• About
  • Subscribe
  • Contact
Wednesday, May 7, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

The Game Plan: Tackling Asia’s untethered cyber threat

Allan Tan by Allan Tan
September 14, 2022
The Game Plan: Tackling Asia’s untethered cyber threat

The Game Plan: Tackling Asia’s untethered cyber threat

Backdrop: Proofpoint’s The Human Factor 2022 report reveals that more than 20 million messages attempted to deliver malware linked to eventual ransomware attacks. That is not to say that 20 million messages all ended as ransomware attacks. Or did they?

At a media briefing, Alex Lei, senior vice president for Asia-Pacific and Japan at Proofpoint some details from the global report that are specific to Asia, with a view toward offering options for CIOs, CISOs and CTOs to grapple with the alarming threat that the connected world presents.

Is there anything unique about cyber attackers in Asia?

Proofpoint has found that the occurrence and frequency of cyberattacks are not consistent across the Asia Pacific landscape.

The 2022 State of the Phish report found that cyber-attacks in Australia and Japan were vastly different although they were both within the Asia Pacific

  • 80% of organisations in Australia experienced high incidents of ransomware compared to the global average of 68%, whereas Japan saw lower-than-average effects for most threats.
  • 92% of Australian organisations dealt with cyber-attacks (highest of any region surveyed), while only 66% of Japanese organisations experienced successful phishing attacks (lowest of any region surveyed).

While not all cyber-attacks are created equal and may not target the same countries, they can be just as damaging

  • All it takes is one successful phishing attack for organisations to face consequences such as financial losses and credential compromise.

There could also be risk factors that cyber attackers can exploit

  • Long-term hybrid work and the influx of incoming and outgoing employees from the ‘Great Resignation’ has exacerbated the risks posed by insider threats.
  • There is a lot more uncertainty around the proper protocol, what data is or is not off limits, and what the proper channels one should use.
  • In Singapore, Proofpoint research has shown that remote working has enabled an increased risk of cyber-attacks.
  • 44% of CISOs in Singapore surveyed reportedly saw more targeted attacks in 2022 since enabling widespread remote working, an uptick of 13% from 2021 according to Proofpoint’s Voice of the CISO report.
  • A DMARC analysis also found that more than half (59%) of SGX 200 companies do not have the necessary email authentication protocols in place, leaving their customers, partners, and employees open to higher risks of email fraud.

How significant of a threat is smishing in Asia and what is driving this?

SMS phishing or smishing has risen, jumping more than 80% globally in 2021

  • It is a significant threat as smishing lures usually prey on human bias towards urgency and loss aversion, and these psychological triggers are especially powerful in the context of mobile phones.
  • People tend to be more responsive to mobile messages than to email or computer messaging, and still have a high level of trust in the security of mobile communications.

While it is different from traditional phishing, smishing employs the same types of lures, and one of the main differences is in people’s susceptibility to attacks

  • Click rates on URLs in mobile messaging are found to be eight times higher than email globally.
  • Prevalence of links over attachments is another factor that threat actors leverage, where they often make use of embedded links.
  • We believe that the success rate for smishing attacks is expected to be substantially higher than traditional email phishing although the volume of email attacks may be higher.

In Asia, increasing digitisation is the likely driver of smishing, with many organisations going online and sending their customers updates via SMS

  • Some common drivers and lures of smishing include parcel/package deliveries, banking and finance, government, consumer brands and telecommunications.
  • Additionally, SMSes are also being used to send over one-time passwords (OTPs) when logging into online services.

How are enterprises countering attackers? Name one or two successful tactics.

To combat today’s threats, organisations need a people-centric approach to prevention, and leveraging the tools available is the first step to making a people-centric security program work

  • CISOs need to look across their vendor and product portfolio to evaluate where their information and data can be better used to spend resources.
  • By leveraging that information to make smarter decisions about resource allocation and risk, CISOs can better tackle these problems at scale.

In many cases, human factors can matter more than the technical specifics of an attack.

  • Most cyber-attacks cannot succeed unless someone falls for them.
  • Cyber criminals are often looking for relationships that can be leveraged, trust that can be abused and access that can be exploited.

To address this, companies need to start with security awareness and implement risk-based controls

  • Training users to spot and report malicious emails, links, and documents can stop attacks and help identify people who are especially vulnerable.
  • Having a solution that can neutralise threats by applying additional security layers can protect even the most vulnerable users, as organisations should assume that users will eventually click on some threats.
  • Isolating risky websites and URLs can be a critical safeguard against URL-based threats.

Another way is to also ensure appropriate security policies and regulations are up to date.

  • Recently, a large financial institution in Singapore saw one of the largest smishing attacks in December last year, with over 470 customers losing S$13.7million, with 80% of the amount lost during the year-end festive period.
  • Cyber attackers impersonated the bank through spoofing, a technique used to clone a legitimate sender’s name and shortcode. By spoofing the bank’s name, threat actors were able to enable their SMSes containing malicious links to appear in the same thread as legitimate SMSes from the bank.
  • In response to this, the Singapore government has introduced an SMS Sender ID Registry (SSIR) that merchants and organisations will need to register using their Unique Identity Numbers (UENs). This will help to ensure that only verified organisations are able to use the correct Sender IDs.
Related:  Creating a human firewall against cyberthreats
Tags: cyber threatsproofpointThe Game Plan
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe