Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Industry and technology leaders provide parochial insights on AI trust...
HOSTWAY gains 73% operational efficiency for private cloud operations ...
Cyber education in schools: The overlooked frontline of national secur...
Interpol’s Africa-wide cybercrime crackdown nets 260 sextortion, roman...
Senetas Achieves PKTN Certification: A Milestone for Malaysia’s ...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      Securing collaboration and data in the agentic workspace

      Securing collaboration and data in the agentic workspace

      Thursday, September 25, 2025, 4:58 PM Asia/Singapore | Features, News, Newsletter, Tips
    • Featured

      Clearing away the shadows of AI

      Clearing away the shadows of AI

      Tuesday, September 23, 2025, 5:33 PM Asia/Singapore | Features, Newsletter
    • Featured

      Opportunities or challenges? 6 digital trends in the Oil and Gas industry

      Opportunities or challenges? 6 digital trends in the Oil and Gas industry

      Tuesday, September 23, 2025, 4:55 PM Asia/Singapore | Features, Newsletter, Opinions
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

Tips

Workplace phishing vulnerabilities exposed: Essential tips for SMEs and organizations worldwide

By CybersecAsia editors | Tuesday, April 8, 2025, 3:01 PM Asia/Singapore

Workplace phishing vulnerabilities exposed: Essential tips for SMEs and organizations worldwide

Learn how phishing scams exploit workplace vulnerabilities, and discover expert tips to strengthen defenses with AI, zero-trust, and employee awareness

In a recent nationwide “Total Defence” (sic) campaign in Singapore where 4,500 employees (80% of whom were from small- and medium- sized enterprises [SMEs]) were sent emails with phishing links embedded in the content, over 30% had read the emails, and about 17% had actually been tricked to activate the URLs.

About 5% had reported the phishing emails, compared with the global industry reporting rate of 18%. Those on internal communications had garnered the highest click rate, suggesting that, in the workplace, employees were generally less guarded about the authenticity of emails claiming to originate from within the organization — particularly those in SMEs.

What lessons can be picked up from the results? Two spokespersons from cybersecurity agencies have offered their recommendations here.

Seeing beyond phishing click rates

According to Abhishek Kumar Singh, Head, Security Engineering, Check Point Software Technologies (Singapore), the real priority is not just in lowering the click rate on phishing links, but about “building a stronger security posture through layered defenses.”

This means equipping employees with better cyber security awareness, using AI-driven phishing detection, and enforcing zero-trust policies to reduce risk. Beyond just measuring clicks, businesses should track how often employees submit credentials, download attachments, or report phishing attempts — these deeper insights reveal the actual exposure to threats. Also:

  • To counter phishing, organizations need smarter security measures. Filtering out malicious content before it reaches users; using AI to detect suspicious emails; and flagging unusual user behavior patterns can stop threats before they escalate.
  • Zero-trust security should be the standard, with multi-factor authentication, adaptive login security, and automated incident responses helping to contain threats early.
  • Simulating phishing attempts with real-world attack scenarios can also help employees recognize and resist scams.
  • At the individual level, always double-check sender details, avoid clicking unfamiliar links, and enable multi-factor authentication for critical accounts.
  • At the corporate level, teams should focus on providing ongoing security training, proactive defenses, and strong access controls to stay ahead of evolving phishing threats.

Singh added: “On a technical level, businesses should ensure their email systems can block spoofed emails using authentication tools like DomainKeys Identified Mail, Sender Policy Framework, and Domain-based Message Authentication, Reporting, and Conformance. Scanning suspicious links, analyzing email patterns with AI, and tapping into real-time threat intelligence can also prevent credential theft and malware attacks.”

Stronger security starts with awareness

According to Patrick Tiquet, VP (Security & Compliance), Keeper Security: “Attackers frequently exploit internal communications so as not to arouse suspicion, making it critical for organizations to implement email authentication protocols such as DMARC, and foster a culture where employees question messages that don’t seem quite right and verify them before acting. Also:

  • Beyond providing continual phishing-awareness training, SMEs should enforce strong password management, enable multi-factor authentication and use privileged access controls to limit the damage from compromised credentials.
  • The low reporting rate of phishing emails is also concerning: security teams cannot defend against threats they do not know about.
  • Encouraging employees to report suspicious emails and automating threat detection are critical steps in strengthening defenses.

What about employees elsewhere?

The phishing test involved mostly those in SMEs in Singapore. What about those in larger corporations in and outside of the country?

Generally, while the results of Singapore-based phishing test have highlighted specific vulnerabilities within the country’s SMEs, they also serve as a general wake-up call to organizations around the world. Remember:

  • Phishing is not confined by borders — it is a universal threat that evolves with technological advancements, such as AI-driven attacks and multi-channel phishing campaigns.
  • Organizations worldwide must recognize that effective defense requires a blend of cutting-edge technologies such as AI-powered detection systems and robust human-centric strategies, including behavior-based training and proactive reporting mechanisms.
  • By fostering a culture of vigilance and continuously updating security measures, businesses and organizations (yes, not every organization is a business, and could be a non-profit, a governmental organization or !) everywhere can stay ahead of this ever-changing threat landscape and protect their assets, reputation, and people.

Share:

PreviousIn a perimeter-less world, identity is the foundation of security
NextWhen do rival ransomware-as-a-service groups co-operate in competition?

Related Posts

Cybercriminals are waiting to prey on Olympics fans as a sport  

Cybercriminals are waiting to prey on Olympics fans as a sport  

Friday, July 26, 2024

Understanding perennial social media risks and remaining vigilant

Understanding perennial social media risks and remaining vigilant

Thursday, September 26, 2024

Five tips to integrate DevSecOps holistically

Five tips to integrate DevSecOps holistically

Saturday, March 30, 2024

Ten 2025 cyber predictions hinging on major 2024 cyber incidents          

Ten 2025 cyber predictions hinging on major 2024 cyber incidents          

Friday, January 3, 2025

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • HOSTWAY gains 73% operational efficiency for private cloud operations  

    HOSTWAY gains 73% operational efficiency for private cloud operations  

    With NetApp storage solutions, the Korean managed cloud service provider offers a lean, intelligent architecture, …Read more
  • CISOs can navigate emerging risks from autonomous AI with a new security framework

    CISOs can navigate emerging risks from autonomous AI with a new security framework

    See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
  • MoneyMe strengthens fraud prevention and credit decisioning

    MoneyMe strengthens fraud prevention and credit decisioning

    Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.