The 2022 Singapore User Risk Report

The 2022 Singapore User Risk Report complements research from the 2022 Human Factor from Proofpoint. Since its inception, the Human Factor has explored a simple premise: that people—not technology—are the most critical variable in today’s cyber threats. Since then, this once-contrarian notion has become a widely acknowledged reality. Cyber attackers target people. They exploit people. Ultimately, they are people.

To effectively prevent, detect and respond to today’s threats and compliance risks, information security professionals must understand the people-centric dimensions of user risk: vulnerability, attack and privilege. In practical terms, this means knowing:

• Where users are most vulnerable
• How attackers are targeting them
• The potential harm when privileged access to data, systems and other resources is compromised

Addressing those elements—the human factor of cybersecurity—is the core pillar of a modern defence.

What this report covers

Organisations in Singapore have invested hundreds of millions of dollars in cybersecurity, and they work hard to keep up with changing regulations. Despite these efforts, some of the best-known brands have succumbed to phishing attacks. In one of countless recent examples, the customers of a leading bank lost SG$13.7 million in an SMS phishing scam where the attacker impersonated the bank.

Driven by the global pandemic, organisations have increased remote working and accelerated adoption of cloud platforms. These shifts, while beneficial and even necessary, have massively expanded attack surfaces. At the same time, greater digital engagement has given attackers new avenues for phishing.

This report focuses on social engineering, the common thread in modern cyber attacks. Social engineering exploits human nature rather than technical vulnerabilities, making it fiendishly difficult to defend against.

In Singapore, phishing attacks that use email, voice and SMS most often impersonate health authorities, banks, telecommunications and logistics and delivery companies. These forms of fraud reflect the changing nature of work and life. People are often working from home. They are anxious about their health. They’re also banking online and making online purchases much more often than before. For attackers, it’s a windfall of new opportunities.