Catching the Big Phish – A case study at UNISA
Case Study: Catching the Big Phish
Cyber Threat Protection Using Your First And Last Layer of Defence – Your Users!
University of South Africa uses KHIPU’s simulated phishing and associated training services to reduce its risk from phishing attacks.
South Africa’s largest university, and a global leader in distance learning, The University of South Africa (UNISA) faces some of the biggest challenges when it comes to mitigating cyber threats posed to its environment. Like all organisations, reducing the risk and exposure of phishing attacks is something that is at the forefront of the fight against cyber-crime.
The University’s security analysts needed more than just raw data to plan intelligent vulnerability management tactics.
‘We get thousands of emails every day from external sources, some legitimate, some with ill intent. We needed to generate awareness within the University of what Phishing emails look like and what to be aware of when receiving emails.
It is so easy to miss something small within an email, personal or work related, and assume it is a legitimate email as not all users are aware of the indicators of risk’
Musa Mfeka, Deputy Director: Networks and Communications
It is estimated that, globally, billions of fake emails[1] are sent every day in an attempt bypass traditional cyber-security silos, with 90% of successful breaches in the last year having resulted from phishing.
With over 200 000 users within its landscape, the problem UNISA faced was mammoth but not insurmountable.
[1] https://www.valimail.com/resources/email-fraud-landscape-q2-2019/
‘We decided to change our approach in terms of how we got the message to our users and we needed a team of experts to help develop, deliver and report on how vulnerable we are to phishing emails. Beyond this, we needed to implement a long term plan to fight back against cyber-crime, one that the entire institution could buy into, the KHIPU team were able to deliver exactly this. Their team of experts assisted in the customised simulated phishing campaigns, the delivery of the simulated phishing emails to various departments within the university as well as training our ‘at risk’ users in an effective, non-intrusive fashion and we are already reaping the benefits’
Mervyn Christoffels, Executive Director: ICT Systems and Operations
Cyber-criminals have realised that their time is best spent trying to attack the one area institutions are unable to fully control, its users.
This trend is not likely to change in the near future with more and more organisations falling prey to the various type of phishing scams which have now become commonplace, UNISA have invested in its own staff and students to ensure that they aren’t the next big phish.
“Awareness is vital and our service helps organisations understand their risk to these types of cyber-attacks both from a user awareness and security infrastructure perspective. This allows to then provide the right recommendations based upon the findings. The isn’t just about sending emails to users and providing a report, we work in partnership with our customers to develop and implement a cyber security strategic plan that gives them contextual insights into their security systems, processes and users.’
Chris Butler, Business Development Manager
Musa Mfeka, Deputy Director: Networks and Communications
"We get thousands of emails every day from external sources, some legitimate, some with ill intent. We needed to generate awareness within the University of what Phishing emails look like and what to be aware of when receiving emails. It is so easy to miss something small within an email, personal or work related, and assume it is a legitimate email as not all users are aware of the indicators of risk"
Mervyn Christoffels, Senior ICT Executive Leader
"We decided to change our approach in terms of how we got the message to our users and we needed a team of experts to help develop, deliver and report on how vulnerable we are to phishing emails. Beyond this, we needed to implement a long term plan to fight back against cyber-crime, one that the entire institution could buy into, the KHIPU team were able to deliver exactly this. Their team of experts assisted in the customised simulated phishing campaigns, the delivery of the simulated phishing emails to various departments within the university as well as training our ‘at risk’ users in an effective, non-intrusive fashion and we are already reaping the benefits"
Register Your Interest
I agree to receive communication on newsletters, promotional content, offers and events.
Your information is confidential, KHIPU never sells or shares contact information.