Softline helped employees of the "Government Complex" to raise awareness in the field of information security

2023: Implementation of PhishMan staff awareness service

On January 11, 2023, the Softl ine Group of companies announced the introduction of the Phishman system, designed to manage the process of raising awareness of employees in the field of information security through the formation of a culture of personal information security, to the Federal State Institution "Support Center" - the operator of general resources of the Government Complex.

As a result of the project, the knowledge management process was automated for employees of the Ministry of Economic Development of the Russian Federation, the Ministry of Industry and Trade of the Russian Federation, the Ministry of Digital Development, Communications and Mass Media of the Russian Federation, the Federal Accreditation Service, the Federal Agency for Technical Regulation and Metrology, the Federal Agency for Nationalities, as well as organizations of the Government Complex in the field of information security. Now employees of federal executive bodies and subordinate organizations will be able to form the necessary skills of behavior in the information space, learn to recognize and resist social engineering methods, which will allow the customer to strengthen the protection of information systems and confidential information.

In addition to attacks on information resources, the number of phishing attacks on ordinary users is also growing. This is due to the fact that employees can violate information security requirements both for ignorance and inattention. Many vulnerabilities, such as weak passwords, unsecured remote access, the lack of timely updates to antivirus databases, are due to the lack of employees' necessary knowledge in the field of information security. Separate awareness-raising activities provide a temporary effect because they do not contribute to the formation of sustainable skills in users. In addition, the organizers of the attacks are improving their methods and tactics to disguise them, which makes it difficult to detect threats.

In this regard, in order to strengthen the information security system built in the Government Complex, it was decided to supplement it with an anti-phishing component. As part of the state contract, Softline Group of Companies selected and supplied software for the Support Center PKU that meets all regulatory requirements. The implementation of the Russian automated system for testing and training employees was carried out by experts from Softline, Phishman and Infosecurity (Softline Group of Companies) as soon as possible - in just two months.

The company is convinced of the importance of a systematic approach to the formation of conscious user behavior in matters of information security. The Phishman system generates a variety of attacks and, based on employee reactions to phishing actions, identifies "vulnerable" users, as well as their "gaps" for unsafe (deliberate or careless) actions both on the local network and outside the system itself. Based on this data, an individual training path for each employee is automatically developed. In addition, Phishman can act as a platform for playing any training content of the customer. Thus, this system and the delivered set of courses will allow the federal executive authorities and their subordinate institutions to expand the traditional approach to awareness. This will make it possible to implement completely different scenarios for training employees, including developing a program for adapting other employees to information security requirements in the Government Complex, explained Olga Slavinskaya, Head of the Complex Projects Development Group of Softline Training Center.

The Phishman information and training system, presented by Softline Group of Companies, allows you to form user digital hygiene skills by training and simulating phishing attacks of any complexity, created both manually and based on already adapted templates. With the help of Phishman, you can conduct regular events to form a culture of personal information security of any number of employees without interfering with work processes - train them to recognize and combat various types of cyber attacks in an interactive-involving form, as well as monitor and analyze the dynamics of training and the formation of safe behavior skills in an information environment. This will help to improve the culture of personal information security, as well as minimize the number of incidents related to the human factor. It is important that the system is not only included in the Register of Russian software, but also works on Russian operational systems. The platform has great potential in the development of the training unit with the ability to independently expand the list of courses, as well as in integration with the corporate portal of the Government Complex. Thanks to the capabilities of the system, it is planned to use it as a "knowledge base," which can be used by more than 5500 employees working in the Government Complex, summed up Evgeny Vladimirovich Nesterov, deputy director of the PKU "Support Center."