Cybersecurity Gaps: Phishing Emails

Phishing emails represent a significant global cyber threat, with an estimated 3.4 billion dispatched daily totaling more than a trillion every year. In South Africa, the problem is particularly pressing due to several cybersecurity shortfalls, including limited endpoint protection and a lack of prioritisation of cyber defence. South Africa ranks fifth globally for cybercrime victim density, with 56,000 internet users affected per one million.

The lack of effective endpoint security measures, such as antivirus tools, firewalls and endpoint detection and response (EDR) systems, exposes organisations to higher risks of cyberattacks.

Cybercriminals exploit these gaps to gain access to sensitive systems, often resulting in considerable financial losses. The South African Banking Risk Information Centre (SABRIC) observed a 45 per cent increase in digital banking fraud incidents, with related financial losses rising by 47 per cent.

Check your organisation’s domain for Dark Web data: WhiteIntel

Stolen Credentials Empowering Scammers and Banking Fraud
Stolen credentials directly empower scammers by allowing them to bypass authentication steps, make unauthorised transactions and access financial data. These breaches often lead to identity theft and complex fraud operations. SABRIC attributes substantial financial damage estimated at around R3.3 billion each year to these activities.

Organisations that place a low priority on endpoint security are especially vulnerable, as infected endpoints can harbour malware, keyloggers or phishing payloads that harvest login credentials.

Once cybercriminals obtain legitimate credentials, they can navigate laterally through a network, stealing confidential information while remaining undetected. IBM’s 2023 Cost of a Data Breach Report indicates that when data exfiltration goes unnoticed, it significantly increases both the financial and reputational consequences for organisations.

IBM Report that half of Breached Organisations Unwilling to Increase Security Spend Despite Soaring Breach Costs

Ransomware groups frequently build on initial system breaches accomplished through phishing or the acquisition of stolen credentials. With valid login information, they can lock vital data behind encryption and then demand ransoms for release. Some actors also peddle stolen data to other criminal entities or leverage it for secondary attacks, such as targeted phishing or business email compromise (BEC) schemes.

Best Practices for Endpoint Protection and Monitoring
A comprehensive endpoint protection and monitoring strategy can significantly mitigate these risks. Organisations should maintain an accurate inventory of every device connected to their network, including computers, smartphones, tablets and internet-of-things devices, while conducting continuous oversight to detect anomalies or unauthorised use. Antivirus and anti-malware software with advanced threat detection capabilities should be installed and constantly updated. Strong access controls, including multi-factor authentication, can limit access to sensitive data to only those who require it.

Timely patch management, which involves applying security updates to address known vulnerabilities, is crucial for system integrity.

The South African Cybercrimes Act underscores the importance of adopting strong information security practices. Although it does not explicitly mandate ISO/IEC 27001 compliance, implementing the standard can help organisations create an effective information security management system (ISMS) that aligns with the Act’s requirements. ISO/IEC 27001 involves defining the organisation’s scope by considering internal and external factors, identifying stakeholders and establishing leadership commitment through a formal information security policy and assigned responsibilities. It also requires systematic risk assessment and planning, along with the provision of adequate resources, staff competence and effective documentation.

Practical execution includes ongoing risk evaluation, treatment of identified vulnerabilities and continuous performance monitoring. Regular internal audits and management reviews form a key part of this process, ensuring that any shortcomings are promptly addressed. Annex A of ISO/IEC 27001:2022 comprises 93 controls grouped under organisational, people, physical and technological categories, covering issues such as access control, encryption, physical security and incident response. By implementing this framework, organisations can carefully examine their security threats, design and enforce appropriate security controls and establish processes for continuous improvement.

Competitor espionage commonly involves spear phishing and social engineering tactics, whereby carefully crafted emails prompt staff members to divulge critical information. Watering hole attacks, which compromise websites frequented by employees from target organisations, can also be used to distribute malware. Insiders, whether coerced or bribed, sometimes become direct conduits for leaks of sensitive data. Another route to infiltration is through supply chain attacks, in which attackers breach a third-party vendor as a steppingstone to the primary target.

Stealth tactics help attackers remain undetected, allowing them to gather information for extended periods without raising alarms.

This long-term access enables a continuous flow of intelligence, from details about product strategies to insights into market positioning. The lack of overt evidence in stealth campaigns often delays a defensive response, making it easier for attackers to maintain backdoors for ongoing operations. They can also accumulate sensitive data ranging from strategic plans to potentially embarrassing corporate information for future use, including blackmail or sabotage timed to create maximum disruption.

As we consider the persistent threat of phishing emails and the rising wave of cybercrime in South Africa, it is impossible to ignore the far-reaching implications for our digital future. The statistics tell a stark story of a nation tackling cybersecurity not merely as a technical hurdle, but as a mirror of its broader societal priorities.

The evident hesitation to invest in effective endpoint security exemplified by the IBM finding that half of the organisations breached were unwilling to boost security budgets even as breach costs climbed raises fundamental questions about our preparedness.

Are we, as a society, truly ready to confront the fact that our digital infrastructure is more than just an asset, but a battleground where every unprotected endpoint can become a foothold for cyber adversaries? The sophisticated operations of groups like “Scattered Spider” & "RansomeHouse" show that behind every phishing email or ransomware strike lies not only criminal intent, but a nuanced awareness of human behaviour and technological weak points. This realisation should propt us to move beyond viewing cybersecurity as a box-ticking exercise and instead embed it as a core element of our organisational culture and national strategy. Only then can we hope to counteract the relentless tide of cybercrime that threatens to undermine trust and efficiency across our digital realm.