Recent phishing attacks shatter confidence in cybersecurity controls

Flexible working arrangements, combined with increased digital engagement with customers, employees, and suppliers, have increased cybersecurity complexity for organisations in Singapore.

According to Proofpoint’s 2022 Voice of the CISO report, 44% of CISOs in Singapore reported a rise in targeted attacks in the last year since the widespread adoption of hybrid working. The report also showed that Singapore-based chief information security officers (CISOs) have a higher risk perception (64%) than the global average (48%) — revealing they are less confident about their cybersecurity posture than global counterparts.

CISO perceptions in Singapore have been influenced by highly publicised phishing attacks. Despite huge cybersecurity investments and full compliance with regulations – including those from the Monetary Authority of Singapore – some of the island state’s largest and best-known companies have recently succumbed to phishing attacks. This was the case in December last year, when customers of a leading bank lost $13.7 million in an SMS phishing scam.

By far the most common attack vector around today, phishing is not new and has been used as a gateway for disruptive attacks and data exfiltration for decades. According to Proofpoint’s report, indiscriminate ‘bulk’ phishing attacks increased by 12% in 2021, with targeted attacks even higher. Spear phishing/whaling and business email compromise (BEC) increased by 20% and 18% respectively in 2021…