Proofpoint today released the results of a new survey on how people expose their organisations to cyber threats.
The report, 2022 Singapore User Risk Report found that only 44% of respondents can definitely identify fraudulent calls. This makes the use of voice communications all the more attractive to cyber criminals, which could account for why more than 3 in 4 professionals receive scam calls, text and emails at least once a week.
This study, which surveyed 600 working adults based in Singapore, found that the most common theme used by attackers was health related. 76% of fraudulent email in Singapore used Covid related scams, followed by banking related scams (75%) with logistics/delivery related scams (45%) in second and third place respectively.
“Organisations in Singapore have invested hundreds of millions of dollars in cybersecurity, and work hard to keep up with changing regulations,” said Jennifer Cheng, Cyber Strategist, Asia Pacific and Japan at Proofpoint. “Despite these efforts, some of the best-known brands have succumbed to phishing attacks. This proves just how critical the human factor continues to be, since cyber criminals are always looking for relationships that can be leveraged, trust that can be abused and access that can be exploited.”
Key findings highlighted in the 2022 Singapore User Risk Report found that:
- 49% of Singaporean employees work remotely, blurring the lines between personal and professional life and expanding attack surfaces massively. According to Proofpoint 2022 State of the Phish Report, 54% of employees globally use their personal phones for work purposes.
- 47% of working Singaporeans either do not know how to – or are unaware that – they are able to verify links from cloud service providers. Microsoft OneDrive and Google Drive are the most common legitimate cloud infrastructure platforms used by threat actors. According to Proofpoint’s annual Human Factor Report, in 2021, 35% of cloud tenants that received a suspicious log-in also experienced suspicious file activity after the breach, revealing that privilege-based risk widens as organisations move to the cloud.
- A staggering 66% of managing directors and 75% of regional leaders are likely or very likely to share OTPs (one-time passwords) via email or messaging services if they think the person asking for it is a friend, acquaintance or colleague. As reported within the annual Human Factor Report, high-privileged users are disproportionately targeted. Managers and executives make up only 10% of overall users within organisations, but almost 50% of the most severe attack risk.
- Attackers thrive on anxiety and lack of awareness. The top 5 themes used by cyber criminals were Covid related (76%), banking related (75%), logistics related (45%), telco related (37%) and finances related (29%).
You can read the full report here.