Summary

Phishing Exercise Objective. As part of Exercise SG Ready (ESR) 2025, for the first time, MINDEF is partnering the Singapore Business Federation (SBF) to conduct a phishing exercise for businesses, especially small and medium enterprises (SMEs). This exercise encourages businesses to strengthen their cyber resilience and review their business continuity plans in face of potential cyberattacks and other disruptions.

Participating Organisations. About 200 SMEs and large companies from over different industry sectors including manufacturing, wholesale and retail trade, and construction, will participate in the phishing exercise.

How the phishing exercise is conducted

During the two-week exercise period from 15 to 28 February 2025, select employees of the participating organisations will receive simulated phishing emails based on the profile of the organisations. These emails will include various tactics to encourage recipients to act on instructions such as clicking a link. At the end of the exercise, results of the phishing exercise will be shared with the respective organisations with suggested areas of improvement. Through the exercise, companies can assess and identify their areas of vulnerabilities and work towards strengthening their cyber resilience and readiness for threats and disruptions. Participants who fall prey to the simulated phishing emails will be educated about the dangers of phishing attempts to strengthen their cybersecurity awareness.

Interested organisations can access cybersecurity resources at https://go.gov.sg/SGReadyGoWhere, including Cyber Security Agency of Singapore's Playbook for the Conduct of Phishing Simulation Exercises and the Total Defence Cybersecurity Table-Top Exercise Self-Facilitation Guide to review their cybersecurity business continuity plans.