Employees are making organisations vulnerable to cyber attacks: survey

More than half of employees are unable to identify scam calls.

Companies with cybersecurity measures in places still fall victim to phishing attacks likely due to their employees, a survey by Proofpoint has found.

Based on the survey, only 44% of working professionals can identify fraudulent calls. Most of them (35%) receive scam calls, texts, or emails, at least two to three times a week.

The most common themes used by fraudsters to trick employees are related to COVID (76%), banking (75%), logistics (45%), telco (37%), and finances (29%).

Apart from failing to identify scam calls,  47% of working Singaporeans also do not know how to – or are unaware that – they can verify links from cloud service providers.

“Microsoft OneDrive and Google Drive are the most common legitimate cloud infrastructure platforms used by threat actors. In 2021, 35% of cloud tenants that received a suspicious log-in also experienced suspicious file activity after the breach, revealing that privilege-based risk widens as organisations move to the cloud,” Proofpoint reported.

Even top employees are contributing to an ornoganisations' vulnerability to cyber attacks. According to Proofpoint, the majority of managing directors (66%) and regional leaders of companies (75%) are also likely to share one-time passwords via email or messaging if they think the person asking for it is a friend, acquaintance, or colleague.

“High-privileged users are disproportionately targeted by fraudsters,” Proofpoint said.

“Managers and executives make up only 10% of overall users within organisations, but almost 50% of the most severe attack risk,” it added.