More employees in Asia fall victim to phishing links monthly: report

They click phishing links nearly double the global average of 2.9 times, according to Netskope Threat Labs.

Around 5.5 out of every 1,000 employees in Asia clicked phishing links monthly, higher than the global average of 2.9 times, Netskope Threat Labs revealed.

Phishing remains one of the most common and effective social engineering tactics used by attackers, it added.

Attackers use phishing campaigns to steal employees’ credentials for various work and personal services. Top targets include cloud services (28%), banking (16%), telecommunications (15%), and social media (14%).

Cloud applications used by employees are specifically targeted, with attackers aiming to steal sensitive data, leverage compromised accounts to target other employees or sell access to compromised cloud apps on illicit marketplaces.

The report, which also measured threats related to malicious content delivery, and data security and Generative artificial intelligence (gen AI), also found that users in Asia access malicious content at a higher rate than users in other regions, with 2.3 out of every 100 employees attempting to access malicious content on the web or in the cloud each month, with each instance potentially leading to a cyber incident.

Malicious content varies, from malicious websites delivering threats or capturing sensitive information, to malicious documents hosted in cloud environments that deliver malicious payloads when opened. Netskope Threat Labs noted that the latter has become more common, with users in 86% of organisations downloading malware from cloud apps monthly.

The survey also found that 19% of employees in Asia violate their organisation’s data security policies monthly by sending sensitive company data to unauthorised systems, tools, applications, or recipients.

GenAI applications are involved in a significant number of data policy violations. Source code (66%) is the most common type of sensitive data leaked in gen AI prompts, followed by regulated data (26%) and intellectual property (7%).

In response, organisations are blocking applications that serve no business purpose. On average, 4.6 gen AI apps are blocked monthly, with some organisations blocking over 70 per month.