More than 90% of participants in Bit Sentinel's awareness training for businesses with between 50 and 5,000 employees were able to recognize a new phishing effort by the program's conclusion, reflecting a considerable improvement in staff attitude.
Therefore, internal teams must be educated so they have all the information they need to prevent any potential attacks on the business, regardless of their size, industry, or sector.
According to a YouGov poll for Google, at the national level, 37% of Romanians had been the target of phishing campaigns in which someone attempted to gain personal information. Data security is heavily reliant on the quality of employee training in the context of accelerating digitization and remote working, where corporate control has decreased and the usage of work equipment for personal purposes has increased. In this regard, the experts at Bit Sentinel caution that the first step should be a full set of simulated phishing attacks because any defensive system must be evaluated as realistically as possible for businesses to detect actual business risks.
The public sector and SMEs are among the most vulnerable businesses, as they often make fewer investments in infrastructure security than large corporations do.
“The number of cyber-attacks has increased in the context of the regional geopolitical conflict, and the targets have mostly been government websites. At the European level, the public sector is more vulnerable because the attack surface is larger and public institutions often operate with outdated systems, have limited budgets, and the process of technological renewal is cumbersome and requires a system to be unavailable for some time. Therefore, the lack of adoption of new technologies, together with the lack of regular training of employees, brings with it significant risks and opens the door to cyber criminals, who can launch their attacks more easily,” Andrei Avădănei, CEO of Bit Sentinel, said.
Through the Phish Enterprise platform, Bit Sentinel teaches employees in businesses how to recognize phishing attacks in a secure setting before reporting them to the security team. These cybersecurity awareness courses are supported by simulations and real-world scenarios.
“The main action which should be taken is to educate and train employees so that they can identify a phishing attack of any kind and be aware of the impact of a wrong click. Today, the number of companies that are aware of the need for employee training has increased. Moreover, amid regulations, which make cyber security awareness mandatory, such as the requirements of the NIS Directive, many companies have turned to our platform as it provides traceability of education programs that can be reported to regulatory authorities,” Avădănei mentioned.
Theoretical course subjects include malware, ransomware, computer viruses, security, and password management in addition to phishing as a whole, including spear phishing, whaling, smishing, and vishing. Phish Enterprise offers practical training so that staff members may participate in a genuine experience that assesses their capacity to respond and act, in addition to theoretical resources that outline several fundamental phishing ideas and social engineering strategies. The most common method of deployment among companies now utilizing the platform is managed service, in which experts from Bit Sentinel supervise the entire training procedure and create fresh exercises each month to continuously teach staff.
Employees will have access to and be able to utilize existing exercises in this scenario, where the platform can also be entirely automated in its deployment. If the self-managed implementation is used, each business will design its exercises or modify existing ones to suit the needs of the teams utilizing the courses.
