Sababa Awareness Program is a platform that, with an integrated approach, aims to improve the level of awareness of end users in the field of IT security. The human factor is still today in fact the vector used by IT crime to infiltrate organizations. Usually with offensive strategies that become more and more sophisticated. It is precisely the users, with different backgrounds, roles and influences within companies who carry out and face different activities and situations in their daily working life. At the same time, with their inappropriate behavior, they unknowingly open the door to attackers.
Attacks grown exponentially
According to what emerged from the Clusit 2023 Report, Italy had a significant increase in successful cyber-attacks in 2022, reaching 7.6% of global attacks (against 3.4% in 2021). And, in the last 5 years alone, the situation has worsened significantly. In fact, comparing the numbers of 2018 with those of 2022, the growth rate of detected attacks was 60%.
The level of attention
General cybersecurity skills and knowledge of specific security topics relevant to each area of expertise help employees to to acquire a safer and more aware “digital behaviour” at work. Cybercriminals also exploit the emotionality of users who, under pressure from urgency, hierarchy and requests for help, lower the level of attention. This induces them to carry out actions that are dangerous for corporate security.
Improve awareness
The programme, which can be customized according to the customer’s needs, is developed through integrated and recurring training and verification of the level achieved. All done with constant training content updated both in terms of topics and format, in order to maintain a high level of user interest and engagement. The program provides content in various standard or customizable languages (including Italy), the distribution of phishing campaigns to verify the level of attention and awareness and differentiated training by company function and objectives, both in terms of content and methods of delivery.
Actively involve users
Andrea Ghislandi, Chief Business Officer di Sababa Security
Our primary goal, as a company that deals with cybersecurity, is to prevent cyber risks and attacks that could compromise the security of companies. To do this, we decided to create a training program managed by the integrated approach and divided into different phases. So as to actively involve users and, at the same time, inform them about the increasingly widespread risks of cyber attacks.
How the project is structured
Sababa Awareness provides training that is divided into 5 phases. We start from the Blind Campaign which allows us to understand the level of knowledge of the entire company organization through a collection of information. These are necessary the definition of the environment, the understanding of the perimeter, the activation of the e-learning platform and the relationship with the interlocutors within the company involved in the development of the programme. The second phase is the Training Program, to define an integrated training plan based on the results highlighted by the Blind Campaign. Once approved, the plan takes place over a period of at least 12 months and leverages various training and testing methodologies to quickly improve user awareness.
Improve cybersecurity awareness
The third phase, Reporter, is the activation of a plugin to measure the effective ability of company personnel to identify phishing campaigns. And then to report them to the structure in charge of the analysis and intervention. The fourth phase is divided into two sub-phases, Targeted Campaign and Mixed Training. In the first place, it is responsible for delivering customized campaigns based on the customer’s needs and what was established in the planning phase.
Therefore to share training content – differentiated by maturity level, departments and corporate role – which are linked to a test aimed at verifying the effectiveness of the training moment. Finally, the last phase Program Review, which includes an analysis quarterly of the program results. Necessary to analyze the progress of the activities, share them with the customer and possibly apply corrective actions on the basis of the objectives established in the general plan.