Your browser is not supported. Please use Chrome, Firefox, Edge or Safari browser. More information

SECURITY AWARENESS TRAININGS

Since 2011, the course of an IT attack has been investigated on the basis of Cyber Security Kill Chain5 published by Lockheed Martin. Phase 3, known as "Delivery", involves an attacker launching an attack in a goal-oriented way, using his preliminary survey results. This is when the conscious behavior of the users of the given company becomes a priority, which allows the user to recognize suspicious data traffic (e-mail, web page, SMS, etc.) to prevent the continuation of the attack. This type of user awareness should be built up, measured and maintained for all companies.

Phishing is a case of psychological manipulation where attackers try to obtain confidential information as a seemingly trusted partner via e-mail, or on a website. In no case should it be confused with traditional SPAM e-mails because its characteristics are not the same as traditional methods. The information an attacker is trying to obtain may be more diverse (for example, username, password, credit card number, bank account information, etc.). The message asks the user to log on to a fake site that is very similar to a well-known website (PayPal, eBay, some known bank, the company's internal intranet, etc.) hosted by the manipulator. Here, the questions asked give the attacker the opportunity to obtain important information that may be necessary for the rest of the attack.

The 4iG Security team provides the assessment and the supervision of users' awareness levels by launching a phishing campaign well-structured from a wide range of tools that is tailored to the customer, then the compilation of the training material or even the organization of the training based on the conclusions drawn.

As a first step, our experts carry out a survey, after which we launch a campaign aimed at a designated group or the entire company. After conducting a campaign, our expert colleagues evaluate the results and then, based on the experience, compile a personalized educational material.

Maintaining this awareness can reduce the risk of user behavior and the chance of a successful attack.