July 13, 2022

Email phishing is still a threat to businesses

Email phishing is one of the oldest types of cyber crime, starting back in the 1990s when email started to gain traction. Fast-forward three decades and email phishing is on the rise and still a threat to businesses. The remote work culture left many businesses at the mercy of their employees’ home internet and personal laptops.

Without advanced cyber protection, these internet connections and devices exposed business networks to attack, particularly through compromised emails. South Africa has an extremely high rate of cyber crime activity. Reports reveal that there were 230 million threats between January 2020 and February 2021.

In terms of the number of cyber crime victims, South Africa ranks the third highest in the world, with email phishing being the most common source of attack. Without advanced email protection, as provided by SEACOM Business, South African enterprises expose themselves to attack.

Email phishing is a threat to South African enterprises

There is a long history of phishing scams in South Africa. In 2005, several South African banks were victims of major phishing scams. Back then, banks had a window of 15 to 30 minutes to detect the threat and block them. This was considered enough time to prevent an attack. Nowadays, email security software needs to pick up any issues in a matter of minutes at most.

The rise in email phishing in recent years has been aggravated by the Covid-19 pandemic and the growing prevalence of a highly mobilised remote workforce. Apart from cyber security, poor physical security also sends a shiver down the spine of tech security teams. If an employee's laptop gets lost or stolen, hackers can gain access to their accounts.

By sending seemingly legitimate emails from an employee's email account, other employees can easily fall victim to email phishing. Even one compromised email can have a devastating impact on a large enterprise because of ransomware attacks, breach of confidential data or even a full-blown DDoS attack.

Effects of email phishing on South African businesses

Business email compromise (BEC) is still a significant concern, according to an Interpol report released in late 2021. Email threat detections in Africa amounted to almost 680 million. South Africa is a hotspot for illicit email activity with the highest rate of threats in Africa. Phishing emails rank among the most common types of attacks faced by South African businesses, highlighting the need for enhanced email security.

Emails are an easy entry point for attackers. From there, hackers are able to gain access to business networks and cause disruptions to a business’s digital infrastructure. Unmonitored emails and untrained employees leave businesses vulnerable to attack. Protecting digital assets starts with a strong-handed approach to email security.

Upskill staff to detect and deal with email phishing

With an increased volume in emails, employees may become complacent as they try to clear their inbox as quickly as possible. Regular staff training programs should be designed to equip employees with the ability to spot phishing attempts. Such programs can include randomised or formal testing and one-on-one or group training sessions. Simulated attacks and interactive training courses serve to highlight which employees fall for attacks more easily.

It is essential to raise awareness of impersonation or brand-spoofing techniques. Employees should treat emails with caution, particularly if they demand last-minute changes to account details or a transfer of funds. Brand-spoofing and impersonation account for nearly half of all phishing attacks.

Most people are now aware of the dangers of downloading an attachment from an unknown sender and most anti-virus software is able to alert users to suspicious files. However, it should be taken for granted that employees can detect spam or phishing emails. Security policies need to be regularly reviewed. Email security policies should include topics such as password policies, using secure networks, policies around devices and what to do if they inadvertently fall victim to an attack.

Why email security need updating

In recent years, cybercrime has become increasingly commercialised. Phishing-as-a-service (PhaaS) and ransomware-as-a-service (RaaS) makes it easier for anyone with an internet connection and malicious intent to launch a cyber attack. PhaaS has gained momentum and some vendors are selling their services for as little as R640 per month.

Hackers get through traditional security tools. These days, cyber criminals are able to bypass signature-based defences and go through trusted sites. This makes it difficult for employees to detect email-borne attacks. Without advanced email protection, large enterprises leave themselves vulnerable to a cyber attack.

Advanced email protection for South African businesses

SEACOM Business email protection includes impersonation protection and URL protection. Enterprises benefit from automated protection that draws on global threat intelligence to provide the most cutting-edge protection for corporate emails.

Our solutions include domain-based message authentication, reporting and conformance (DMARC) email authentication which prevents hackers from spoofing domains and organisations. Protecting both senders and recipients, SEACOM Business offers enhanced email protection that rapidly detects account takeovers and business email compromise. For more information or to get a quote for enhanced email protection, email us at marketing@seacom.com or leave us a message.

SEACOM owns Africa’s most extensive network of information and communications technology (ICT) infrastructure, including subsea cables and secure internet connections. We offer a diverse range of flexible, scalable and high-quality solutions for businesses that meet world-class standards for connectivity.

SEACOM is privately owned and operated, making it agile and adaptable to the needs of the customer. This makes us the preferred ICT and internet connectivity partner for African businesses and peripheral service providers. We can guarantee high-speed, low-latency and secure internet connections to corporates and small enterprises.

For‌ ‌more‌ ‌information‌ ‌on‌ our internet and voice solutions, ‌follow‌ ‌us‌ ‌on‌ ‌‌LinkedIn‌,‌ ‌‌Facebook‌ ‌or‌ ‌‌Twitter.‌ ‌Keep‌ ‌an‌ ‌eye‌ ‌on‌ ‌our‌ ‌‌news‌ ‌section‌‌ ‌for‌ ‌insightful‌ ‌articles‌ and relevant news stories on African ICT, internet connectivity and our leading cloud and security solutions.

Need internet for your home? Our subsidiary, WonderNet, brings fast and cost-effective broadband internet to all Africans with a fibre-to-the-home offering.