To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it

2020-05-21 20:51

Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing - and a fifth of the participants submitted their credentials to the fake login page.

The GitLab Red Team - security personnel playing the role of an attacker - obtained the domain name gitlab.company and set it up using the open source GoPhish framework and Google's GSuite to send phishing emails.

Just 6 of the 50 message recipients reported the phishing attempt to GitLab security personnel.

GitLab's findings underscore security concerns about people working from home, a group that keeps growing thanks to the COVID-19 pandemic and growing corporate tolerance for, or even encouragement of, remote work.

Manzuik concluded that GitLab workers should be encouraged to review the company's handbook, which explains quarterly phishing drills, and that GitLab's security team should communicate more frequently with employees about phishing.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/21/gitlab_phishing_pentest/

#phishing #security #test

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Gitlab		10	93	794	115	16	1018

News URL

Related news

Related vendor