HKBN Empowers SPOs with Free Phishing Email Assessment - Results showed 10% failure rate, nearly double the global benchmark for NGOs
In This Article:
HONG KONG, March 19, 2024 /PRNewswire/ -- In response to the surge in phishing attacks over recent years, HKBN Group (HKBN) has collaborated with Green Radar, a leading cybersecurity and innovation technology company, to conduct free phishing email drills for ten social profit organisations (SPOs). This initiative aims to enhance SPO employees' alertness, equipping them with the skills to effectively identify and mitigate the potential risks from suspicious phishing attempts.
The phishing email assessment was conducted in February this year, simulating the most prevalent hacking tactics observed in recent years. Nearly 10,000 employees from ten participating SPOs were involved and received highly realistic phishing emails. These deceptive messages, offering "first-come-first-served" gift giveaways, lured recipients to click on embedded links and give up their personal information.
The result revealed that employees from all ten SPOs were vulnerable to the phishing emails. Notably, about one-tenth (10.7%) of the approximately 10,000 employees failed to identify the phishing emails, a figure that is nearly twice as high as the global average failure rate of 5.5%[1] for non-profit organisations. Alarmingly, 43.6% of those who failed also clicked on spam links and submitted sensitive personal information, including their names and email addresses. Overall, these findings underscore the need for heightened vigilance among Hong Kong's SPO community regarding phishing emails.
Among the ten SPOs that participated in the assessment, four indicated that they had suffered losses due to phishing attacks, while eight acknowledged that their employees lacked adequate technical knowledge in cybersecurity. Although most SPOs have implemented cybersecurity measures internally, (for example, eight SPOs said they have an alert mechanism in place for cyberattacks, and seven SPOs had updated their cybersecurity measures in the past year), more than half of them (six SPOs) admitted that they had either not provided any cybersecurity awareness training or had only provided one session in the past year.
Wilson Tang, HKBN Co-Owner and Chief Information Security Officer said, "The rapid development of artificial intelligence has led to an upsurge in phishing attacks. The Hong Kong Computer Emergency Response Team Coordination Center (HKCERT) recorded the highest number of phishing incidents in five years last year[2], reflecting the urgent need for all sectors of society to enhance cybersecurity. SPOs serve the public and handle data from numerous stakeholders, the risks they are facing are definitely not lower than those of private enterprises. In our assessment, all participating SPOs fell victim to phishing. When just one employee opens a malicious email, he or she could fall into hackers' traps, which can potentially lead to financial losses and other damaging outcomes."