By Namandla Consultants | Boksburg, Johannesburg
It was a Tuesday afternoon at a professional services firm in Sandton. The finance administrator — experienced, detail-oriented — received an urgent email appearing to come from the CEO requesting an EFT before close of business.
She did not verify. She transferred R340,000.
The CEO never sent the email.
This is a Business Email Compromise (BEC) attack — and it happens daily across South African businesses.
The Uncomfortable Truth About Cyber Risk
Cybersecurity is not just an IT problem. Firewalls and antivirus systems cannot stop human mistakes.
South Africa is among the most targeted countries globally, with millions of accounts compromised and breach incidents rising sharply every year.
The Overconfidence Problem
91% of employees believe they can detect phishing — yet most still fall victim. Confidence without verification is exactly what attackers rely on.
The Three Attacks Your Team Will Face
Phishing: Fake emails designed to steal credentials or money.
Social Engineering: Manipulating employees using urgency or authority.
Password Weakness: Reused or weak passwords allowing easy access.
Why Annual Training Fails
Once-a-year training does not work. Threats evolve faster than training cycles, and most employees forget what they learned within weeks.
What Effective Training Looks Like
- Continuous monthly training
- Real phishing simulations
- Role-based awareness
- Strong reporting culture
POPIA Compliance Risk
Under POPIA, businesses must implement reasonable security measures. Human error is not an excuse — lack of training can lead to legal and financial consequences.
What You Can Do This Week
- Enable multi-factor authentication (MFA)
- Train finance teams to verify payments
- Encourage reporting of suspicious activity
Closing Thought
Your next breach will likely start in someone’s inbox — not your firewall.