According to a recent global survey, less than half of Singapore CISOs were upbeat about their organizations’ email security posture.
In a survey of 1,400 CISOs from around the world, 44% of Singapore respondents felt they were at risk of suffering a material cyberattack in the next 12 months, with the Business Email Compromise emerging as the number one concern.
According to the data, only 40% of Singapore’s CISOs polled said that they had strengthened their organizations’ security posture for remote-working.
Furthermore, the survey found that half of firms listed on the Singapore Exchange (SGX)’s STI30 have not published a DMARC (Domain-based Message Authentication, Reporting & Conformance) record. DMARC verifies that the purported domain of the sender has not been impersonated, and relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to detect domain spoofing.
Additionally, only one of the STI30 companies observed had implemented the recommended (strictest) deployment that block malicious emails from reaching intended targets. The rest were assumed to not be using established best practices for email security and authentication.
According to Alex Lei, Senior Vice President (APJ), Proofpoint, the firm that commissioned the survey: “Email continues to be the number one threat vector, comprising over 90% of targeted cyberattacks. With firms adopting hybrid work arrangements, securing this vector has never been more important.”
Lei recommended that firms implement robust email defenses and inbound threat blocking capabilities that includes deploying DMARC email authentication protocols, “combined with cybersecurity awareness programs that train users to spot and report malicious emails.”
The firm’s country manager for South Asia and Korea, Maiwand Youssofzay, added that “DMARC requires deep expertise to successfully implement as well as significant time and resources to gain knowledge of how email authentication works,” but when properly managed, can spot and block malicious emails without weeding out legitimate ones.