Statewide, MoDOT maintains thousands of computer devices. Keeping those computers safe from outside threats is a 24-hour responsibility using the latest security measures.
Write Up:
Statewide, MoDOT maintains thousands of computer devices. Keeping those computers safe from outside threats is a 24-hour responsibility using the latest security measures.
For the third quarter of fiscal year 2024, MoDOT received a total of 1,735 emails containing malicious content (links and/or attachments) that were delivered to user inboxes. Of those 1,735 delivered emails, 56 recipients clicked on the links or attachments. Among those 56 clicks, 38 were blocked at the time of click while the remaining 18 were permitted. These 18 permitted clicks were later identified as false positives by MoDOT’s email security vendor, Proofpoint. The other 10 permitted clicks were a mix of credential phishing and malware delivery threats. The average click rate for the quarter was 3.2%, an increase from 0.8% for the previous quarter.
This quarter saw the third-largest number of malicious emails delivered to user inboxes since this measure was first tracked. The previous high was 1,984 malicious emails delivered in the previous quarter. Out of the 91 days in this quarter, there were only 43 days when MoDOT did not receive a malicious email directly to the user's inbox. All of these emails came from smaller campaigns with the majority consisting of fewer than 10 messages delivered.
MoDOT continues to emphasize cybersecurity and provide training for all department computer users. The cybersecurity oversight team works to define areas of vulnerability and deploy solutions to address risk. In addition, MoDOT utilizes the Office of Administration’s network firewall services, endpoint cybersecurity detection, and remediation services to provide increased cyber protection.
Purpose of the Measure:
This measure reports MoDOT's average click rate on malicious email links and attachments. Using this measure MoDOT can compare performance to previous quarters and make adjustments in security training program to reflect the observed trend.
Measurement and Data Collection:
The incident data for this measure is captured from MoDOT's e-mail security platform.
The target for this measure is zero clicks.
Result Driver
Todd Grosvenor
Title
Financial Services Director
Department
Financial Services
Contact Info
Email: Todd.Grosvenor@modot.mo.gov
Phone: (573) 751-4626
Email: Todd.Grosvenor@modot.mo.gov
Phone: (573) 751-4626
Measurement Driver
Cindy Kaminski
Title
Information Systems Supervisor
Department
Information Systems
Contact Info
Email: Cindy.Kaminski@modot.mo.gov
Phone: (573) 526-3620
Email: Cindy.Kaminski@modot.mo.gov
Phone: (573) 526-3620