Cybersecurity awareness is the understanding of the importance of information security and the knowledge and measures taken to protect against cyber threats. This includes educating employees and users about potential risks and best practices for protecting sensitive information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Since the beginning of the coronavirus pandemic, the FBI has reported a 300% increase in recorded cyber crimes. The BSI situation report of 2022 shows that over 400,000 new malware variants are counted daily. According to Statista, infection with malware is the biggest threat to companies in the German economy.
Various cyber attacks on IT systems, such as phishing or ransomware attacks, can have existential consequences for companies. According to Statista, the total damage from cyber attacks in 2022 amounted to 192 billion euros.
Due to the use of various technologies and personal devices in daily life and work, employees are the first victims of cyber attacks and therefore the gateway to IT systems of companies. Contact us now.
| Contact us now! |
It is not enough if 70-80% of employees have a strong cyber security awareness. A comprehensive IT security awareness of all employees is essential for a sustainable security strategy in the company.
What are the effects of cyber attacks?
Cyberattacks can be diverse, and almost every company is at risk. In the following section, we present two examples of what can happen when companies become victims of cyberattacks.
In 2020, during the COVID-19 pandemic, a spear-phishing attack targeted a task force of the German government. The attackers sent emails to the task force members that appeared to be from trustworthy sources such as government agencies or health organizations and contained links to malicious websites or attachments. The attackers used the information obtained through the spear-phishing attack to gain unauthorized access to the task force's network and steal sensitive data. The German government reported that the attack was likely carried out by a foreign state actor, although no specific group was publicly identified. The attack highlights the increased risk of cyberattacks during times of crisis and shows how important it is to raise awareness and train individuals and organizations in cybersecurity.
A more recent example occurred on the night of November 7th to 8th, 2021, when Media Markt and Saturn became victims of a cyber attack. The attackers were able to attack the servers of MediaMarktSaturn-Holding with an encryption trojan and demand a ransom of 50 million US dollars. According to media reports, the ransomware “Hive” was used for this attack. Although the markets remained open, the consequences were immense: only cash sales were possible, ordering or pickup of goods was no longer possible, the inventory management systems were affected, and the return of goods was only possible in person at the respective market.
We present you with a sustainable and lasting solution to protect your company from cyber attacks. With our Cyber Security Awareness offering, we enable you and your employees to raise awareness for IT security comprehensively. In three phases, we ensure that:
95% of cybersecurity issues are unintentionally caused by human error!
"World Economic Forum: THe Global Risks Report 2022"
Cybercriminals use psychological tricks to deceive employees, such as: time pressure, routine, file sharing, curiosity, authority, helpfulness, and fear.
IT infrastructures and systems must be comprehensively protected to keep sensitive business data safe from cyber attacks.
There is a constant upgrade of technical protection measures in the IT security field, which can explain the simultaneous increase of social engineering attacks worldwide. As described in the Medialine newsletter, only 17% of cyber attacks contained a social engineering component ten years ago. Today, the overwhelming majority of cyber attacks are prepared by social engineering. Attempts are made to influence people by asking them to be helpful or to do imprudent things under time pressure in order to obtain security-related, sensitive and relevant company data.
The employees of a company are chosen as the alleged weakest link in the IT security concept of companies and the cyber attack is prepared and launched through them. It is therefore not surprising that unaware and unconsciously negligent employees are one of the main reasons for corporate information loss. With the Medialine Cyber Security Awareness Process, you not only increase your employees' awareness of social engineering and many other cyber security issues, but also embed a sustainable security strategy in your organization.
The process sustainably increases security awareness and helps to implement security guidelines in your organization. It is essential not to see employees as a risk, but as part of your company's IT security concept. We teach your employees how to consider, apply and implement the basic content of various IT security topics. Cyber security awareness is a process, and attention must be drawn to the topic in order to achieve a high level of awareness among employees. Only in this way can security risks in the company be sustainably reduced.
We would like to outline our complete Cyber Security Awareness process, which contributes sustainably to the security of your company. Our Cyber Security Awareness process begins with an assessment of the current state of "Cyber Security Awareness" in your company. After that, we recommend workshops to help raise the initial awareness of all employees. Different methods can be used to raise awareness. For example, a keynote speech for executives and managers can create attention at the top of the company, helping to sustainably strengthen the awareness of employees. Additionally, online courses or in-person workshops can be used to provide employees with specific knowledge about cyber security. Afterwards, our security experts develop a concept for further measures to be taken.
In the following, we would like to present a selection of services within our Cyber Security Awareness Process. Within our Cyber Security Awareness Process, we offer different services, which are divided into monthly recurring services and one-time services. Below, we would like to present an overview selection of the services. You can find all services in our data sheet for downloading.
With our recurring monthly or one-time services, you will receive IT security awareness training for all your employees. IT security awareness training is an important measure to improve IT security in companies and organizations. Such training should make employees aware of the importance of IT security and help them recognize and minimize security-related risks. Through IT security awareness training, employees become an important component in the company's IT security strategy. They can help minimize security risks and protect sensitive data. However, regular refreshers of IT security awareness training content and continuous monitoring of IT security are equally important to maintain a high level of security. Therefore, we recommend our recurring monthly services!
Fully secured
The Security Awareness Suite provides comprehensive security awareness training for your employees. Various automations in the form of the awareness engine and the spear phishing engine are used to control the training. In this way, employees are trained as needed to reliably recognize and effectively ward off cyber attacks - without administrators or CISOs having to familiarize themselves with the underlying psychology and didactics. The basis of the awareness training is a patented procedure for measuring the security behavior of all groups and users participating in the security awareness training. Based on the measured security behavior, the scientific key performance indicator Employee Security Index (ESI®) and the training KPI are calculated. The levels of spear phishing emails are based on standardized classifications: the higher the level, the higher the attacker's time investment. Like real attackers, they use potentially malicious links, fake login pages, macros, and encrypted file attachments. Spear phishing e-mails are sent at different levels of difficulty, in which, among other things, high-quality spear phishing is implemented with the simulation of fake internal e-mail traffic:
More information can be found in the data sheet.
This module combines the two monthly services offered by Network Box. Customers receive 2 phishing campaigns and corresponding reports that show the overall results, weaknesses, and strengths of the participants, so they have a clear overview of next steps after completion. Participants are also trained through eLearning, take exams and receive participant certificates upon success. The eLearning module trains your employees interactively in the areas of Clear Desk, password management, safe surfing, phishing and 2-factor authentication. You also get free access to the "NB Detector" browser plugin, which warns of fake websites.
With this phishing attack simulator, your employees become the human firewall of your company. Sophos Phish Threat simulates various phishing attacks to quickly identify and address weaknesses within your organization. Through practical training, participants are educated about the dangers of phishing and trained in prevention. Training content includes:
The anti-phishing training is integrated into the cloud-based security console Sophos Central. If you have access to the console, you can activate the Phish Threat training without installing hardware or software. Sophos Anti-Phish Threat Training is the only solution on the market that offers IT security for email, endpoint, and mobile, in addition to phishing simulation and user training.
Video:
For more information, see the datasheet.
You will receive an IT security situation report from us. We will discuss national and international cyber incidents, report on the attackers' actions, and clarify the damages incurred. We will tell you about classical security techniques, challenges, and to-do's for management, and discuss the IT security status of your company. In the end, we will provide you with action recommendations based on the previous dialog.
This module includes a workshop aimed at company management, IT managers, human resources and HR management, works/staff council, data protection officers, IT security officers, marketing and corporate communications in the company. The selection is determined by your company management. A checklist is used to determine the company's situation in terms of its information security awareness. We start with our keynote and then talk about an information strategy and operational security policies. Based on the results, we will provide you with a rough concept as a recommendation for action.
The employee awareness workshop is based on interactive knowledge transfer. We assess participants' knowledge level and exchange experiences together. We discuss various IT security topics such as email security, endpoint security, social engineering, and hackers' motives. We provide tips on how to defend against attacks and prevent IT outages. You can read all the components of our services in our datasheet.
You are unsure whether you want to receive a one-time service or a monthly recurring service. Our Medialine security experts will advise you, based on your requirements and needs, on the solution that is best suited for you. We help you to embed IT security and therefore Cyber Security Awareness in your corporate culture and make your company more sustainably secure against external attacks.
"Cybersecurity is a process. Workshops, training, and phishing email campaigns are different components that must be established in a company's process. Only when this process is completed and internalized can protection be proactively approached.” - Karsten Agten, TÜV-certified expert and Medialine Cyber-Security-Awareness-officer
The appointed officers support you in defining and implementing cybersecurity awareness as a process. We help you plan, organize, and conduct campaigns and training. Progress of the training and your employees is monitored and optimized through reports and management follow-ups, establishing a fear-free culture in reporting cyber attacks. The security service supports the conscious handling of cyber attack dangers. We also advise management, IT, and HR on IT security and the development and implementation of campaigns for your employees. Upon request, we participate in the recording and analysis of IT security incidents. With a Cybersecurity Awareness Officer, you can create a growing awareness of cybersecurity in your organization.
Would you recognize an attack? Take a look at some examples of how attackers try to persuade us to click on dangerous links.
Interested in Medialine AG's Cyber Security Awareness process?
Phishing is made up of the English words "password harvesting" and "fishing." Here, too, the ignorance and trustfulness of employees is exploited. Attackers see people as an entry point for attacks against private individuals, authorities, institutions, and companies. Employees mistakenly think they are communicating with trusted sources via email or fake websites. The goal of the social engineering type of phishing is to access the data and information of the victims or install malicious software.
BEC or CEO Fraud is a fraud method where attackers send emails filled with business content. The recipients are asked to perform actions that benefit the attackers and cause damage to the individuals or companies. Apparent senders are employees, managers, partners, service providers or customers. The unaware recipients disclose confidential company data, making BEC or CEO Fraud an online threat with great potential for financial damage.
Unlike regular phishing which aims to reach as many recipients as possible, spear-phishing is a form of phishing that targets specific people or companies. In spear phishing, personalized messages or emails are sent to the target, often containing confidential information about the person to gain their trust and trick them into clicking a link or opening an attachment containing malware.
Vishing is a form of social engineering where attackers make phone contact with their targets to gather confidential information or access protected systems. Unlike phishing where attackers communicate through email or text messages, vishing uses phone communication. The attackers pose as employees of banks, government agencies, other reputable institutions, or IT personnel to gain the trust of the target and trick them into revealing personal data or accessing their accounts.
