Malmö University carried out a staged IT attack last autumn. One in ten employees, including senior managers, fell into the trap and gave out sensitive user data, reports South Sweden.
In October, the university’s 1,800 employees received an email with questions about vacation pay that appeared to come from the HR department.
Only principal Kerstin Tham knew about the scam. The university’s internal audit had hired IT security experts to review the security mindset of the employees.
A total of 209 people clicked on the phishing link in the email. Of those, 179 people went ahead and gave out their login details, i.e. every tenth employee, according to Sydsvenskan.
The intelligence threat against Swedish universities and colleges has increased in recent years, according to the Security Police. Sweden is described by Säpo as an attractive country for states that want to acquire knowledge and technology for both military and civilian purposes.
Against this background, the National Audit Office has recently started an examination of how well the universities protect valuable research data from foreign powers.
In the player above: Jean Odgaard, head of internal audit at the university, answers how the review went.