Intelligent CIO Africa Issue 20 - Page 29

+ EDITOR’S QUESTION ANTON JACOBSZ, MD OF NETWORKS UNLIMITED AFRICA /////////////////// P hishing is the fraudulent practice of sending e-mails, supposedly from a trustworthy source, to entice individuals to reveal personal and account information such as usernames, passwords and credit card numbers in an ultimate attempt to steal or extort money. From an IT perspective, you can combat business e-mail fraud attacks by establishing a DMARC record on your company domain, so that messages spoofing your real domain do not get delivered; and you can make sure that your e-mail provider can enable two-factor authentication on your e-mail accounts to prevent an attacker from hacking into your accounts and using them to send fraudulent messages. Additionally, it’s advisable to adopt a comprehensive anti-phishing programme that empowers your employees to assist in fighting business e-mail fraud scams. This introduction of humans as part of the security layer is a fundamentally different approach to cybersecurity from relying on IT support and technology applications only. Mental fatigue can set in, when people are exposed to such high volumes of messaging, meaning that they are more vulnerable to phishing attacks simply because of the high volume of mails to process. Anti-phishing solutions are available which are designed to train people to think differently about their e-mails, particularly unsolicited messages. For example, a comprehensive human phishing defence platform that is offered by Networks Solutions Africa involves the following steps: • Enabling your employees to recognise a phish threat through realistic phishing simulations • Giving them tools to report it through a simple click • Having your company’s IT technicians then quickly respond to the threat • Having technicians worldwide continue with ongoing research to gather www.intelligentcio.com “ THIS INTRODUCTION OF HUMANS AS PART OF THE SECURITY LAYER IS A FUNDAMENTALLY DIFFERENT APPROACH TO CYBERSECURITY. information about potential threats in the future At the heart of this solutions set is the recognition that an organisation’s employees need to be empowered to heighten their awareness of the thinking and methodology that cyberattackers use, so that they are able to recognise a phishing e-mail when it lands in their mailbox. As e-mail-related threats remain one of South Africa’s biggest security concerns, we know that we will be able to continue offering a solution that sits at the intersection of human intelligence and technology – reminding us that technology alone isn’t the answer to phishing attacks. INTELLIGENTCIO 29