Published on November 9, 2023, 6:29 am

Proofpoint’s recent report, “The Human Factor 2022,” highlights a startling number of malware-laden messages attempting to deliver ransomware attacks. While it doesn’t mean that all 20 million messages resulted in successful attacks, it raises concerns about the state of cybersecurity. This revelation urges CIOs, CISOs, and CTOs to explore viable options for combating the ever-growing threat landscape.

At a media briefing by Proofpoint in Asia-Pacific and Japan, Alex Lei, Senior Vice President, sheds light on cybersecurity nuances specific to the region and offers strategies for addressing these alarming threats.

Proofpoint’s research unveils that cyberattacks vary across the Asia Pacific. The “2022 State of the Phish” report reveals stark differences in cyber-attacks between Australia and Japan, both falling within the Asia Pacific region. Interestingly, around 80% of Australian organizations experienced high incidents of ransomware—surpassing the global average of 68%. Conversely, Japan witnessed fewer-than-average effects from most threats.

It is important to note that while cyber-attacks target different countries separately, their potential impact remains equally detrimental. A single successful phishing attack can expose organizations to significant consequences such as financial losses and compromised credentials.

Additionally, risk factors like long-term hybrid work models and an influx of employees due to the “Great Resignation” contribute to increased insider threats. Uncertainty regarding proper protocols and data boundaries exacerbates these risks further. For instance, Singapore has seen a rise in cyber-attacks related to remote work arrangements—an uptick of 13% since 2021.

One particular threat garnering attention is smishing (SMS phishing), which has witnessed an over 80% global increase in 2021. Smishing preys on human biases towards urgency and loss aversion—a combination that holds powerful sway over mobile phone users who trust mobile communications implicitly. Notably, click rates on URLs in mobile messaging are eight times higher than those in emails globally.

The digitization efforts in Asia have proven to be catalysts for smishing attacks. Organizations sending updates via SMS, including notable lures like parcel/package deliveries, banking and finance, government communications, consumer brands, and telecommunications, all contribute to the rise of this threat. Additionally, mobile messaging’s prevalence over email lends itself as an easy vehicle for distributing malicious links.

To counter these pervasive threats, organizations must adopt a people-centric approach to prevention. Evaluating vendors and products offers insights into resource allocation and risk management. While technical specifics matter, human factors often play a central role in an attack’s success. Training employees to identify and report suspicious content can prevent attacks while highlighting vulnerable individuals who require additional support.

Implementing risk-based controls is crucial. Utilizing solutions that neutralize threats by applying security layers safeguards even the most susceptible users—assuming that users will eventually encounter some form of threat is key. Isolating risky websites and URLs serves as an essential defense mechanism against URL-based threats.

Maintaining up-to-date security policies and regulations is another effective tactic. One case study involves a large Singaporean financial institution experiencing one of its largest smishing attacks last December—affecting 470 customers who lost S$13.7 million during the festive period alone. Cyber attackers employed spoofing techniques to clone the bank’s legitimate communication channels—prompting the government to introduce measures like the SMS Sender ID Registry (SSIR) requiring organizations to register using Unique Identity Numbers (UENs).

As cyber threats continue to evolve and proliferate, organizations must stay vigilant by employing proactive strategies and leveraging available resources before potential damage occurs.


Comments are closed.