45% of IT decision-makers aren't concerned about phishing
New research from KnowBe4 has revealed that less than half (45%) of Singaporean IT decision-makers say they are concerned about phishing as a risk to their organisation. This is a drop from the 53% reported in 2021.
More interesting is that even fewer IT decision-makers are concerned with Business Email Compromise (BEC). Only 30% of IT Decision makers were concerned, compared to 40% in 2021.
37% of Singaporean IT Decision makers say that they are confident they would know the steps to take following a cyber incident or data breach in their organisation. This is down from 51% in 2021.
As for employees, there are several worrying revelations. Less than half (47%) of respondents believed their organisation's employees could understand the risks of falling victim to a cyber attack. This figure was 54% for comparison in 2021.
Under four of ten (37%) were confident that employees could recognise phishing and BEC emails, and 41% were confident that their employees reported all suspicious emails.
"When those charged with keeping a business secure are unaware of the risks and employees are unable to identify scam emails and SMS messages, their organisations are at significant risk," says Jacqueline Jayne, Security Awareness Advocate for APAC, KnowBe4.
"According to the Singaporean Police Force, Singaporeans lost $660.7 million in 2022, almost S$1.3 billion in the past two years. If those in charge of security are unaware of best practices, then they cannot educate and train employees."
Employees' behaviour putting organisations at risk
Over a third (34%) of Singaporean office workers admitted to using the same password for multiple accounts, which is concerningly similar to 2021 at 31%.
As for employee behaviour, 13% of employees of all age groups admitted to using their work phones for personal activities. More than 57% of employees reported that they did not think using their work phone incorrectly was a security risk to their employer.
In better news, 61% said they never engage with suspicious emails, with 57% not engaging with suspicious SMSs.
Just 37% of respondents said they consistently report suspicious emails and SMSs to the IT team responsible for cybersecurity.
"When employees are using their work email address for personal activities such as online shopping, they are much more likely to fall victim to a phishing attack that uses a hook such as delivery delays to entice the victim to click through. Having a clear separation between work and personal activities makes it much easier to spot when an email is a scam – if you know you never shop online using your work email address, then you know that email from Amazon cannot be real," explains Jayne.
"How employees perceive their role is a critical factor in sustaining or endangering the security of the organisation," explains Jayne. "It is imperative that employees are educated on securing not only their professional, but personal environments. What they learn and how they incorporate into everyday behaviours and attitudes is then completely transferable into their personal lives and will protect their own data."
Younger employees are the most risky
KnowBe4's research broke down respondents by age group and had some interesting findings.
Millennial office workers are more likely to be confident in distinguishing real emails from fake/scam emails at 57%, compared to Gen Z at 42%, Gen X at 39%, and Baby Boomers at 43%.
Millennials are also more likely to not engage with suspicious SMSs at 63% compared to Gen Z at 47% and Baby Boomers at 48%.
One area of concern, however, is that Millennials are more likely to use the same password for multiple accounts at 39% compared to Gen X at 28%.
They also believe using their work email for personal purposes isn't a risk to themselves (53% compared to Gen X at 60%) or their employer (51% compared to Baby Boomers at 66%).