New
research
from
KnowBe4
has
revealed
that
less
than
half
(45%)
of
Singaporean
IT
decision-makers
say
they
are
concerned
about
phishing
as
a
risk
to
their
organisation.
This
is
a
drop
from
the
53%
reported
in
2021.
More
interesting
is
that
even
fewer
IT
decision-makers
are
concerned
with
Business
Email
Compromise
(BEC).
Only
30%
of
IT
Decision
makers
were
concerned,
compared
to
40%
in
2021.
37%
of
Singaporean
IT
Decision
makers
say
that
they
are
confident
they
would
know
the
steps
to
take
following
a
cyber
incident
or
data
breach
in
their
organisation.
This
is
down
from
51%
in
2021.
As
for
employees,
there
are
several
worrying
revelations.
Less
than
half
(47%)
of
respondents
believed
their
organisation’s
employees
could
understand
the
risks
of
falling
victim
to
a
cyber
attack.
This
figure
was
54%
for
comparison
in
2021.
Under
four
of
ten
(37%)
were
confident
that
employees
could
recognise
phishing
and
BEC
emails,
and
41%
were
confident
that
their
employees
reported
all
suspicious
emails.
“When
those
charged
with
keeping
a
business
secure
are
unaware
of
the
risks
and
employees
are
unable
to
identify
scam
emails
and
SMS
messages,
their
organisations
are
at
significant
risk,”
says
Jacqueline
Jayne,
Security
Awareness
Advocate
for
APAC,
KnowBe4.
“According
to
the
Singaporean
Police
Force,
Singaporeans
lost
$660.7
million
in
2022,
almost
S$1.3
billion
in
the
past
two
years.
If
those
in
charge
of
security
are
unaware
of
best
practices,
then
they
cannot
educate
and
train
employees.”
Employees’
behaviour
putting
organisations
at
risk
Over
a
third
(34%)
of
Singaporean
office
workers
admitted
to
using
the
same
password
for
multiple
accounts,
which
is
concerningly
similar
to
2021
at
31%.
As
for
employee
behaviour,
13%
of
employees
of
all
age
groups
admitted
to
using
their
work
phones
for
personal
activities.
More
than
57%
of
employees
reported
that
they
did
not
think
using
their
work
phone
incorrectly
was
a
security
risk
to
their
employer.
In
better
news,
61%
said
they
never
engage
with
suspicious
emails,
with
57%
not
engaging
with
suspicious
SMSs.
Just
37%
of
respondents
said
they
consistently
report
suspicious
emails
and
SMSs
to
the
IT
team
responsible
for
cybersecurity.
“When
employees
are
using
their
work
email
address
for
personal
activities
such
as
online
shopping,
they
are
much
more
likely
to
fall
victim
to
a
phishing
attack
that
uses
a
hook
such
as
delivery
delays
to
entice
the
victim
to
click
through.
Having
a
clear
separation
between
work
and
personal
activities
makes
it
much
easier
to
spot
when
an
email
is
a
scam
–
if
you
know
you
never
shop
online
using
your
work
email
address,
then
you
know
that
email
from
Amazon
cannot
be
real,”
explains
Jayne.
“How
employees
perceive
their
role
is
a
critical
factor
in
sustaining
or
endangering
the
security
of
the
organisation,”
explains
Jayne.
“It
is
imperative
that
employees
are
educated
on
securing
not
only
their
professional,
but
personal
environments.
What
they
learn
and
how
they
incorporate
into
everyday
behaviours
and
attitudes
is
then
completely
transferable
into
their
personal
lives
and
will
protect
their
own
data.”
Younger
employees
are
the
most
risky
KnowBe4’s
research
broke
down
respondents
by
age
group
and
had
some
interesting
findings.
Millennial
office
workers
are
more
likely
to
be
confident
in
distinguishing
real
emails
from
fake/scam
emails
at
57%,
compared
to
Gen
Z
at
42%,
Gen
X
at
39%,
and
Baby
Boomers
at
43%.
Millennials
are
also
more
likely
to
not
engage
with
suspicious
SMSs
at
63%
compared
to
Gen
Z
at
47%
and
Baby
Boomers
at
48%.
One
area
of
concern,
however,
is
that
Millennials
are
more
likely
to
use
the
same
password
for
multiple
accounts
at
39%
compared
to
Gen
X
at
28%.
They
also
believe
using
their
work
email
for
personal
purposes
isn’t
a
risk
to
themselves
(53%
compared
to
Gen
X
at
60%)
or
their
employer
(51%
compared
to
Baby
Boomers
at
66%).
About Author
