Staff opening suspicious emails represent one of the weakest links amid a rise in global malware attacks, according to a software security expert.  

Speaking exclusively to Fin24 at the Gartner Symposium in Cape Town this week, Michael White, product manager at information technology company Veeam, said educating staff would help curb the spread of malware.



“Very small companies that simply cannot afford security can rely on educating their staff not to open suspicious emails that could contain malware,” said White.

"The real way to avoid malware is educating your users. The idea is to make them understand that banks and credit unions, or the police department – (none of these) is ever going to  send them an email with a link in it that is connected in any way to money, or credit or their financial history," he said.

South African banks warn users to be suspicious if the process to conduct a transaction differs from the norm.

Absa, for example states: "We will never ask you to enter your entire password on our secure website; you will be asked to enter 3 random characters of your password," while FNB states: "FNB will never send you an email with a link to verify any banking transaction or details."

He added that by patching software with updates to fix or improve security, and keeping antivirus programs up to date, computers would be better protected. 

Small companies should also plan for the worst, said White. 

“Companies and individuals should plan on everything going wrong by thinking about what plans to put in place, even if it means backing up data on external hard drives,” White told Fin24. 

Due to its magnitude, severity and complexity, the WannaCry malware virus which hit between 400 000 and 1 million devices globally was the biggest of 2017, according to cybersecurity company Kaspersky Lab.

In June, Fin24 reported that hackers made less than R26 000 off the massive Petya malware attack which also affected computers globally – including thousands in South Africa.

Carey van Vlaanderen, CEO of ESET Southern Africa, told Fin24 that the financial gain was significantly lower during the Petya Attack, compared to the recent WannaCry virus. However, the virus did substantial damage to numerous machines. 

Michael White on Cyber Warfare