Asia-Based Employees Click on Phishing Links at Twice the Global Rate: Netskope Report

SINGAPORE, December 12, 2024 – Employees in Asia are engaging with phishing links and accessing malicious content at rates double those seen in other regions, according to a new report by Netskope Threat Labs, the research division of cybersecurity firm Netskope. The findings shed light on the evolving cyber risks faced by organisations in the region, ranging from traditional phishing scams to threats linked to generative AI (genAI) and cloud environments.

Alarming Phishing Trends

The report reveals that 5.5 out of every 1,000 employees in Asia click on phishing links monthly—nearly double the global average of 2.9 per 1,000. These links are often embedded in emails, messaging apps, social media, advertisements, and search engine results, creating multiple attack vectors for cybercriminals.

Phishing campaigns primarily target credentials for cloud services (28%), banking (16%), telecommunications (15%), and social media platforms (14%). Attackers use these stolen credentials to access sensitive data, infiltrate organisations further, or sell the compromised accounts on illicit marketplaces.

Widespread Malicious Content Exposure

Asia-based employees also attempt to access malicious content on the web or via cloud platforms at twice the global rate, with 2.3 out of every 100 employees implicated each month. Malicious content ranges from infected websites capturing sensitive information to documents delivering malware. The report notes that users in 86% of organisations in the region downloaded malware from cloud applications monthly, posing significant risks to enterprise security.

Data Security and GenAI Concerns

Beyond phishing and malicious content, data security remains a critical challenge for organisations in Asia. Nearly one in five employees (19%) violate data security policies each month, often by sending sensitive information to unauthorised recipients or platforms.

The rise of generative AI tools has further complicated the data security landscape. GenAI applications are responsible for a substantial number of data breaches, with source code (66%), regulated data (26%), and intellectual property (7%) being the most commonly leaked information. Organisations in Asia are responding by blocking non-business-critical genAI applications, with an average of 4.6 such tools restricted monthly, and up to 70 in extreme cases.

Ray Canzanese, Director of Threat Labs at Netskope, highlighted the complex nature of today’s cybersecurity threats. “With the constant evolution in employee behaviours and work habits, organisations in Asia are having to mitigate an increasing variety of risk factors and threats,” he said.

The report underscores the need for comprehensive cybersecurity strategies, including inspecting all network traffic, monitoring data-sharing practices, and implementing robust controls against both traditional and emerging threats.

As Asia remains a hub for digital innovation, its organisations face heightened risks due to the widespread adoption of cloud and genAI technologies. Netskope’s findings serve as a wake-up call for companies to bolster their cybersecurity frameworks to navigate an increasingly perilous digital landscape.

AsiaBizToday