Despite an improvement in cyber preparedness, employee security awareness, and frequency of cyber training, CISOs in Singapore are less confident about their cybersecurity posture in 2022 compared to global counterparts

SINGAPORE, 17 May, 2022 – Proofpoint, Inc., a leading cybersecurity and compliance company, today released its annual Voice of the CISO report, which explores key challenges facing chief information security officers (CISOs). The 2022 report revealed that adopting hybrid working policies and cloud tools have made organisations more vulnerable to cyber threats, with 44% of CISOs in Singapore reportedly seeing more targeted attacks in 2022 since enabling widespread remote working, an uptick of 13% from 2021. 

Since flexible arrangements are preferred by the majority of Singaporeans, CISOs need to be prepared to tackle new challenges around information protection in work-from-anywhere setups – especially as 53% consider human error to be their biggest cyber vulnerability. In fact, long term hybrid work coupled with “The Great Resignation” has seen nearly half of CISOs respond that increases in employee transitions means that protecting data has become a greater challenge, with CISOs naming malicious insider attacks as the most likely vector, where employees intentionally steal company information.

Proofpoint’s report also found that CISOs in Singapore believe threat actors are likely to take advantage of the rapid adoption of cloud collaboration tools – counting cloud account compromise (e.g. Microsoft 365, Google Workspaces, etc.) as the second most significant threat targeting their organisation (33%). This perception echoes findings from Proofpoint’s earlier State of the Phish report, which saw an increase in the abuse of Microsoft and Google infrastructures.

This year’s Voice of the CISO report examines global third-party survey responses from more than 1,400 CISOs at mid-to-large size organisations across 14 countries and various different industries. In Singapore, Proofpoint interviewed over 100 CISOs over the course of Q1 2022.

“As high-profile attacks disrupted supply chains, made headlines, and prompted new cybersecurity legislation, 2021 proved to be another challenging time for CISOs around the world. But as CISOs adapt to new ways of working, it is encouraging to see that they now appear more confident about their security posture,” commented Lucia Milică, vice president and global resident CISO at Proofpoint. “As the impact of the pandemic on security teams gradually fades, our 2022 report uncovers a pressing issue. As workers leave their jobs or opt out of returning to the workforce, security teams are now managing a host of information protection vulnerabilities and insider threats.”

Additionally, the report showed that CISOs in Singapore have a higher risk perception (64%) than the reported global average (48%), highlighting that CISOs in Singapore are less confident about their cybersecurity posture than global counterparts. This is somewhat surprising, considering 61% of CISOs on the island believe that their organisation is prepared for a targeted attack in 2022.

“After spending two years bolstering their defences to support hybrid working, CISOs have had to prioritise their efforts to address cyber threats targeting today’s distributed, cloud-reliant workforce. As a result, their focus has gravitated towards preventing the most likely attacks such as business email compromise, ransomware, insider threats and DDoS,” said Yvette Lejins, resident chief information security officer (CISO), APJ at Proofpoint. “Overall, CISOs appear to have embraced 2022 as the calm after the storm but may be falling into a false sense of security. With rising geopolitical tensions and increasing people-focused attacks, the same gaps of user awareness, preparation and prevention must be plugged before the cybersecurity seas grow rough once more.”

Proofpoint’s Voice of the CISO 2022 report highlights general trends as well as regional differences among the global CISO community. Key Singapore findings include:

• There is a lack of consensus among CISOs as to the most significant threats targeting their organisation: this year, distributed denial-of-service (DDoS) attacks topped the list for CISOs in Singapore at 37% but were closely followed by Cloud Account Compromise attacks (Microsoft 365 or Google Workspace accounts being compromised) at 33% and smishing/vishing attacks at 31%. Despite dominating recent headlines, ransomware was of lesser concern at 21%.  

• Employee security awareness is on the rise, but users are still not adequately skilled for the role of cyber defence: while 59% of Singapore-surveyed respondents believe employees understand their role in protecting their organisation from cyber threats, 53% of global CISOs still consider human error to be their organisation's biggest cyber vulnerability. In the last year, 51% of CISOs in Singapore surveyed have increased the frequency of cybersecurity training for employees. 

• Ransomware headlines have largely increased cyber risk awareness among the C-Suite and driven strategy shifts: recent high-profile attacks have pushed ransomware to the top of the agenda for organisations, with 52% of CISOs in Singapore revealing they had purchased cyber insurance and 48% focusing on prevention over detection and response strategies. Despite the rising stakes, however, a concerning 56% of CISOs in Singapore admit they have no ransom payment policy in place

• While CISOs in Singapore feel slightly less pressured than their counterparts, cyber risk worries business leaders and board members: 35% of CISOs in Singapore feel that expectations on their role are excessive, down from 37% last year. However, the perceived lack of alignment with the boardroom continues with a marginal 16% of CISOs in Singapore strongly agreeing that their board sees eye-to-eye with them on issues of cybersecurity. When considering cyber risk, CISOs in Singapore listed significant downtime, disruption to operations and loss of current customers as top board concerns.

To download the 2022 Voice of the CISO report, please visit:

https://www.proofpoint.com/au/resources/white-papers/voice-of-the-ciso-report  

Visit Proofpoint’s new CISO Hub at www.proofpoint.com/us/ciso-hub, a home for CISO-level content, including insights, research, trends, technical resources, tools, and upcoming events. Each month features a timely topic uniquely relevant to the CISO role. 

Proofpoint’s 2022 Voice of the CISO Report explores three key areas: the threat risk and types of cyber attacks CISOs combat daily, the levels of employee and organisational preparedness facing them, and the impact of supporting a hybrid workforce as businesses prepare to re-open their corporate offices. It also uncovers the challenges CISOs experience in their roles, their position among the C-suite, and business expectations of their teams.

# # #

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including 75 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube 

# # #

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

PROOFPOINT MEDIA CONTACT:

Estelle Derouet
Proofpoint, Inc.
pr@proofpoint.com