SINGAPORE: A recent survey by cybersecurity firm Proofpoint has revealed a decline in successful phishing attacks targeting Singaporean organizations in 2023. However, despite this positive trend, the study highlights a worrisome rise in risky behavior among employees, posing potential cybersecurity threats.
According to Proofpoint’s 2024 State of the Phish report, 68% of surveyed organizations in Singapore reported at least one successful phishing attack last year, marking a notable decline from 72% in 2022.
Similarly, instances of successful ransomware infections saw a decrease, with 66% of respondents affected, down by three percentage points from the previous year.
Alarming findings emerged regarding employee behavior, as the survey disclosed that 70% of working adults admitted to engaging in risky actions knowingly, compromising their organization’s cybersecurity. The top reasons cited for such actions included convenience (64%), leading employees to reuse or share passwords, click on links from unknown senders, or share credentials with untrustworthy sources.
Other contributing factors included a desire to save time (41%) and a perceived sense of urgency (28%).
Despite the decline in successful phishing incidents, the impact of cyber attacks remains significant. The survey indicates a staggering 449% surge in reports of financial penalties, including regulatory fines, and an 18% increase in reports of reputational damage resulting from cyber attacks.
Ryan Kalember, Chief Strategy Officer at Proofpoint, emphasized the pivotal role individuals play in an organization’s security posture. He noted that 74% of breaches still revolve around the human element. Kalember highlighted the importance of not just creating awareness but also fostering behavior change, saying “While fostering a security culture is important, training alone is not a silver bullet. The challenge is now not just awareness but behavior change.”
As organizations navigate the evolving landscape of cybersecurity threats, addressing employee behaviors and promoting a proactive security culture emerges as a crucial aspect of safeguarding against potential breaches.