Only 4% of IT decision-makers in Singapore are able to correctly identify phishing SMS and email messages. Despite the apparent lack of judgement, 47% remain unconcerned about the risk of phishing attacks to their organisation. 

Some 32% of these IT leaders tapped their work phones for personal activities, higher than 18% of employees who did likewise, according to a study commissioned by KnowBe4, which provides security awareness training. Its chief hacking officer and reformed hacker Kevin Mitnick designed the US vendor's training modules.

The study further found that 53% of IT decision-makers in Singapore were concerned about phishing as a risk to their organisation, while 40% expressed similar concerns about business email compromise attacks. Conducted last December by YouGov, the online survey polled 200 IT decision-makers and 1,012 employees in the city-state. 

See also

Singapore must clamp down on security inertia before digital banking era can take off

With Singapore's digital bank licensees expected to begin operations this year, a spate of online scams wiping victims of their life savings serves as yet another wakeup call and demonstrates regulations sometimes are the only way to shake organisations out of complacency.

A further 36% of IT decision-makers used their work email for personal activities, compared to 29% of office workers. 

In addition, 51% of IT leaders expressed confidence they would the steps they had to take following a cybersecurity incident or data breach in their organisation. 

And while 54% believed employees in their organisation understood the business impact of cybersecurity breach, 43% felt confident their staff could identify phishing and business email compromise attacks. Another 40% believed their employees would report email messages they deemed suspicious. 

KnowBe4's Asia-Pacific security awareness advocate Jacqueline Jayne said: "When those charged with keeping a business secure are unaware of the risks and unable to identify scam email and SMS messages, their organisations are at significant risk...If those in charge of security are unaware of best practices, then they cannot educate and train employees."

Jayne noted that employees were more likely to fall for phishing scams if they used their work email for personal activities, such as online shopping. "Having a clear separation between work and personal activities makes it much easier to spot when an email is a scam--if you know you never shop online using your work email address, then you know that email from Amazon cannot be real," she said. 

Singapore's Anti-Scam Centre last year received more than 23,800 reports, with losses totalling almost SG$520 million. More than 12,600 bank accounts were frozen and SG$102 million recovered. 

The KnowBe4 study revealed that 88% of Singapore IT decision-makers planned to spend more on cybersecurity this year, with 65% indicating such investment would go towards cybersecurity awareness training. Another 57% planned to direct their spend towards cybersecurity tools, while 55% would invest in infrastructure and 55% on cybersecurity insurance.  

RELATED COVERAGE

• Singapore urges shared responsibility in preventing online scams as it readies liability framework
• Singapore pushed to introduce security measures amidst online banking scams
• Firms need better breach response, clear regulatory guidelines
• Assume breach position does not mean firms get to skip due diligence in cybersecurity
• Singapore sees spikes in ransomware, botnet attacks