МТС RED Security Awareness

Main article: Security Awareness - Information Security Skills Management - Cyber Literacy

2024: Availability in three delivery models

MTS RED, a member of MTS PJSC, announced on July 11, 2024 that the solution for improving the cyber literacy of employees (MTS RED Security Awareness) is now available on the market in three delivery models at once. This is the MSS model - a managed turnkey cyber literacy service, SaaS - providing remote access to the cyber literacy software platform according to the subscription model and on-premium - supplying and installing the platform in the organization's infrastructure. Earlier, this MTS RED solution was presented on the Russian market only in the MSS model.

One of the main trends in the development of the information security solutions market is the desire of market players to maximize the usability of their developments and services by customers. At the same time, different companies have different approaches to ensuring security, their own conditions, regulations, resources and budgets. In this sense, MTS RED, when developing its products and services, provides customers with the widest possible choice. Now companies seeking to increase the competence of employees in the field of information security can choose any convenient option for them to use the solution, - said Ilya Odintsov, head of MTS RED Security Awareness.

By providing organizations with a managed service for improving cyber literacy, MTS RED undertakes all the work to connect it and develop cybersecurity skills from the company's personnel - from expert and methodological to support and technical. This includes connecting and configuring the service, conducting training phishing mailings, providing access to the service for the customer's employees to study information materials, providing reports on the results of the study and on the effectiveness of training phishing mailings. This approach saves time and resources by shifting all the tasks of developing cybersecurity skills among the company's personnel to a service provider, and is suitable for organizations with sufficient budgets for information security.

The Security Awareness (SA) service provides customers with access to the MTS RED software platform for improving personnel cyber literacy deployed in the MTS cloud. At the same time, MTS RED provides support and development of the platform, supports the operation of the equipment on which it is deployed. And the customer has the necessary resources to independently develop cybersecurity skills for his employees on the basis of the platform. This approach is ideal for companies that care about the balance between the convenience of implementing cyber literacy and optimizing the cost of solving this problem.

At the same time, organizations that need customized improvements in the capabilities of the cyber literacy platform for specific tasks, as well as for those who are limited by internal regulations that do not allow a cloud model for using security, it is optimal to install a software platform for improving cyber literacy on their own resources according to the on-premium model. The launch of the software platform in this model will take longer and cost the company more, but will provide complete control over the entire process.

2023: Security Awareness Presentation

MTS RED, a member of MTS PJSC, on November 21, 2023 presented a new automated service for improving the cyber literacy of employees. It is distinguished by complete automation of the employee training process, integration with MTS SOC, expanded technical support.

According to recent joint research by MTS RED and Phishman, about 80% of all cyber incidents in companies are caused by the human factor. Every year there is a 45% increase in the volume of phishing emails received by users using ransomware, and in 2022 the number of phishing mailings increased by 65%. Poor information security awareness gives attackers the ability to launch a multi-way cyber attack using social engineering.

At the same time, technical means do not guarantee complete protection, especially if the employee's actions become the reason for the intruder's penetration into the company's infrastructure. Anti-phishing courses teach theories but do not form safe behavior skills. In this regard, MTS RED brought to the market a service for improving the cyber literacy of employees, automating the entire cycle of teaching cyber literacy - both theory and practice.

The Security Awareness service from MTS RED includes a set of theoretical courses on the main topics of cyber literacy and practical training of security skills when working with e-mail. The theory is represented by 15 online courses for ordinary users and IT specialists, at the end of each course the user is tested. Unlike most competing solutions, the service includes specialized 187-FZ and 152-FZ courses with a mandatory final assessment of employees' knowledge of these standards.

Inside the training system there is a built-in module with which you can form and plan training phishing attacks, as well as identify the most vulnerable users. You can create a phishing form of any complexity manually or use ready-made templates. At the same time, the cost of the Security Awareness service from MTS RED includes the creation by the company's specialists of phishing forms customized for the customer. Through an automated system of training, testing employees and imitating real phishing emails, users develop skills to counter cyber attacks.

Service users - information security department, IT, personnel, management - get access to the service through their personal account, which presents visual expanded statistics on the results of employee training; you can assess the information security risks of the entire organization as a whole and for each employee and assign additional courses in one click. The rest of the company's employees also have a personal account: here they see their own individual plan for teaching cybersecurity skills and can immediately move on to taking the courses assigned to them.

For the services we create, we choose partners whose technologies have proven themselves in the market. We have seriously strengthened the capabilities of Phishman's Security Awareness system with MTS SOC data accumulated during more than 10 years of experience in MTC RED specialists studying new attack vectors and trends in the development of threats on a large pool of customers from the MTS ecosystem. The synergy of the expertise of the service provider and vendor will provide our customers with the maximum level of automation and quality of training in cyber literacy of employees and significantly increase the level of protection of companies from attacks on users, "explained Andrey Dugin, head of the cyber security services center at MTS RED.

The key competitive quality of the Security Awareness service from MTS RED is its integration with the MTS SOC cyber incident monitoring and response center. Integration ensures the receipt of information about incidents involving company employees in the MTS RED Security Awareness service. For example, if an employee opens a malicious attachment or link in an email, the service will automatically assign him training in counterphishing methods.

Also, the Security Awareness service from MTS RED is distinguished by detailed and visual reporting: based on the results of training attacks on users, the company's specialists provide the customer with analytical reports with visualization of summary data on the level of information security risk in the company, as well as on the level of organization resistance to attackers attacks.

In addition, the service provides an expanded scope of technical support, including error correction, consulting, customization of courses, platforms and reporting to customer requirements, development of connectors to specialized customer systems.

Based on the results of implemented implementations of the Phishman platform in Russian companies and piloting of the Security Awareness service from MTS RED in a number of customers, the level of employee awareness after the start of use of the service increases by 3 times. Already in the first month, the number of security events in which phishing emails were involved decreases by 70%, and the number of repeated incidents decreases by up to 80%. Earlier, the MTS Group company - MTS Startup Hub - invested 90 million rubles in the Phishman platform.