Research Shows Importance of People-centric Security

Prevention is better than cure: Proofpoint research shows importance of people-centric security

In August, it was reported that Singapore faced more cyber attacks in 2021 – with key malicious activities such as phishing, ransomware, and botnet drones (just to name a few), taking center stage.

With all these scams around, we wanted to focus our round up this month on why individuals and organizations need to be more cognizant of such malicious attacks, and how they can build better cybersecurity posture from a people-centric standpoint.

Smishing vs. Phishing: Understanding the Differences (Full blog post)

  • SMS-based phishing (also known as smishing) is a fast-growing counterpart to email phishing
  • Although different in their structures, they have a similar approach in terms of how they lure victims: through social engineering
  • Smishing attempts tend to be shorter and less elaborate than email lures, and exploit people’s trust in mobile messaging where high click rates and responsiveness are key
  • In fact, victims may fall for smishing attacks more frequently, as although both mobile numbers and email addresses can be masked, email headers contain much more detailed information that may allow recipients to spot a malicious message if they are observant

The Cloud Security Alliance (CSA) and Proofpoint Study: 58% of Organizations Surveyed Reported that Third Parties and Suppliers Were the Target of a Cloud-Based Breach in 2021 (Full report)

  • Key findings from the study: 
    • Organizations are struggling to sufficiently secure new cloud environments implemented especially during the pandemic, while maintaining legacy equipment and adapting their overall security strategy to the evolving landscape
    • Increasing reliance on third parties and partners exacerbates the risk of supply chain threats, with 58% of organizations reporting that third parties and suppliers were targets of cloud-based breaches.
    • 43% of organizations listed protecting customer data as their primary cloud and web security objective for 2022. Despite this, only one-third (36%) of them have a dedicated Data Loss Prevention (DLP) solution in place.
  • “As organizations adopt cloud infrastructures to support their remote and hybrid work environments, they must not forget that people are the new perimeter. It is an organization’s responsibility to properly train and educate employees and stakeholders on how to identify, resist and report attacks before damage is done Cultivating a culture of security within and around your organization coupled with the use of multiple streamlined solutions is critical to effectively protect people against cloud and web threats and defend organizational data.” – Mayank Choudhary, executive vice president and general manager of Information Protection, Cloud Security & Compliance for Proofpoint.