Can businesses really protect their customers?

Issue 5 2021 Cyber Security

The business and private use of technology has been continuously growing for years, but the massive global switch to remote working has led to a veritable explosion of attack surfaces, significantly increasing the opportunities for cyber-criminals to exploit. Recent local examples, including the attack on Transnet’s port IT infrastructure, demonstrate that the constantly evolving threat landscape and the increasing sophistication of attacks means that cybersecurity must remain top-of-mind.

After all, explains Ilonka Badenhorst, managing executive at the Wireless Application Service Providers Association (WASPA), the consequences of such attacks can be severe. Anything from production and revenue losses to regulatory fines, reputational damage and the potential shutdown of critical infrastructures may be the result.

“While security trend experts point to the fact that the threat of ransomware is becoming more targeted and sophisticated and that cyber-criminals are now exploiting artificial intelligence (AI) for criminal gain, the simple spam email or SMS continues to cause untold havoc,” she notes.

“Spam is usually sent for commercial purposes – promoting a product or a service – but can easily be criminal in nature instead. In such instances, it is about trying to persuade the recipient to visit a malicious website, or to disclose personal information that can be used to commit fraud.”

In fact, according to Evina’s Q1 report on fraud in SA, some 76% of fraudulent activity in SA last year was as a result of clickjacking. This is where the user is tricked into clicking on a hidden payment button, which is disguised as a different button to the eyes of the user.

A further 17% of the remaining fraud is accounted for by Bypass Fraud – when you click on a fraudulent link accidentally and it shortcircuits the process flow, enabling payments to be made without clicks – and spoofing. The latter is where there is the theft of the network/SIM identity of users by fraudsters, to make a payment on their behalf.

Track that spam SMS

“It was with this context in mind, that we developed the SMS codes project at WASPA to help consumers fight back by launching a new feature to identify the owner of a short code, long code or USSD code – and so track down the sender of unsolicited commercial messages,” she continues. “If customers suspect fraudulent or questionable activity from a number, they have the option to send a query on the platform for assistance. These codes will be investigated and reported to the relevant service provider.”

Consumers should also make sure they understand the Protection of Personal Information Act (PoPIA) and why they need to take better care of their personal data, especially when engaging via mobile and WASPs. It is, she adds, about understanding how the service providers and mobile service platforms are managing their data and what they are unknowingly subscribing to.

A significant number of fraudulent activities occur as a result of avoidable data breaches – such as where unauthorised third parties obtain access to the personal information held by an organisation. While there is no ‘one-size-fits-all’ approach to the appropriate organisational and security measures that should be taken, a good start can be made with proper security training. Employees should receive training on the dangers of spam and how easy it is to get duped into opening a link or an attachment from an unauthorised sender.

Extend training into eCommerce

Yaron Assabi, founder and CEO of Omni Channel Commerce enabler, Digital Mall, suggests that it is vital for eCommerce platforms to ensure they manage personal data with care, by giving consumers the option of removing their personal data from the platform, also known as the ‘The right to export their data or the right to be forgotten’ once their transaction is complete.

“It is equally important for an effective spam response to be easily accessible to consumers. This is why we added SpamResponse platform from WMC Global. This allows users to report their experiences with unwanted or malicious messaging, with the app collecting the message date and time stamp, mobile network operator, spammer’s phone number and links and the exact message content, sans editorial commentary,” indicates Assabi.

“In addition, it can collect WhatsApp, WeChat and Robocalls, while at the same time ensuring that no personal data from the enquirer is collected, meaning each report remains anonymous.”

As far as WASPA is concerned, the reality is that spam is far more of a problem than merely being unwanted or unsolicited messages. “Cyber-crime is a tangible threat that is active 24/7 and it is more vital than ever to ensure that your customers’ – and your own personal – private information is kept confidential. Measures must be put in place and steps taken to prevent such critical data being harvested via spam or any other means,” concludes Badenhorst.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Intelligently adapting African cities for a better as well as a safer life
Government and Parastatal (Industry) Cyber Security
Smart buildings and cities therefore require as much a security-centric approach as they do an environmentally sustainable one.

Smart city, smarter security
Government and Parastatal (Industry) Cyber Security
Henk Olivier, MD of Ozone Information Technology Distribution, unpacks the importance of smart and secure in the city of the future.

Tackling cyber threats in the post-pandemic era
Cyber Security
Cybercrime costs are expected to increase by 15% each year over the next five years, reaching US$ 10,5 trillion by 2025.

Cybersecurity for the board of directors
Editor's Choice Cyber Security
Bike-shedding is a common distraction in boardrooms, especially when discussing issues board members are responsible for, but don’t understand – like cybersecurity.

Make connected home security as easy as plugging in a router
Cyber Security IT infrastructure
Service providers can now deploy gateway security services for the entire home in weeks, not months.

Changing cybersecurity in South Africa
News Cyber Security
NEC XON plans to change cybersecurity solutions in South Africa, helping customers balance risk management and cybersecurity investment, transform capex to opex and automate activities to reduce costs through managed security services.

Cybersecurity for operational technology: Part 3
Cyber Security Industrial (Industry)
According to a recent World Economic Report, the Covid-19 pandemic has increased our reliance on the global supply chain, while the Internet has accelerated the digitisation of business processes.

App-less authentication offers business, security benefits
Cyber Security
GSM authentication offers an app-less, truly out-of-band, secondary factor that is both low friction and simple to implement for companies looking to protect all customers against fraud.

Cloud can cut your security risks
Cyber Security
Todd Schoeman, BT client business director in South Africa, explores the ways that organisations can reduce security risk by using the cloud.

Combating fraud in the digital world with the support of AI
Cyber Security
With technology evolving and people embracing the likes of mobile wallets, banking apps and other solutions to manage transactions, businesses must rethink how best to bolster anti-fraud mechanisms.