HomepageNewsTechnology is no longer enough: train your employees in cybersecurity!
Technology is no longer enough: train your staff in cybersecurity!
March 20, 2023
Empowering and training employees in the right attitudes to adopt when it comes to cybersecurity has become more necessary than ever. According to the Opinionway/CESIN Corporate Cybersecurity Barometer, the most frequent attacks are based above all on phishing or "spear phishing" techniques, cited by 73% of the panel, ahead of "the president scam" (50%) and social engineering (44%). What all these attacks have in common is the exploitation of human vulnerabilities: ignorance, inattention, credulity, haste... One click too many, or one piece of information too many, and your company's web security is threatened!
Empowering employees to take responsibility for cybersecurity has become a necessity.
Indeed, year after year, statistics keep alerting us to the responsibility of employees in security incidents. The 2015 PWC study was already sounding the alarm, with 34% of security incidents triggered by current employees. In 2017, the figure was almost double that, according to the Deloitte study, which this time estimated that 63% of security incidents originated from an active employee.
The reason for this increase?
New uses in mobile situations, but also the sophistication of attacks, which are increasingly credible and personalized, as well as their sometimes multi-channel approach (email, social networks, etc.).
Unfortunately, awareness often comes when the company has already been a victim: again according to the Deloitte study, 75% of companies claim to have taken additional security measures following a cyber attack. The first measure is employee training and awareness-raising, for 56% of companies.
To be effective, however, employee training must not be underestimated or considered on an ad hoc basis. It must be organized and constant. That's why Olfeo has launched the Campus solution:
Campus: an innovative approach to corporate cybersecurity training
Campus has a constantly evolving and regularly-updated training catalog to cater for all company employees, whatever their current level of cybersecurity knowledge. All topics are covered, with content that is both entertaining and interactive, followed by quizzes to validate understanding and mastery of the various subjects. It should be noted that some modules are more specific, such as the RGPD course aimed at data processing managers. The solution enables an unlimited number of campaigns to be launched and managed via an ergonomic interface, which is extremely easy to administer for both CISOs and HR departments.
The first campaign that can be launched is an information security awareness barometer: ISAM. The 31-question survey takes 10 minutes to assess users' level of knowledge and behavior. It can be used as a baseline audit and reused to track changes in employees' maturity levels.
Campus also enables employee populations to be segmented using user lists from the Active Directory, so that campaigns can be tailored to different profile types. Then, thanks to the reporting functions, the administrator can track the progress of training campaigns and the percentage of successes on the various themes. These tools provide a clearer picture of the evolution of awareness levels within the organization.
Discover how easy it is to organize cybersecurity training courses with Campus :
With Campus, engage in a real process of continuous improvement in user awareness of cybersecurity.
Campus is more than just an awareness-raising kit: it's an ongoing cybersecurity training platform, eligible for training budgets. It enables you to validate cybersecurity awareness skills and improve or deepen your employees' cyber culture.
Campus is designed for the long term, with the possibility of launching campaigns lasting several months, automating email reminders. The solution complements the Olfeo web security gateway by offering long-term training in addition to the real-time awareness provided by the gateway. The latter displays contextualized blocking pages during employee web browsing, containing mini-videos from Cybermalveillance.gouv.fr, designed to raise awareness of the security risks involved.