There's still some debate in Michigan about the coldest temperature ever recorded in the state. Was it 51 below in 1934, or 53 below in 1933?
But there's not much debate about cybersecurity findings by the Office of the Auditor General for the State of Michigan. Improvements are needed by the Department of Technology, Management, and Budget (DTMB), which oversees InfoSec for the state.
And a phishing exercise produced results that would probably alarm the toughest of InfoSec teams.
The Michigan State Auditor evaluated the state's security awareness program by going phishing on its own: "... we conducted a phishing exercise on a random sample of 5,000 state employees from 18 executive branch departments and the executive office."
Here are the results:
That's right, nearly 1 in 5 employees would have given away their credentials to hackers had it been an actual phishing email.
The Auditor suggested further awareness training, and that the state needs to evaluate and measure the success of its program.
You can read the 58-page cybersecurity audit of the Michigan government and see the long list of things that need to be implemented to secure the State of Michigan.