Of those surveyed, 56% are unable to identify scam calls and nearly half do not know how to verify links shared on cloud platforms

SINGAPORE, 1 December 2022 – Proofpoint, a leading cybersecurity and compliance company, released the results of a new report about how people expose their organisations to cyber threats. The 2022 Singapore User Risk Report provides that only 44% of respondents could definitely identify fraudulent calls. This makes the use of voice communications attractive to cyber criminals.

This study, which surveyed 600 working adults based in Singapore, found that the most common theme used by attackers was health related. 76% of fraudulent email in Singapore used Covid related scams, followed by banking related scams (75%) and logistics/delivery related scams (45%) in second and third place respectively.

“Organisations in Singapore have invested hundreds of millions of dollars in cybersecurity, and work hard to keep up with changing regulations,” said Jennifer Cheng, Cyber Strategist, Asia Pacific and Japan at Proofpoint. “Despite these efforts, some of the best-known brands have succumbed to phishing attacks. This proves just how critical the human factor continues to be, since cyber criminals are always looking for relationships that can be leveraged, trust that can be abused and access that can be exploited.”

Key findings highlighted in the 2022 Singapore User Risk Report include:

• 49% of Singaporean employees surveyed work remotely, blurring the lines between personal and professional life and expanding attack surfaces massively. According to Proofpoint 2022 State of the Phish Report, 54% of employees globally use their personal phones for work purposes.

• 47% of working Singaporeans surveyed either do not know how to – or are unaware that – they are able to verify links from cloud service providers. Microsoft OneDrive and Google Drive are the most common legitimate cloud infrastructure platforms used by threat actors. According to Proofpoint’s annual Human Factor Report, in 2021, 35% of cloud tenants that received a suspicious log-in also experienced suspicious file activity after the breach, revealing that privilege-based risk widens as organisations move to the cloud.

• A staggering 66% of surveyed managing directors and 75% of regional leaders are likely or very likely to share OTPs (one-time passwords) via email or messaging services if they think the person asking for it is a friend, acquaintance, or colleague. As reported within the annual Human Factor Report, high-privileged users are disproportionately targeted. Managers and executives make up only 10% of overall users within organisations, but almost 50% of the most severe attack risk.

• Attackers thrive on anxiety and lack of awareness. The top 5 themes used by cyber criminals against respondents were: Covid related (76%), banking related (75%), logistics related (45%), telco related (37%) and finances related (29%).

To download the 2022 Singapore User Risk Report, please visit: https://www.proofpoint.com/au/resources/e-books/singapore-user-risk-report

For more information on cybersecurity awareness best practices and training, please visit:

https://www.proofpoint.com/au/products/security-awareness-training

####

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 75 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.