Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deploy...
Conifers AI Opens Singapore Data Region, Bringing Local Data Residency...
Finally taken down: Residential proxy network of at least 2m smart dev...
DXC Opens Flagship AI-first Customer Experience Center in Bengaluru
AI speeds threat discovery as coverage gaps persist: survey
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

Tips

Workplace phishing vulnerabilities exposed: Essential tips for SMEs and organizations worldwide

By CybersecAsia editors | Tuesday, April 8, 2025, 3:01 PM Asia/Singapore

Workplace phishing vulnerabilities exposed: Essential tips for SMEs and organizations worldwide

Learn how phishing scams exploit workplace vulnerabilities, and discover expert tips to strengthen defenses with AI, zero-trust, and employee awareness

In a recent nationwide “Total Defence” (sic) campaign in Singapore where 4,500 employees (80% of whom were from small- and medium- sized enterprises [SMEs]) were sent emails with phishing links embedded in the content, over 30% had read the emails, and about 17% had actually been tricked to activate the URLs.

About 5% had reported the phishing emails, compared with the global industry reporting rate of 18%. Those on internal communications had garnered the highest click rate, suggesting that, in the workplace, employees were generally less guarded about the authenticity of emails claiming to originate from within the organization — particularly those in SMEs.

What lessons can be picked up from the results? Two spokespersons from cybersecurity agencies have offered their recommendations here.

Seeing beyond phishing click rates

According to Abhishek Kumar Singh, Head, Security Engineering, Check Point Software Technologies (Singapore), the real priority is not just in lowering the click rate on phishing links, but about “building a stronger security posture through layered defenses.”

This means equipping employees with better cyber security awareness, using AI-driven phishing detection, and enforcing zero-trust policies to reduce risk. Beyond just measuring clicks, businesses should track how often employees submit credentials, download attachments, or report phishing attempts — these deeper insights reveal the actual exposure to threats. Also:

  • To counter phishing, organizations need smarter security measures. Filtering out malicious content before it reaches users; using AI to detect suspicious emails; and flagging unusual user behavior patterns can stop threats before they escalate.
  • Zero-trust security should be the standard, with multi-factor authentication, adaptive login security, and automated incident responses helping to contain threats early.
  • Simulating phishing attempts with real-world attack scenarios can also help employees recognize and resist scams.
  • At the individual level, always double-check sender details, avoid clicking unfamiliar links, and enable multi-factor authentication for critical accounts.
  • At the corporate level, teams should focus on providing ongoing security training, proactive defenses, and strong access controls to stay ahead of evolving phishing threats.

Singh added: “On a technical level, businesses should ensure their email systems can block spoofed emails using authentication tools like DomainKeys Identified Mail, Sender Policy Framework, and Domain-based Message Authentication, Reporting, and Conformance. Scanning suspicious links, analyzing email patterns with AI, and tapping into real-time threat intelligence can also prevent credential theft and malware attacks.”

Stronger security starts with awareness

According to Patrick Tiquet, VP (Security & Compliance), Keeper Security: “Attackers frequently exploit internal communications so as not to arouse suspicion, making it critical for organizations to implement email authentication protocols such as DMARC, and foster a culture where employees question messages that don’t seem quite right and verify them before acting. Also:

  • Beyond providing continual phishing-awareness training, SMEs should enforce strong password management, enable multi-factor authentication and use privileged access controls to limit the damage from compromised credentials.
  • The low reporting rate of phishing emails is also concerning: security teams cannot defend against threats they do not know about.
  • Encouraging employees to report suspicious emails and automating threat detection are critical steps in strengthening defenses.

What about employees elsewhere?

The phishing test involved mostly those in SMEs in Singapore. What about those in larger corporations in and outside of the country?

Generally, while the results of Singapore-based phishing test have highlighted specific vulnerabilities within the country’s SMEs, they also serve as a general wake-up call to organizations around the world. Remember:

  • Phishing is not confined by borders — it is a universal threat that evolves with technological advancements, such as AI-driven attacks and multi-channel phishing campaigns.
  • Organizations worldwide must recognize that effective defense requires a blend of cutting-edge technologies such as AI-powered detection systems and robust human-centric strategies, including behavior-based training and proactive reporting mechanisms.
  • By fostering a culture of vigilance and continuously updating security measures, businesses and organizations (yes, not every organization is a business, and could be a non-profit, a governmental organization or !) everywhere can stay ahead of this ever-changing threat landscape and protect their assets, reputation, and people.

Share:

PreviousIn a perimeter-less world, identity is the foundation of security
NextWhen do rival ransomware-as-a-service groups co-operate in competition?

Related Posts

Scrubbing your organization for the Log4Shell vulnerability: a checklist

Scrubbing your organization for the Log4Shell vulnerability: a checklist

Thursday, January 13, 2022

Tips: Top 10 AD security questions CISOs must ask

Tips: Top 10 AD security questions CISOs must ask

Tuesday, August 16, 2022

Vaccinate your phone from the mobile version of coronavirus NOW!

Vaccinate your phone from the mobile version of coronavirus NOW!

Monday, April 20, 2020

How APAC’s cyber resilience strategies will change in 2026

How APAC’s cyber resilience strategies will change in 2026

Friday, December 19, 2025

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deployment at QNET

    Wednesday, July 8, 2026
    The Sparsa AI Enterprise Operating …Read More »
  • Conifers AI Opens Singapore Data Region, Bringing Local Data Residency to Asia-Pacific Security Teams

    Wednesday, July 8, 2026
    With data regions now spanning …Read More »
  • DXC Opens Flagship AI-first Customer Experience Center in Bengaluru

    Tuesday, July 7, 2026
    Strengthens DXC’s India presence with …Read More »
  • D-Link Brings Advanced AI Fall Detection and Privacy Protection to Home Elderly Care with the New DCS-8610 Wi-Fi Camera

    Monday, July 6, 2026
    Advanced technologies traditionally found in …Read More »
  • ICAC Commissioner attends first IAACA European regional anti-corruption conference in Hungary

    Friday, July 3, 2026
    BUDAPEST, Hungary, July 2, 2026 …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.