Email scams biggest digital security risk in SA
Experts say South Africans need to know how to protect themselves as phishing attacks are on the rise.
How often do you get an email stating you have won some competition, inherited a large sum from a loved one you have never met, or have an overseas investment pay out?
More importantly, how often do you open these emails?
A new report has found email scams - also known as phishing attacks - pose the biggest threat to South Africa's digital security.
The digital security company PhishMe has found phishing is the top security concern with more than half of those surveyed saying they do not believe they can adequately deal with an attack.
While determining the exact number of attacks in South Africa remains difficult, the Ponemon Institute reports the cost of data breaches to South African companies stands at around R 30,968,971.00.
Some experts say phishing is the preferred method of obtaining sensitive information for a number of reasons.
The risks associated with a phishing attack is often lower than more traditional forms of hacking, says the head of growth at the financial technology start-up ThisIsMe.
"Only 13% of them actually get caught," says Brennan Wright, "and when they do get caught there's not much in the way of law to put them behind bars."
"The risks are mitigated and the rewards are enormous for them," says Wright, adding sending a large number of malicious emails is easy.
Brian Pinnock, a cyber security expert at Mimecast, the international email management company, says phishing is the biggest unprotected backdoor as companies get better and protecting themselves from other attacks.
He agrees with Wright saying emails are "almost risk free" and hope someone would be lured into the trap.
According to the report by PhishMe, global attacks of this sort - using electronic communication to obtain sensitive information for malicious reasons - stood at 1,220,523 in 2017 - a 65% increase as opposed to 2016.
It further found "9 out of 10 South African organisations surveyed have experienced a phishing-related incident and almost all still worry about email-related threats".
Both Wright and Pinnock suggest investing heavily in digital security products alone is not the answer.
Pinnock says a combination of training staff or users and having security programs in place could offer the best protection to a business.