Phishing cyber-attacks are the most common and effective, causing nearly 90% of data fraud, according to the CISCO 2021 Cybersecurity Threat Trends report, which points out that each employee receives, on average, 14 malicious emails every year. In this context, employees play the most important role in ensuring the security of a company’s data, note experts at Bit Sentinel, one of the leading providers of cybersecurity services in Romania.
In the awareness programs that Bit Sentinel conducts in companies with between 50 and 5,000 employees, staff attitude has improved significantly, with more than 90% of employees able to identify a new phishing campaign at the end of the program. So, internal teams, regardless of size, industry, or sector, need to be educated so they have all the information they need to avoid any potential attack on the company.
At a national level, more than a third of Romanians (37%) have been targeted by phishing attacks, in which someone tried to access personal data, according to a study conducted by YouGov for Google. In the context of accelerated digitalization and remote working, corporate control has been reduced and the use of work equipment for personal purposes has increased, making data security highly dependent on the level of employee training. In this regard, Bit Sentinel experts warn that a full set of simulated phishing attacks is the first step, as any defensive system needs to be tested as realistically as possible so that companies can identify real business vulnerabilities.
At the same time, among the most exposed companies are those in the public sector or SMEs, because investments in infrastructure security are usually lower than for large companies.
“The number of cyber-attacks has increased in the context of the regional geopolitical conflict, and the targets have mostly been government websites. At European level, the public sector is more vulnerable because the attack surface is larger and public institutions often operate with outdated systems, have limited budgets, and the process of technological renewal is cumbersome and requires a system to be unavailable for a period of time. Therefore, the lack of adoption of new technologies, together with the lack of regular training of employees, brings with it significant risks and opens the door to cyber criminals, who can launch their attacks more easily”, said Andrei Avădănei, CEO of Bit Sentinel.
To educate employees in organizations, Bit Sentinel, through the Phish Enterprise platform, offers a variety of cybersecurity awareness courses, accompanied by simulations and real-life scenarios, so they are able to identify phishing attacks in a safe environment and then report them to the security team.
“The main action which should be taken is to educate and train employees so that they can identify a phishing attack of any kind and be aware of the impact of a wrong click. Today, the number of companies that are aware of the need for employee training has increased. Moreover, amid regulations, which make cyber security awareness mandatory, such as the requirements of the NIS Directive, many companies have turned to our platform as it provides traceability of education programs that can be reported to regulatory authorities”, Andrei Avădănei added.
The topics analyzed in the theoretical courses cover phishing as a whole, including spear phishing, whaling, smishing, vishing, but also malware, ransomware, computer viruses, security, and password management. In addition to theoretical resources that explain various basic phishing concepts and social engineering tactics, Phish Enterprise also provides practical workshops so that employees get a realistic experience that tests their ability to react and act. Among customers currently using the platform, the most popular mode of implementation is managed service, whereby Bit Sentinel specialists manage the entire training process and develop new exercises on a monthly basis to constantly train employees. The platform can also be deployed fully automatically, and in this scenario, employees will have access to and be able to use existing exercises. In the case of self-managed implementation, each company will create its own exercises or customize them according to the specifics of the teams taking the courses.