Write Up:

Statewide, MoDOT maintains thousands of computer devices. Keeping those computers safe from outside threats is a 24-hour responsibility using the latest security measures.

For the fourth quarter of fiscal year 2024, MoDOT received a total of 2,288 emails containing malicious content (links and/or attachments) that were delivered to user inboxes. Of those 2,288 delivered emails, 26 recipients clicked on the links or attachments. Among those 26 clicks, 16 were blocked at the time of click while the remaining 10 were permitted. Of the 10 permitted clicks, five were identified as false positives, the remaining five links were re-written to launch in an isolated browser protecting the end user.

This quarter saw the largest number of malicious emails delivered to user inboxes since this measure was first tracked. The previous high was 1,984 malicious emails delivered in the second quarter of FY 2024. Out of the 90 days in this quarter, there were only 11 days when MoDOT did not receive a malicious email directly to the user's inbox. All of these emails came from smaller campaigns with the majority consisting of fewer than 10 messages delivered.

MoDOT continues to emphasize cybersecurity and provide training for all department computer users. The cybersecurity oversight team works to define areas of vulnerability and deploy solutions to address risk. In addition, MoDOT utilizes the Office of Administration’s network firewall services, endpoint cybersecurity detection, and remediation services to provide increased cyber protection.

Purpose of the Measure:

This measure reports MoDOT's average click rate on malicious email links and attachments. Using this measure, MoDOT can compare performance to previous quarters and make adjustments in the security training program to reflect the observed trend.

Measurement and Data Collection:

The incident data for this measure is captured from MoDOT's e-mail security platform.
The target for this measure is zero clicks.