Write Up:

Statewide, MoDOT maintains thousands of computer devices. Keeping those computers safe from outside threats is a 24-hour responsibility using the latest security measures.

For the third quarter of fiscal year 2025, MoDOT received a total of 8,682 emails containing malicious content (links and/or attachments) that were delivered to user inboxes. Of those 8,682 delivered emails, five recipients clicked on the links or attachments. Among those five clicks, three were blocked at the time of click while the remaining two were permitted. 

This quarter saw the largest number of malicious emails delivered to user inboxes since this measure was first tracked. The previous high was 6,007 malicious emails delivered in the second quarter of FY 2025. Out of the 90 days in this quarter, there were only 25 days when MoDOT did not receive a malicious email directly to the user's inbox. These emails came from 32 small campaigns, just five threat actors were involved.

MoDOT continues to emphasize cybersecurity and provide training for all department computer users. The cybersecurity oversight team works to define areas of vulnerability and deploy solutions to address risk. In addition, MoDOT utilizes the Office of Administration’s network firewall services, endpoint cybersecurity detection and remediation services to provide increased cyber protection.

Purpose of the Measure:

This measure reports MoDOT's average click rate on malicious email links and attachments. Using this measure, MoDOT can compare performance to previous quarters and make adjustments in the security training program to reflect the observed trend.

Measurement and Data Collection:

The incident data for this measure is captured from MoDOT's e-mail security platform.
The target for this measure is zero clicks.