Why phishing and software updates still matter for Singapore organisations
By Jess NgCyber adversaries are leaning on automated tools to hunt for known vulnerabilities.
In a highly digitalised economy like Singapore, cyberattacks continue to become more sophisticated and automated as threat actors keep finding new ways to catch people off guard. Certain findings make that abundantly clear.
Yet even as cyberattack tools evolve, how the most effective threats are delivered remains familiar.
The numbers on the ground substantiate this. According to the Cybersecurity Agency of Singapore (CSA), 2024 saw 117,300 systems infected by malware nationally – a startling on-year jump of 67%.
Most of these cases came down to user negligence regarding software updates. Meanwhile, phishing scams topped the list of reported scams in the first half of 2025, up 11% compared with the first half of 2024, according to the Singapore Police Force.
That’s why, out of all the lessons from the reports, it is clear that two fundamentals remain essential: protecting against phishing and keeping software updated.
How phishing keeps finding a way in
Since they work by exploiting human trust rather than technical flaws, phishing emails and social engineering continue to be the most effective “way in” for attackers. There’s no need to break through firewalls or zero-day vulnerabilities when a little ingenuity and trickery can do the job.
Phishers are certainly becoming more creative. In Singapore, for example, they’ve been known to pose as government agencies, e-commerce platforms, and even investment services to lure victims in. They are also reaching out through more diverse channels, using email, SMS (smishing), and voice calls (vishing) to cast a wider net.
Even worse, automation now allows them to push out phishing attempts with minimal effort. At that rate, it only takes a handful of successes to cause real harm.
Skipping updates may come at a price
In 2026, cyber adversaries are also leaning more on automated tools to hunt for known vulnerabilities. When they do come across unpatched software – be it an operating system, an application, or a plugin – exploitation is often almost immediate.
Phishing and outdated software are a dangerous combination, and attackers know it. Social engineering opens the door, perhaps through a phishing email that delivers malware, whilst outdated software, riddled with vulnerabilities, makes it easy for attackers to stay inside – where they can escalate privileges, move laterally, or even disable defences altogether.
Patch the holes, and attackers lose their foothold. But even though software updates are one of the simplest yet most impactful forms of protection, many organisations still put them off, often out of concern for downtime, compatibility, or cost.
Practical steps to stay secure
Looking back, 2025 demonstrated in no uncertain terms that the basics matter more than ever.
Organisations must leave no opening whatsoever for phishing. It all starts with continual awareness and vigilance. Teach employees to take a moment to pause before clicking, double-check who a message is from, and speak up if something seems off.
Over time, these should become second nature. And don’t underestimate how much multifactor authentication (MFA) can save you if credentials ever fall into the wrong hands.
Secondly, consider letting systems patch themselves where possible. Automation can really help cut the lag between patch releases and updates on your systems. Organisations can ease the process by centralising patch management, whilst individual users should enable automatic updates on personal devices and let updates take care of themselves.
Both steps rely on cultivating the right habits across the organisation and fostering a culture where security belongs to everyone, not just IT.
Carrying lessons into the new year
Today’s attackers move fast and are highly adaptable; a single unpatched system or careless click can be all they need. Plus, automation has amplified their reach tremendously.
Nevertheless, the data shows that even as tools and techniques get flashier, attackers still target the weaknesses we’ve been struggling against for years, as it needs minimal effort, and the payback is potentially huge when they succeed.
Even in 2025, phishing and outdated software were still amongst the biggest headaches that plagued organisations and individuals alike.
The good news is that the fundamentals of defence haven’t changed. That means staying resilient to phishing and keeping software up to date are still the most reliable first lines of protection.
Organisations that make awareness and timely updates part of their everyday habits will always be better prepared to withstand whatever adversaries throw their way.