SINGAPORE. More than half of Singapore’s local and foreign member banks are lagging behind on basic cybersecurity measures, according to a study of Proofpoint, Inc. on 129 Singapore banks. This exposes users to threats of email-based impersonation attacks.
According to the study, 52% of banks in Singapore have not yet adopted the recommended and strictest level of Domain-based Message Authentication, Reporting and Conformance (DMARC) protection, which prevents cyber criminals from spoofing.
“DMARC is essential in fortifying defenses against email fraud and safeguarding customers, staff and stakeholders from malicious attacks. Banking and financial institutions operating in Singapore must proactively stay ahead of the changing threat landscape as scams and attacks become commonplace, ensuring they are well-prepared to defend against the latest email threats," said Philip Sow, Head of Systems Engineering, South East Asia and South Korea at Proofpoint.
Most of the banks (80%) adopted the email authentication protocol but only 48% are properly implementing it to the recommended and highest level by blocking suspicious emails.
Recommendations
To increase security, it is important to check the validity of all email communication and increase awareness on potentially fraudulent emails impersonating customers, partners or colleagues.
Proofpoint also warns users to be wary of any communication attempts that request log-in credentials or threaten to suspend service or an account if a link isn’t clicked.
Best practices for password hygiene are encouraged, by using strong passwords, never re-using them across multiple accounts and using multi-factor authentication.
The banking and financial services sector experiences the highest number of spoofing incidents. It accounts for over 80% of all phishing attempts and has consistently ranked among the top three sectors targeted by cyber attackers since 2016, according to the Singapore Cyber Landscape 2022 report.
