Empowering and training employees on the right attitudes to adopt in terms of cybersecurity has become more necessary than ever. According to the Corporate Cybersecurity Barometer conducted by Opinionway/CESIN, the most frequent attacks rely primarily on phishing or spear phishing techniques, cited by 73% of the panel, ahead of "CEO fraud" (50%) and social engineering (44%). All these attacks have one thing in common: they exploit human vulnerabilities such as ignorance, inattention, credulity, and haste. One click too many or one piece of information disclosed, and the company's web security is threatened!
Empowering employees to take responsibility for cybersecurity has become a necessity.
Year after year, statistics continue to alert us to the responsibility of employees in security incidents. The 2015 PWC study already sounded the alarm, with 34% of security incidents triggered by current employees. In 2017, this figure had nearly doubled, according to the Deloitte study, which estimated that 63% of security incidents were caused by an active employee.
The reason for this increase?
New uses in mobile situations, but also the sophistication of attacks, which are increasingly credible and personalized, as well as their sometimes multi-channel approach (emails, social networks, etc.).
Unfortunately, awareness often comes when the company has already been victimized: according to the Deloitte study, 75% of companies say they have taken additional security measures following a cyberattack. The first measure is employee training and awareness, for 56% of companies.
But to be effective, employee training should not be underestimated or treated as an occasional activity. It must be organized and consistent. That's why Olfeo has launched the Campus solution:
Campus: an innovative approach to cybersecurity training in companies
Raising awareness of cybersecurity among teams can reduce incidents by up to 60%. That's why, as the French leader in corporate web security, we now offer an innovative product to provide ongoing training for your users, enabling them to become strong links in your company's security chain.
Campus has a constantly evolving and regularly updated training catalog designed to appeal to all employees within the company, regardless of their current level of cybersecurity knowledge. All topics are covered with fun and interactive content followed by quizzes that test understanding and mastery of the various subjects. It should be noted that some modules are more specific, such as the GDPR course, which is aimed at data controllers, for example. The solution allows you to launch and manage an unlimited number of campaigns via an ergonomic interface that is extremely easy to administer by both CISOs and HR managers.
The first campaign that can be launched is an information security awareness barometer: ISAM. The course consists of 31 questions and takes 10 minutes to assess users' knowledge and behavior. It can be used as an initial audit and reused to track changes in employee maturity levels.
Campus also allows you to segment employee populations using user lists from Active Directory to target campaigns tailored to different profile types. Then, using the reporting functions, the administrator can track the progress of training campaigns and the success rate for different topics. These tools give them a better overview of how awareness levels are evolving within the organization.