Human-centric cybersecurity: Ensuring resilience in the public sector

In an increasingly digital-first world, Singapore’s public sector faces mounting pressure to safeguard the sensitive data it manages and to uphold citizen trust. Yet, while investments in cutting-edge cybersecurity infrastructure continues to grow, one persistent vulnerability remains: people.

Cyber attackers today are not just exploiting systems but are targeting individuals. As a result, defending against threats is no longer just a matter of technology, but also of mindset. A human-centric cybersecurity approach is now essential to future-proofing Singapore’s digital resilience.

Why the human factor matters

It’s no secret that human error is one of the leading causes of data breaches. Our research at Proofpoint shows that 67 per cent of CISOs in Singapore identify it as their biggest vulnerability.

This is particularly alarming when you consider the scale of sensitive data handled across government agencies, from healthcare and education to national infrastructure.

Humans are involved in nearly three-quarters of all data breaches, whether through manipulation, negligence, or simple mistakes. In fact, 42 per cent of CISOs report that negligent insiders are the root cause of sensitive data loss. And even more revealing, out of the 71 per cent of users who took risky actions, 96 per cent knew what they were doing was unsafe. This highlights a crucial gap between awareness and behaviour.

To bridge this gap, organisations need to understand and manage their most at-risk users: these are individuals who are highly vulnerable, frequently targeted or have elevated access privileges.

Identifying them enables agencies to tailor protections and reduce exposure where it matters most.

Protecting the biggest threat vector: email

Email remains the most common point of attack, with business email compromise (BEC) and phishing campaigns growing more sophisticated by the day. For government departments, a strong email fraud defence must begin with preventative measures.

To subscribe to the GovInsider bulletin click here.

Singapore has made commendable strides by introducing VerifiedID@SG and promoting protocols like the Sender Policy Framework (SPF) to combat domain impersonation. However, these must be complemented by pre- and post-delivery protection and rapid threat response mechanisms. Our research reveals that one in seven malicious links was clicked on within 60 seconds of email delivery.

This is a race against time, and humans will almost always lose.

This is where Proofpoint comes in. We analyse messages, links and attachments before they reach the inbox and keep analysing the inboxes using over 200 behavioural AI signals, detecting anomalous sending behaviours. So, we can stop threats with continuous and adaptive effort.

When paired with simulations that track user responses to similar threats, we not only mitigate immediate risks but also help identify vulnerable individuals before a real attack strikes.

Understanding insider threats in a hybrid world

The shift to hybrid and remote work has further blurred the boundaries of secure environments. Employees now access sensitive data from various locations and devices, increasing the risk of accidental or malicious data leakage.

Insider threats fall into three categories: careless, malicious, or compromised. Careless insiders are often the most overlooked, and most dangerous. We found that 87 per cent of departing employees took sensitive files with them, and it typically takes organisations 85 days to respond to insider-related incidents.

Proofpoint’s Insider Threat Management (ITM) solution offers a proactive approach. Lightweight agents monitor the activities of 90 per cent of users, while high-risk individuals, typically just 10 per cent of the workforce will receive deeper audits for better visibility. Our unified dashboard tracks user behaviour across endpoints, email, cloud and web, offering context-rich insights to enable rapid response and irrefutable evidence.

GenAI: opportunity meets risk

Generative AI (GenAI) holds vast potential for transforming how governments serve the public, but it also introduces new vulnerabilities. As AI tools grow more accessible, there’s a heightened risk of sensitive data being unintentionally shared with external platforms or models.

Traditional DLP solutions and web filtering tools typically use a blanket approach to block all GenAI applications. But to mitigate the human factor of data loss in the age of AI requires a more nuanced solution that can selectively permit, guide or restrict GenAI use based on specific users’ behaviours.

To gain this visibility and control, a three-pronged approach is required: who, why, and how.

• Know who is using AI: Identify who is interacting with AI tools and in what context within the organisation.

• Understand why they are using it: Are they using AI for productivity, or perhaps to further their understanding of a subject matter? Understanding the context behind AI usage is critical here.

• Visibility on how it is being used: Ensure that the user behaviour here is aligned with organisational security policies.

Embedding security into the core of AI strategies will allow government bodies to harness GenAI’s power without compromising data protection or compliance.

Cyber resilience is a shared responsibility

While it’s widely accepted that cyberattacks are inevitable, their impact doesn’t have to be catastrophic. At Proofpoint, our philosophy is simple: resilience is built by managing risk, not chasing perfection.

This means empowering people with the right tools, clear policies, and the awareness to act wisely. It also means rethinking traditional approaches. For example, even though employees might be aware of security best practices, many continue to make risky choices. That’s why security training must go beyond knowledge, it must drive real behavioural change.

By focusing on the human element, governments can transform their greatest vulnerability into their most effective defence. In a world where the cyber threat landscape is more complex than ever, that shift in perspective might just be the key to long-term digital security and cyber resilience.

-------------- 

The author is Proofpoint’s, Asia Pacific and Japan, Senior Vice President.​ 

--------------

To find out more about how the public sector can defend itself against cyber-attacks, register for a panel discussion, organised by GovInsider, in partnership with Proofpoint, on Cyber Resilience Redefined: Defending Data and Protecting Identities in Singapore's Public Sector, on April 10 from 10 am to 1 pm. You can register here.