Sent: 2024-04-24
From: EIU
To: Various Recipients
Subject: EIU Phishing Simulation Results
Last week, EIU conducted a phishing simulation for all employees, focusing on password resets—an approach often used by attackers. Out of 1193 participants, 92 employees (7.71%) provided their EIU username and password to the simulated attacker. By all metrics we collectively performed poorly in the simulation and have much work to do to be more vigilant against phishing attacks.
Ensuring the security of every EIU user's account is paramount, regardless of role. It's worth noting that most attackers initially target non-privileged employee accounts before using internal systems to attack and navigate their way to more secure systems. 91% of ransomware attacks start with phishing attempts, highlighting the significance of this issue.
Recent cyberattacks at Richland Community College and Lincoln College serve as reminders of the disruptive impact such incidents can have on university campuses. For instance, Lincoln College cited a cyberattack as a factor in the recent closure of the University, while Richland faced significant business disruption for over six weeks following a cyberattack in February. Although the specifics of these breaches are unknown, it's likely they originated from phishing campaigns.
Moving forward, EIU will continue to conduct phishing simulations and share outcomes with the campus community. It's essential to remain cautious, take time to assess emails carefully, and report any suspicious activity promptly. You should use the phishing button in Outlook or forward suspicious emails to phishing@eiu.edu. Please pay attention to Duo MFA requests. Decline Duo MFA pushes that are not requested by you or from your current location and report any suspicious activity to info-sec@eiu.edu.
RYAN GIBSON | Executive Director for ITS
rwgibson@eiu.edu | 217-581-1904
EASTERN ILLINOIS UNIVERSITY
Information Technology Services
600 Lincoln Ave. | 4312 Student Services Building
Charleston, IL 61920
www.eiu.edu/panthertech
