"Email-borne security threats remain a major concern for local users. While individuals and companies may have the basics in place such as antivirus and anti-spyware software, these aren't always updated with appropriate frequency to keep pace with threat evolvements. This leaves systems vulnerable to newer attacks.
"Robust, up-to-date email security is as important as it has ever been," says Richard Broeke, sales manager at Securicom, a specialist provider of managed IT security services in southern Africa.
Citing from the Symantec: Internet Security Report 2013, Broeke says one in 178 emails are identified as malicious - putting the country in the top four geographies where malicious email traffic is high. Malicious code includes programmes such as viruses, worms and Trojans which are secretly installed on computer systems to destroy or compromise data or steal sensitive information.
Phishing is another major concern, with more than one in 200 emails in South Africa identified as phishing. This high phishing rate puts South Africa second only to the Netherlands. Phishing is an attempt by a third party to solicit confidential information from an individual, a group, or an organization by spoofing a specific, usually well-known brand. Users are usually tricked into revealing personal or sensitive information which phishers then use to commit fraud. Phishing emails that convincingly bear the branding of banks, well-known retail stores, and SARS are common.
Spam, a bandwidth guzzler and often used as a conduit for malicious code, is also a problem. Globally, Symantec found around 30 billion spam emails in circulation every day, accounting for 68.5% of email traffic.
Broeke explains that malicious activity typically affects computers that are connected to high-speed broadband internet because these connections offer larger bandwidth capacities, higher speeds and the prospect of constantly connected systems. "This makes it easier and more convenient for attackers and spammers to inflict systems. Generally, attackers aren't concerned about the size of the organisation. As long as there is a stable and constant connection to the internet, small businesses and individual home-users can be targets.
"In fact, small to medium-sized businesses are often perceived as softer targets because they aren't likely to have high-level security measures in place as larger corporates typically do. The fact of the matter is that no organisation of any size can afford to go bare on email security nowadays. If you're vulnerable, cyber criminals and scammers will find you. Nobody thinks it will happen to them until it does," he says.
Broeke says companies need to go beyond antivirus, anti-spam and anti-spyware software to mitigate these email threats. "Unfortunately, it is not only about stopping bandwidth wastage and preventing systems from being infected with destructive programmes. Companies need to exert greater control over the type of information that employees can send and receive over email to prevent sensitive information from being intercepted, stolen and compromised.
"Data breaches, as well as the circulation of inappropriate and offensive content, by employees can land companies in hot water, and even lead to fraud and espionage. The only way to gain visibility and control over what employees use their email for is to employ content filtering and enforce corporate email usage policies to define and limit employees' email use," he advises.
Securicom offers a premium email security and content management service, ePurifier, which effectively protects companies against internet threats coming in via email. The just-launched ePurifier Version 5, although a cloud-based system, gives companies sophisticated tools and functionality typical of on-premise systems. This includes the ability to create rules around which employees can receive certain types of emails and when, to the point that emails can be intercepted en route and re-routed to the most-appropriate person.
ePurifier is a complete message management solution encompassing comprehensive message content filtering, anti-spam, recipient validation, anti-phishing and three layers of anti-virus. It is based on best-of-breed scanning and security technologies which are packaged as an integrated solution to protect against internet threats, reduce spam, eliminate viruses, prevent phishing, and stop the circulation of inappropriate material based on individual companies' specific rules.
Because it is a cloud service, Broeke says is it extremely cost-effective for companies that do not have the budget to buy and maintain an on-premise solution of the same standard. "Companies shouldn't skimp on email security," he concludes.
For further information on Securicom, go to www.securicom.co.za.
