South Africa At Higher Risk Of Data Breaches, Says Phishing Trend Report

JOHANNESBURG – January 15, 2018 – The recent release by PhishMe®, the leading provider of human phishing defence solutions, of its South Africa Phishing Response Trends Report shows some startling findings in terms of security incidents stemming from deceptive e-mails. According to the report, some 90 percent of respondents have dealt with security incidents originating from deceptive e-mails, and yet more than half of the respondents do not possess the right tools and processes to effectively mitigate such threats.

PhishMe’s South Africa Phishing Response Trends Report looked at the phishing response strategies of IT security decision-makers across a variety of industries in the South African region. The report highlights that despite technology investments, local organisations are being flooded with suspicious e-mails targeting employees, noting that 80 percent of respondents had confirmed using anti-malware solutions, with 70 percent of respondents using computer based training to protect against phishing attacks. Nonetheless, with scattered technology, processes and limited resources, the majority of respondents still feel ill prepared to adequately respond to such threats.

Additionally, according to the Ponemon Institute, South African organisations are more exposed to data breach incidents than their counterparts across the globe, having scored the highest probability of experiencing a data breach in the next 24 months[1]. In line with phishing response trends emerging from the US and the UK markets, South African businesses claimed to be more unprepared to combat phishing attacks despite having dealt with more e-mail-related incidents. The report notes that in 2016, cybercriminals launched a digital offensive in South Africa, with attacks employing phishing and spear phishing tactics. According to Trend Micro, more than 6,000 local PCs were infected with banking malware.

Key findings from the survey include:

  • 90 percent have dealt with security incidents originating with a deceptive e-mail.
  • More than 60 percent have faced an e-mail threat more than once.
  • Nearly 20 percent of respondents see more than 500 suspicious e-mails weekly.
  • Nearly all respondents already have one security layer in place, with many respondents having more than four security layers in place.
  • E-mail-related threats are South Africa’s biggest security concern.
  • Over 50 percent of respondents highlighted that technology alone isn’t the answer to phishing.
  • 95 percent of surveyed IT professionals plan to upgrade their phishing response and prevention.

“With the average cost of a data breach surpassing the two and a half million US dollar mark, it has become mandatory for South African organisations to rethink the way e-mail-based threats are handled internally,” said Rohyt Belani, CEO and co-founder at PhishMe. “As we have seen in other parts of the world, relying on technology alone is insufficient to defend against today’s top threats, calling for a different approach based on automated phishing incident response powered by human intelligence.”

Anton Jacobsz, managing director at value-added distributor Networks Unlimited, which distributes PhishMe solutions throughout Africa, concludes, “The best form of defence against phishing is the education of your employees as the final protection layer in a holistic defence strategy, acknowledging that technology exists for, and is used by, people, who must therefore be included in the defence chain. This strategy underscores the need today for a completely holistic approach to cybersecurity, which works across a number of different platforms and does not rely only on IT support and technology applications.”

The full report is available for download here: https://phishme.com/phishing-response-trends-south-africa/

To learn more about PhishMe’s phishing incident solutions, please visit: www.phishme.com

Survey Methodology

This study was commissioned by PhishMe and delivered by Censuswide, an international market survey consultant. Censuswide surveyed one hundred select IT professionals, largely senior decision-makers, on phishing response strategies. The sample represented firms belonging to a variety of industries including business services, high tech, manufacturing, healthcare, financial, retail and wholesale trades, transportation, consumer services and telecommunications. All participants joined voluntarily and no telemarketing techniques were implemented.

About PhishMe

PhishMe is the leading provider of human-focused phishing defence solutions for organisations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defence by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organisation’s security decision making process. PhishMe’s customers include the defence industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behaviour will improve security, aid incident response, and reduce the risk of compromise.

Media Contact for PhishMe

Nick Lagalante
Global Corporate Communications, PhishMe
media@phishme.com
P: +1-571-393-2403

About Networks Unlimited

Networks Unlimited is a value-added distributor, offering the best and latest solutions within the converged technology, data centre, networking, and security landscapes. The company distributes best-of-breed products, including Arbor Networks, Attivo Networks, Fortinet, F5, HyperGrid, Mellanox, NETSCOUT, ProLabs, PhishMe, Rackmount, RSA, Rubrik, SevOne, Silver Peak, Thales, Tintri and Uplogix. The product portfolio provides solutions from the edge to the data centre, and addresses key areas such as cloud networking and integration, WAN optimisation, application performance management, application delivery networking, Wi-Fi-, mobile- and networking security, load balancing, data centre in-a-box, and storage for virtual machines.

Since its formation in 1994, Networks Unlimited has continually adapted to today’s progressively competitive and evolving marketplace, and has reaped the benefits by being a leading value-added distributor (VAD) within the Sub-Saharan Africa market.

Networks Unlimited complies with the South African Broad-Based Black Economic Empowerment (B-BBEE) guidelines as a Level 4 Contributor.

Contacts for Networks Unlimited

Networks Unlimited, Ingrid Mulaudzi, +27 (0) 11 202 8400, ingrid.mulaudzi@nu.co.za
icomm, Vivienne Fouché, +27 (0) 82 602 1635, vivienne@pr.co.za, www.icomm-pr.co.za

[1] Source: Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview (https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03130WWEN)

Greater Integration Between Incident Response Teams Now Possible with PhishMe Triage

Customers benefit from new APIs, multi-factor authentication, audit logs and status alerts

LEESBURG, VA. – December 22, 2017 – PhishMe®, the leading provider of human phishing defense solutions, today announced updates to PhishMe Triage™, its phishing incident response platform. These new capabilities enable security operations centers (SOCs) and incident responders (IRs) to automate the prioritization, analysis and response to phishing threats with greater ease.

The addition of fully documented REST APIs are one of the most central updates to PhishMe Triage. Information on emails, clusters, attachments, reporters, integrations and health stats can be easily pulled and visualized, providing tighter integration across response teams. For instance, the new API capability can be used to query PhishMe Triage at set intervals to notify a response team as soon as a phishing threat is identified. Other use cases include the ability to send information over to the second line team for quick remediation, track phishing defense progress and create custom dashboards to show historical data.

Additional updates provide PhishMe Triage customers with:

  • Additional security. Two-factor authentication provides an extra layer of security that works with Google Authenticator, Microsoft Authenticator, Duo and others
  • More accountability. Audit logs are generated to keep track of any activity within PhishMe Triage. With the audit log, visibility about who did something in PhishMe Triage, what they did and when they did it is captured. The audit log tracks over 145 Event ID’s across PhishMe Triage. Lastly, information provided in the audit can be viewed within the application, or exported.
  • Greater visibility. PhishMe Triage has also expanded support for syslog alerts. These can be created for clustering, performance, ingestion health and triage recipe monitoring, as well as operational performance. These alerts can be shared across the incident response team to distribute valuable threat information faster.

“Given the ever-changing nature of security threats, our product development team is constantly looking for ways to save our customers time and increase efficiency,” said Aaron Higbee, co-founder and CTO of PhishMe. “The latest enhancements to PhishMe Triage makes it easier for IR and SOC teams to act upon the collective work of their employees – ensuring that the collaboration between all departments plays a meaningful part in stopping phishing attacks before a breach occurs.”

PhishMe Triage integrates with existing security solutions including SIEM, anti-malware, analysis and threat Intelligence solutions and shares indicators of compromise and phishing with upstream security teams to block future attacks. For more information about PhishMe Triage, please visit: https://phishme.com/product-services/triage.

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision-making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behavior will improve security, aid incident response and reduce the risk of compromise.

10 Million End Users Bolster Cybersecurity Defenses with PhishMe

One-click reporting provides employees with tools needed to easily flag potential phishing attacks

LEESBURG, VA. – December 15, 2017 – PhishMe®, the leading provider of human phishing defense solutions, today announced that PhishMe Reporter® has been deployed to over 10 million end users’ work stations. With PhishMe Reporter, employees can easily flag a potential phishing email by clicking a button in their email toolbar, arming them with the tools needed to contribute to their company’s security posture.

Merry PhishMas: PhishMe Gifts Small Businesses with an Early Present This Holiday Season

The PhishMe Free Holiday Bundle reduces end user susceptibility to potential holiday related phishing attacks. 

LEESBURG, VA. – December 12, 2017PhishMe®, the leading provider of human phishing defense solutions, today announced the PhishMe Free Holiday Bundle, which the company is gifting businesses with 500 employees or less this season. The Bundle includes the PhishMe Free phishing simulation platform and three holiday related simulation scenarios, including Holiday Gift, Package Delivery, and New Year’s Eve e-card.

PhishMe Inc. and Wombat Security Technologies, Inc. Announce Settlement of Patent Dispute

LEESBURG, Virginia and PITTSBURGH, Pennsylvania, December 1, 2017

PhishMe Inc. and Wombat Security Technologies, Inc.  announced today that they have settled their patent dispute and entered into an agreement resolving the claims at issue in the litigation.  The parties’ litigation in the United States District Court for the District of Delaware will be dismissed, and the proceedings pending at the United States Patent and Trademark Office will be terminated.  As a part of the settlement, PhishMe granted a license to Wombat to the PhishMe patents involved in the litigation.

About PhishMe

PhishMe is a leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision-making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behavior will improve security, aid incident response and reduce the risk of compromise.

About Wombat Security Technologies, Inc.

Wombat Security Technologies is a leading provider of information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS-based cybersecurity education solutions include a platform of integrated broad assessments, as well as a library of simulated attacks and brief interactive training modules. Wombat’s solutions help organizations reduce successful phishing attacks and malware infections up to 90%. Wombat is helping small and medium businesses as well as Fortune 1000 and Global 2000 customers in industry segments such as finance and banking, energy, technology, higher education, retail, and consumer packaged goods to strengthen their cybersecurity defenses.

Forget Fear, PhishMe Finds Entertainment Makes the Most Irresistible Phishing Attack

Analysis of over 52 million phishing simulations finds that entertainment-based triggers account for almost 20% of successful phishing scams 

LEESBURG, VA. – November 30, 2017 – PhishMe®, the leading provider of human phishing defense solutions, today released its 2017 Enterprise Phishing Resiliency and Defense Report, which analyzes phishing simulation trends from over 1,400 PhishMe customers across the globe. With susceptibility rates on the decline and reporting and resiliency rates on the rise, PhishMe customers are seeing the benefit of anti-phishing programs within their organization.

PhishMe Named a Leader in the 2017 Gartner Magic Quadrant for Security Awareness Computer-Based Training

Company recognized as a Leader for second consecutive year and positioned highest in ability to execute 

LEESBURG, VA. – October 27, 2017 – Today PhishMe®, the leading provider of human phishing defense solutions, announced it was named a leader in Gartner’s October 2017 Magic Quadrant for Security Awareness Computer-Based Training. PhishMe has been recognized as a leader for two consecutive years and is positioned highest in ability to execute.