When it comes to cybersecurity, people are the weakest link. GitLab reiterated this point beautifully in a recent exercise involving its own employees.
GitLab decided to emulate a phishing campaign against its employees to obtain GitLab.com credentials. The fake phishing attack was designed to mimic a basic attack concentrating on primary authentication credentials via a fake login page. The link took them to the fake gitlab.company website where they were asked to enter their login details. Fifty GitLab employees were targeted, and 17 clicked on the link. Six reported the link as suspicious behaviour to the GitLab security operations team.
The Verizon 2030 Data Breach Investigations Report says roughly one-quarter of all breaches involved phishing. It just goes to show that when some effort is put into an attack, anyone from any organization can get duped.