The Ministry of Digital Industry and Rostelecom-Solar have developed a course to improve information security skills for employees of the department

2022: Development of an information security training course for employees

May 16, 2022 Ministry of Digital Development, Communications and Mass Media of the Russian Federation (Ministry of Digital Development) Rostelecom-Solar and announced that they had implemented a project to improve skills cyber security for employees of the department. The training was conducted on a service platform (SA Security Awareness) and included both theory and practical verification in the form of imitation. harmful mailings The training program was adapted to the specifics of the Ministry of Digital Science in conjunction cyber security with the department's support department.

The theoretical part of the training was devoted to safe work on the Internet and with e-mail: employees of the ministry were told about how hackers use sites and mail to penetrate the corporate network, and how to recognize such an attack.

And in imitated phishing mailings, such psychological triggers as the urgency of the task, the authority of the sender, fear of punishment for failure to perform any actions, curiosity, etc. All this was supposed to force users to either open the attached file, or go to a third-party site and leave the password for personal or work mail there.

"Obviously, state authorities are exposed. to cyber attacks Therefore, we, together with "-Rostelecom Solar," developed training to improve the skills of INFORMATION SECURITY our workers and helped them prepare for a possible targeted attack with. phishing Both ordinary employees of the department and managers were trained. As shown by the results of the work, more than 90% of employees of the department can recognize malicious mailing, " noted Vladimir Bengin, Director of the Cybersecurity Department of the Ministry of Digital Science

"Workers in most cases become a weak link through which hackers enter the infrastructure of the victim organization. According to our data, more than 75% of cyber attacks start with phishing emails that contain HPE attachments and malicious links. Therefore, it is extremely important that both state and commercial organizations are engaged in improving the cyber literacy of employees. The project in the Ministry of Digital Science showed the conversion and dynamics of training. It is noteworthy that the first complaints about phishing began to arrive at the IT service of the department 30 minutes after the start of the distribution, which is a very good indicator, " explained Vladimir Dryukov, director of the Solar JSOC cyber attack center of Rostelecom-Solar

In addition to training in secure work with mail and the Internet, the SA Rostelecom-Solar service can also include courses on mobile and physical cybersecurity, as well as the necessary minimum on the tools and features of remote work. Thus, training covers all aspects of corporate cyber hygiene. In this case, attack scenarios can be either typical or individual. The latter are developed separately for each company, taking into account the specifics of the industry, business, state, etc. In addition, training courses are constantly updated taking into account the accumulated expertise of the Solar JSOC Cyber ​ ​ Attack Countermeasures Center.