious groups, intent on ensuring the inadvertent sharing of that valuable information so that they can benefit profitably from selling that information on or using it to perform fraudulent activities.