“Catching the Big Phish” – A Case Study at UNISA
Cyber Threat Protection Using Your First And Last Layer of Defence – Your Users!
South Africa’s largest university and a global leader in distance learning, The University of South Africa (UNISA) faces some of the biggest challenges when it comes to mitigating cyber threats posed to its environment. Like all organisations, reducing the risk and exposure of phishing attacks is something that is at the forefront of the fight against cyber-crime. The University’s security analysts needed more than just raw data to plan intelligent vulnerability management tactics.
As part of UNISA’s cyber security strategy to reduce its risk from cyber threats associated with phishing, UNISA chose KHIPU’s simulated phishing and associated training service, as they needed to understand the University’s exposure to phishing attacks, allowing them to implement sufficient staff training and cyber security enhancements. The service uses simulated phishing attacks to assess how users react to phishing emails so that the right level of awareness training can be provided to educate them on cyber security and data breach prevention (personal and work-related).
‘We get thousands of emails every day from external sources, some legitimate, some with ill intent. We needed to generate awareness within the University of what Phishing emails look like and what to be aware of when receiving emails. It is so easy to miss something small within an email, personal or work-related, and assume it is a legitimate email, as not all users are aware of the indicators of risk’ – Musa Mfeka, Deputy Director: Networks and Communications
It is estimated that, globally, billions of fake emails are sent every day in an attempt to bypass traditional cyber-security silos, with 90% of successful breaches in the last year having resulted from phishing. With over 200,000 users within its landscape, the problem UNISA faced was mammoth, but not insurmountable.
‘We decided to change our approach in terms of how we got the message to our users, and we needed a team of experts to help develop, deliver and report on how vulnerable we are to phishing emails. Beyond this, we needed to implement a long term plan to fight back against cyber-crime, one that the entire institution could buy into, the KHIPU team were able to deliver exactly this. Their team of experts assisted in the customised simulated phishing campaigns, the delivery of the simulated phishing emails to various departments within the university, as well as training our ‘at risk’ users in an effective, non-intrusive fashion and we are already reaping the benefits’ – Mervyn Christoffels, Executive Director: ICT Systems and Operations
Cyber-criminals have realised that their time is best spent trying to attack the one area institutions are unable to fully control, its users. This trend is not likely to change in the near future with more and more organisations falling prey to the various types of phishing scams that have now become commonplace. UNISA has invested in its own staff and students to ensure that they aren’t the next big phish.