SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Research shows importance of people-centric security
Fri, 2nd Sep 2022
FYI, this story is more than a year old

In August, it was reported that Singapore faced more cyber attacks in 2021 with key malicious activities such as phishing, ransomware, and botnet drones taking centre stage.

With all these scams around, cybersecurity firm Proofpoint says individuals and organisations need to be more cognisant of such malicious attacks, and build better cybersecurity posture from a people-centric standpoint.

Smishing vs. Phishing: Understanding the Differences

SMS-based phishing (also known as smishing) is a fast-growing counterpart to email phishing. Although different in their structures, they have a similar approach in terms of how they lure victims: through social engineering.

Proofpoint says smishing attempts tend to be shorter and less elaborate than email lures, and exploit peoples trust in mobile messaging where high click rates and responsiveness are key. In fact, victims may fall for smishing attacks more frequently, as although both mobile numbers and email addresses can be masked, email headers contain much more detailed information that may allow recipients to spot a malicious message if they are observant.
According to a Cloud Security Alliance (CSA) and Proofpoint study, 58% of organisations surveyed reported that third parties and suppliers were the target of a cloud-based breach in 2021.

Key findings from the  CSA and Proofpoint study include:

  • Organisations are struggling to sufficiently secure new cloud environments implemented especially during the pandemic, while maintaining legacy equipment and adapting their overall security strategy to the evolving landscape
  • Increasing reliance on third parties and partners exacerbates the risk of supply chain threats, with some 58% of organisations reporting that third parties and suppliers were targets of cloud-based breaches.
  • Forty three per cent of organisations listed protecting customer data as their primary cloud and web security objective for 2022. Despite this, only one-third, some 36%, of them have a dedicated Data Loss Prevention (DLP) solution in place.

"As organisations adopt cloud infrastructures to support their remote and hybrid work environments, they must not forget that people are the new perimeter," says Mayank Choudhary, executive vice president and general manager of Information Protection, Cloud Security - Compliance for Proofpoint.

"It is an organisation's responsibility to properly train and educate employees and stakeholders on how to identify, resist and report attacks before damage is done," Choudhary says.

"Cultivating a culture of security within and around your organisation coupled with the use of multiple streamlined solutions is critical to effectively protect people against cloud and web threats and defend organisational data."