Free Phishing Test Reveals NGOs Twice as Vulnerable as Usual
In response to the surge in phishing attacks over recent years, HKBN Group (HKBN) has collaborated with Green Radar, a leading cybersecurity and innovation technology company, to conduct free phishing email drills for ten social profit organisations (SPOs). This initiative aims to enhance SPO employees’ alertness, equipping them with the skills to effectively identify and mitigate the potential risks from suspicious phishing attempts.
(From left) Wilson Tang, HKBN Co-Owner and Chief Information Security Officer; Dr. Wan Lap Man, Executive Director of Hong Kong Playground Association; and Li Tin Lun, Administrative Head of Hong Kong Christian Service.
HKBN conducted free phishing email drills for ten social profit organisations. This initiative aims to enhance SPO employees’ alertness to cybersecurity.
The phishing email assessment was conducted in February this year, simulating the most prevalent hacking tactics observed in recent years. Nearly 10,000 employees from ten participating SPOs were involved and received highly realistic phishing emails.
These deceptive messages, offering “first-come-first-served” gift giveaways, lured recipients to click on embedded links and give up their personal information.
The result revealed that employees from all ten SPOs were vulnerable to phishing emails. Notably, about one-tenth (10.7%) of the approximately 10,000 employees failed to identify the phishing emails, a figure that is nearly twice as high as the global average failure rate of 5.5% for non-profit organisations. Alarmingly, 43.6% of those who failed also clicked on spam links and submitted sensitive personal information, including their names and email addresses. Overall, these findings underscore the need for heightened vigilance among Hong Kong’s SPO community regarding phishing emails.
Among the ten SPOs that participated in the assessment, four indicated that they had suffered losses due to phishing attacks, while eight acknowledged that their employees lacked adequate technical knowledge in cybersecurity. Although most SPOs have implemented cybersecurity measures internally, (for example, eight SPOs said they have an alert mechanism in place for cyberattacks, and seven SPOs had updated their cybersecurity measures in the past year), more than half of them (six SPOs) admitted that they had either not provided any cybersecurity awareness training or had only provided one session in the past year.
Wilson Tang, HKBN Co-Owner and Chief Information Security Officer said, “The rapid development of artificial intelligence has led to an upsurge in phishing attacks. The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) recorded the highest number of phishing incidents in five years last year, reflecting the urgent need for all sectors of society to enhance cybersecurity. SPOs serve the public and handle data from numerous stakeholders, the risks they are facing are definitely not lower than those of private enterprises. In our assessment, all participating SPOs fell victim to phishing. When just one employee opens a malicious email, he or she could fall into hackers’ traps, which can potentially lead to financial losses and other damaging outcomes.”
Li Tin Lun, Administrative Head of Hong Kong Christian Service said, “Cybersecurity is critically important, but most SPOs are often constrained by budgets as they prioritise resources on operations and community care. We are grateful to HKBN for stepping up its support through this programme, which will go a long way to enhancing cybersecurity awareness and know-how in the social sector. Furthermore, we would also like to call on the industry to allocate more resources to safeguarding the personal data and interests of different stakeholders.”
As part of its commitment to fostering digital inclusion, HKBN established the HKBN SPO IT Club in 2023, offering voluntary services such as cybersecurity and IT training to the community. Those who wish to receive more support in cybersecurity can register to join the HKBN SPO IT Club and receive free consultation services. HKBN Enterprise Solutions will be organising a complimentary seminar on phishing prevention and mitigation, scheduled for 15 April 2024.
Click here for more details.