When asked about their biggest cybersecurity vulnerability, 67% of CISOs in Singapore identified human error as the top concern. While human adaptability is our greatest strength, it also serves as a digital Achilles’ heel for enterprises.
Resilient CISOs have already navigated challenges brought on by the pandemic, large-scale remote working, and record-high employee turnover. Now, they face new peaks in these challenges, with an increased reliance on cloud technology, a widespread mobile workforce, and cyber adversaries armed with AI technologies.
According to Proofpoint’s 2024 Voice of the CISO report, more than two-thirds (67%) of Singapore’s security leaders remain apprehensive about a significant cyberattack in the next 12 months.
While the usual suspects — ransomware (45%), malware (45%), and email fraud (34%) — still keep CISOs in Singapore awake at night, human error is seen as the most persistent vulnerability within organisations, with 95% of cyberattacks reportedly traceable to it.
CISOs trust their people (but they are still a cause for concern)
When asked about their biggest cybersecurity vulnerability, there was a clear consensus — people. Employees, often working outside the protective boundaries of traditional office environments and across multiple cloud platforms, contribute to this well-founded concern.
Cybercriminals now have a much broader attack surface, and all they need is a distracted click or an unintentional download to succeed.
Employee turnover is also a major concern. Despite 94% of CISOs in Singapore believing they have adequate controls in place to protect data, 32% admitted to losing sensitive data in the last 12 months. Moreover, nearly three-quarters (63%) reported that departing employees contributed to these data losses.
In contrast to these concerns, 92% of Singapore CISOs believe their employees understand their role in protecting the organisation from cyberattacks.
This high level of confidence points to strong security awareness programmes and training. However, the ongoing perception of people as the leading vulnerability suggests that awareness does not necessarily equate to full preparedness.
Is AI the key enabler for CISOs to mitigate human risks?
AI has become an indispensable tool in cybersecurity, offering advanced capabilities for protecting digital assets, identifying threats, and mitigating risks. It assists organisations in tackling unknown threats, automating incident responses, reducing duplicative processes, and enabling continuous monitoring and assessment.
While AI is not a solution for every cyber problem, its use cases in the cybersecurity world continue to evolve rapidly. Key applications include:
- Malware detection: AI-driven antivirus software can detect and block malware by analysing code and behaviour patterns, even for previously unseen threats.
- User and entity behaviour analytics (UEBA): AI can analyse user behaviour to detect insider threats and compromised accounts by identifying unusual access patterns.
- Semantic analysis: This process helps understand the meaning of words, phrases, and sentences within a given context, beyond basic pattern matching and language. With AI, organisations can assess human motivation, applying this to both users and attackers, and thus identifying legitimate behaviour with greater accuracy.
- Phishing detection: AI can analyse email content, sender behaviour, and URLs to identify phishing attempts, preventing users from falling victim to these attacks.
- Zero-day exploit protection: AI can defend against zero-day exploits by identifying new and unknown vulnerabilities and developing appropriate countermeasures.
- Automated monitoring: AI-enabled systems provide 24/7 monitoring, allowing organisations to take preventive measures before harm is done.
However, AI is not without its challenges. Implementing AI-driven cybersecurity measures requires specialised expertise and often relies on human oversight to respond to perceived threats properly. While AI can be trained over time using extensive data sets, this presents critical challenges, including sophisticated adversarial attacks, data privacy concerns, false positives, and deployment complexities.
Despite these obstacles, AI offers both risks and opportunities. While CISOs acknowledge its potential danger in the hands of cybercriminals, many also see its value in defending against cyberthreats. In fact, 86% of Singapore CISOs are exploring the deployment of AI-driven capabilities to help mitigate human error and combat advanced, human-centred cyberthreats.
By adhering to best practices — such as ensuring continuous learning for AI models, maintaining human oversight in threat interpretation, integrating AI into a broader security strategy, and supporting AI systems with strong access controls, regular testing, and audits — organisations can better manage AI’s long-term impact.
