4Di Privaca, the specialist Information Security & Privacy practice, has become the sole distributor of Phish5 for southern Africa. Phish5 provides hassle free Phishing as a service, offering a custom Web platform that enables businesses to quickly create, configure and run phishing campaigns using a scalable and modern cloud infrastructure.

Businesses will be able to spot who in the organisation is susceptible to phishing attacks, which users have vulnerable browser plugins, which users are happy to share their personally identifiable information (PII) and other key data.

Phishing is the number one human attack vector for most organisations. South Africa is the second-most targeted country globally, with 1 in 170,9 e-mails identified as phishing attacks. Further, the cost of phishing in 2013 in South Africa alone amounted to approximately $320-million with South Africa accounting for 5% total volume of all the phishing attacks globally. In short it is not a matter of “if” but “when” your organisation or an employee of your organisation will be targeted.

The direct losses resulting from phishing can be significant but reputational damage is often more important. Having a tool like Phish 5 at your disposal to measure the employees’ security awareness is vital.

The Phish5 campaigns recreate the very same phishing attacks your organisation faces on a daily basis. With Phish5, “phishing is the training”. Instead of showing users phishing mails in a pristine training environment, they get them unexpectedly in their routine workday when the campaigns are run. Running phishing campaigns effectively allows you to train your staff at the moment of greatest impact: when they fall foul of a phishing attack!

Phish5 will collect the campaign results which you can assess quickly and easily from the comfort of your own browser. At this point you have the option of providing immediate training ensuring impact of the training is maximised on the identified person(s).

Phish5 is flexible and allows you to run campaigns as frequently as you like. The initial campaign will allow you to establish a baseline to work from and running ongoing campaigns will allow you the facility to demonstrate return on your investment, demonstrate the positive impact the training has had and continue to monitor those people that remain prone to attacks and may need additional training.

The recently enacted Protection of Personal Information (POPI) Act will place far-reaching demands on any company, large or small, that handles PII. Organisations need to get a handle on the security awareness of their employees and other risks related to loss of PII data.