"Center for Corporate Solutions" has introduced the "Anti-phishing platform for distance learning information security"
Customers: Center for Corporate Solutions (CDC) Lipetsk; Consulting, including management and personnel Contractors: Informzaschita Product: Anti-phishing Information Security Distance Learning PlatformProject date: 2022/08 - 2023/02
|
2023: Implementation of the remote learning platform Information Security Anti-phishing using "Informzaschita"
The Center for Corporate Solutions, together with experts from Informzaschita, has introduced Anti-Phishing, a system for raising user awareness in the field of information security. The system is integrated with corporate security tools and provides a continuous process of training, the formation of the necessary behavior skills in the information space and reducing the number of cybersecurity incidents related to the human factor. This was announced on May 19, 2023 by the Informzaschita company.
The Microsoft IT Cloud Security Survey, conducted by analytical the company IDC in six countries Central and Eastern (Europe Russia including,), showed that one of the main areas of development of companies for the next few years is the constant training of both IT specialists and ordinary employees in the field. - for INFORMATION SECURITY Social engineering attacks employees and unsafe actions of people - remains the most famous vector, which accounts for the main number of penetrations into the system. The year pandemics also laid bare numerous cybersecurity problems, as companies were forced to urgently adapt to the "new normal" remote and hybrid work, which entailed an expansion of the attack surface and risks.
In digital world , employees in all industries should have knowledge not only within their competencies, but also skills related to ensuring information security their workplace. The performance of the entire infrastructures company often depends on this. But the situation, unfortunately, does not change: according to data to the specialists on (penetration to pentests tests) "Informzaschita," attacks using social engineering methods are 80% successful. This just speaks of the inattention and inability of users to apply the basic principles of information security. Even if the company is equipped with expensive information security systems, staff failure to comply with basic cybersecurity rules will expose the entire to threats company's infrastructure.
Information security is not just an installed antivirus on the user's computer. Even with the well-coordinated professional work of the information security service and the installation of all automated systems for monitoring and preventing cyber threats, it can be argued that the company is not fully protected from all threats. The Corporate Solutions Center has thousands of employees, a branch network distributed throughout the country: raising awareness and creating the right habits of safe behavior of employees in the digital space is one of the priority areas in the framework of ensuring cybersecurity of the entire company. said CISO "Center for Corporate Solutions" Aleksei Kuznetsov.
|
Various factors influence how and what to train personnel: the size of the company, the tasks set by management, the budget, and so on. In this regard, various training methods can be used - from independent passage of educational material to interactive trainings and trainings in practice, in realistic conditions. User surveys show that a number of existing information security awareness programs are not effective enough: workers are bored of reading the description of policies and technical documentation, terms are not always clear and poorly assimilated, the description of attacks causes distrust. The emphasis is on bans, not understanding the nature of the attack and examples of the right actions.
The educational process must be continuous. It begins with awareness, is strengthened in training and is formed as part of interactive learning. To implement the project in CCR LLC, the Antifishing platform was chosen, which is included in. register of Russian software Ministry of Digital Development, Communications and Mass Media It provides distance learning employees and continuous training of safety skills, as well as integration with the IDM system and other corporate security equipment. noted Aleksei Sova, Marketing Director of Informzaschita.
|
The system includes educational interactive materials in the form of courses with appropriate testing, and imitation of attacks, "throws" phishing emails to the user containing suspicious links and "malicious" attachments. Based on the results of responding to such attacks, a company employee develops a rating - an objective metric that shows the level of protection of an employee, his department and the entire organization from threats to the human factor. A negative rating means that in most cases the employee committed unsafe actions (opened phishing emails, followed unsafe links, etc.). This allows the company to track whether the skills of an information security officer have deteriorated or improved. Users with a low rating take pre-installed courses on information security issues without fail.
The integration of Antifishing with the IDM system allowed the information security team of CCR LLC to automatically control that all employees and contractors with the right to access corporate systems have the necessary knowledge and the necessary level of safe work skills. If this level of knowledge or skill is reduced, accesses are automatically blocked.
The user awareness system allows you to form sustainable habits and strengthen cybersecurity in the long term, which means it reduces the number of typical information security violations committed by employees. The ultimate goal of such programs is to reduce damage and losses (material, reputational) from threats associated with the human factor when working with the company's information resources.