As of Nov 2022, NUS IT completed a total of 6 phishing simulation drills targeted at all University staff and students. We improved our approach and conducted these drills in different ways, such as introducing remedial drills for those who were susceptible, improving the landing page to provide clearer explanations to those who clicked, and providing extra training sessions led by NUS IT staff for repeated offenders. We also introduced incentives to reward users who did not click and reported the phishing email instead. Consequently, our average click rates for staff and students improved from 14.6% and 10.4% in 2021 to 6.5% and 5.7% in 2022 respectively.
We developed a dashboard for HODs and Senior Management to view the overall drill performance of their department and the whole University respectively. This enables them to work closely with NUS IT to provide attention to staff and students who fail to show improvement despite the prescribed cybersecurity awareness training.