Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Experts urge action on May 2025 Patch Tuesday zero-days, highlight leg...
Haute couture, faible sécurité: luxury retailer’s data leak leaves cus...
Admitad Launches OEM Advertising Division to Drive Mobile Growth throu...
Navigating blockchain adoption amid rising security challenges
Scattered Spider: still spinning phishing webs on corporate land?
LOGIN REGISTER
CybersecAsia
  • Conference 2025
  • Features
    • Featured

      Navigating blockchain adoption amid rising security challenges

      Navigating blockchain adoption amid rising security challenges

      Wednesday, May 14, 2025, 12:32 PM Asia/Singapore | Features
    • Featured

      Backups are not enough for cyber resilience

      Backups are not enough for cyber resilience

      Monday, May 5, 2025, 4:49 PM Asia/Singapore | Features
    • Featured

      MSPs the first line of defense for APAC SMEs

      MSPs the first line of defense for APAC SMEs

      Tuesday, April 15, 2025, 1:30 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2024
  • Directory
  • E-Learning

Select Page

LOGIN REGISTER
  • Conference 2025
  • Features
    • Featured

      Navigating blockchain adoption amid rising security challenges

      Navigating blockchain adoption amid rising security challenges

      Wednesday, May 14, 2025, 12:32 PM Asia/Singapore | Features
    • Featured

      Backups are not enough for cyber resilience

      Backups are not enough for cyber resilience

      Monday, May 5, 2025, 4:49 PM Asia/Singapore | Features
    • Featured

      MSPs the first line of defense for APAC SMEs

      MSPs the first line of defense for APAC SMEs

      Tuesday, April 15, 2025, 1:30 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2024
  • Directory
  • E-Learning
Tips

Workplace phishing vulnerabilities exposed: Essential tips for SMEs and organizations worldwide

By CybersecAsia editors | Tuesday, April 8, 2025, 3:01 PM Asia/Singapore

Workplace phishing vulnerabilities exposed: Essential tips for SMEs and organizations worldwide

Learn how phishing scams exploit workplace vulnerabilities, and discover expert tips to strengthen defenses with AI, zero-trust, and employee awareness

In a recent nationwide “Total Defence” (sic) campaign in Singapore where 4,500 employees (80% of whom were from small- and medium- sized enterprises [SMEs]) were sent emails with phishing links embedded in the content, over 30% had read the emails, and about 17% had actually been tricked to activate the URLs.

About 5% had reported the phishing emails, compared with the global industry reporting rate of 18%. Those on internal communications had garnered the highest click rate, suggesting that, in the workplace, employees were generally less guarded about the authenticity of emails claiming to originate from within the organization — particularly those in SMEs.

What lessons can be picked up from the results? Two spokespersons from cybersecurity agencies have offered their recommendations here.

Seeing beyond phishing click rates

According to Abhishek Kumar Singh, Head, Security Engineering, Check Point Software Technologies (Singapore), the real priority is not just in lowering the click rate on phishing links, but about “building a stronger security posture through layered defenses.”

This means equipping employees with better cyber security awareness, using AI-driven phishing detection, and enforcing zero-trust policies to reduce risk. Beyond just measuring clicks, businesses should track how often employees submit credentials, download attachments, or report phishing attempts — these deeper insights reveal the actual exposure to threats. Also:

  • To counter phishing, organizations need smarter security measures. Filtering out malicious content before it reaches users; using AI to detect suspicious emails; and flagging unusual user behavior patterns can stop threats before they escalate.
  • Zero-trust security should be the standard, with multi-factor authentication, adaptive login security, and automated incident responses helping to contain threats early.
  • Simulating phishing attempts with real-world attack scenarios can also help employees recognize and resist scams.
  • At the individual level, always double-check sender details, avoid clicking unfamiliar links, and enable multi-factor authentication for critical accounts.
  • At the corporate level, teams should focus on providing ongoing security training, proactive defenses, and strong access controls to stay ahead of evolving phishing threats.

Singh added: “On a technical level, businesses should ensure their email systems can block spoofed emails using authentication tools like DomainKeys Identified Mail, Sender Policy Framework, and Domain-based Message Authentication, Reporting, and Conformance. Scanning suspicious links, analyzing email patterns with AI, and tapping into real-time threat intelligence can also prevent credential theft and malware attacks.”

Stronger security starts with awareness

According to Patrick Tiquet, VP (Security & Compliance), Keeper Security: “Attackers frequently exploit internal communications so as not to arouse suspicion, making it critical for organizations to implement email authentication protocols such as DMARC, and foster a culture where employees question messages that don’t seem quite right and verify them before acting. Also:

  • Beyond providing continual phishing-awareness training, SMEs should enforce strong password management, enable multi-factor authentication and use privileged access controls to limit the damage from compromised credentials.
  • The low reporting rate of phishing emails is also concerning: security teams cannot defend against threats they do not know about.
  • Encouraging employees to report suspicious emails and automating threat detection are critical steps in strengthening defenses.

What about employees elsewhere?

The phishing test involved mostly those in SMEs in Singapore. What about those in larger corporations in and outside of the country?

Generally, while the results of Singapore-based phishing test have highlighted specific vulnerabilities within the country’s SMEs, they also serve as a general wake-up call to organizations around the world. Remember:

  • Phishing is not confined by borders — it is a universal threat that evolves with technological advancements, such as AI-driven attacks and multi-channel phishing campaigns.
  • Organizations worldwide must recognize that effective defense requires a blend of cutting-edge technologies such as AI-powered detection systems and robust human-centric strategies, including behavior-based training and proactive reporting mechanisms.
  • By fostering a culture of vigilance and continuously updating security measures, businesses and organizations (yes, not every organization is a business, and could be a non-profit, a governmental organization or !) everywhere can stay ahead of this ever-changing threat landscape and protect their assets, reputation, and people.

Share:

PreviousIn a perimeter-less world, identity is the foundation of security
NextWhen do rival ransomware-as-a-service groups co-operate in competition?

Related Posts

5 tips for an effective AppSec testing strategy

5 tips for an effective AppSec testing strategy

Friday, March 27, 2020

Nearly a quarter of corporate users still running Windows 7: study

Nearly a quarter of corporate users still running Windows 7: study

Wednesday, May 5, 2021

Lessons learned from the unintended ‘largest IT outage’ ever

Lessons learned from the unintended ‘largest IT outage’ ever

Tuesday, August 13, 2024

Four data protection and management trends to watch in 2022

Four data protection and management trends to watch in 2022

Friday, November 26, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    With only a small IT team, the digital transformation has united operations across 30 locations, …Read more
  • Automating border control and security with facial recognition technology

    Automating border control and security with facial recognition technology

    Indonesia Immigration & Seaport Authorities enhances security and speeds up border control queues at Batam …Read more
  • Securing wealth advisory services without unnecessary friction: Endowus

    Securing wealth advisory services without unnecessary friction: Endowus

    The wealth advisory platform demonstrates its non-negotiable commitment to a robust security posture through partnering …Read more
  • LifeTech group sets up next-gen security operations center in Malaysia

    LifeTech group sets up next-gen security operations center in Malaysia

    By partnering with a unified cybersecurity platform, the firm will be offering cost-effective advanced SOC …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.