A new South Africa phishing response trends report from PhishMe includes worrying statistics for CISOs and CIOs in South Africa. The threat from phishing is greater in South Africa than many other countries, but companies are struggling to deal with the threat.
For the report, PhishMe looked at the technologies and strategies used by IT security decision makers in South Africa to deal with phishing attacks.
The report reveals 90% of businesses have had to deal with security incidents caused by phishing attacks, and more than 60% have had to deal with more than one incident. 20% of firms receive more than 500 suspicious emails every week.
Even though phishing poses the greatest security risk to companies in South Africa, more than half of South African firms do not have the necessary tools to remediate attacks and mitigate phishing threats. Consequently, the response to phishing attacks is inefficient and IT security teams are wasting an extraordinary amount of time – Time that could be put to much better use.
For the report, PhishMe assessed the phishing response strategies of companies in a wide range of industries in South Africa. Many firms have invested heavily in IT security solutions to block cyberattacks, malware and email spam. Yet even with those investments, inboxes are still flooded with suspicious – and in many cases malicious – emails.
80% of respondents said they had deployed anti-malware solutions while 70% said they are now providing employees with computer-based security awareness training to create a human firewall to defend against phishing attacks. However, even with these investments, training, and technology, many still do not feel they are prepared to deal with phishing attacks.
The findings detailed in the South Africa phishing response trends report mirror those of a recent South Africa phishing survey conducted by the Ponemon Institute. That survey showed companies in South Africa were much more likely to experience a data breach in the next 24 months than firms based in other countries around the world. South African firms had to deal with more phishing-related incidents than their counterparts in the USA and UK, yet were nowhere near as well prepared for phishing attacks. The lack of preparedness has not been missed by cybercriminals, who are increasingly targeting South African firms.
“With the average cost of a data breach surpassing the two and a half million US dollar mark, it has become mandatory for South African organisations to rethink the way e-mail-based threats are handled internally,” said Rohyt Belani, CEO and co-founder at PhishMe. “As we have seen in other parts of the world, relying on technology alone is insufficient to defend against today’s top threats, calling for a different approach based on automated phishing incident response powered by human intelligence.”
South African firms are responding to the increased threat from phishing by upgrading their phishing response and prevention strategies. 95% of surveyed companies were planning to improve their phishing response strategies, and more than 50% understood technology alone is not the answer.