Phishing Initial Audit increases the cybersecurity of international companies
One of the first companies to experience the benefits of the Phishing Initial Audit has been Breitenfeld Edelstahl AG. The audit has made it possible for the company to identify weak spots in security awareness and take appropriate measures to rectify them. Breitenfeld Edelstahl AG is a leading player in the steel industry that faces various problems associated with digitalised globalisation. Providing internet security and recognising IT vulnerabilities are among the most fundamental factors leading to the success or failure of a company.
The audit allowed Breitenfeld Edelstahl AG to visualise where shortcomings in security awareness knowledge existed and to implement corrective measures directly:
“Through the Phishing Initial Audit, we were finally able to measure the level of security awareness within our company easily. One meeting, and we were ready to go. Through the OSINT engine, we conducted very realistic spear phishing attacks and stimulated a lively exchange among staff on the topic of phishing. We were able to directly identify and influence an IT vulnerability live during the campaign,” said Simon Pucher, Head of Information Technology at Breitenfeld Edelstahl AG.
What is phishing?
Due to the ever-increasing nature of digitalisation, every company will sooner or later become a victim of a phishing attack. Fake emails, messages or even malicious websites are used to steal company data that can lead to total system paralysis (through so-called ransomware) or be used to gain access to other systems by using stolen company information (e.g. bank data, etc.).
What is the Phishing Initial Audit?
The Phishing Initial Audit creates targeted simulated attacks tailored to each company's requirements. Firstly, an action plan is drawn up and an interview is held, where decisions are made about which kind of phishing scenarios will be created. The Phishing Initial Audit software simulates these attacks via email, with the company can measure various KPIs, which are used to identify the threats. To simulate as realistic an attack as possible, various online sources where the company has a presence - such as social media - are analysed for information.
It is important not only to detect technical gaps and potential attacks but to also educate employees at every level about the potential dangers.
As recently as October 2021, the city of Witten (NRW) was paralysed by a cyberattack, with many municipal appointments and tasks having to be cancelled or rescheduled. It was suspected that malware had entered the network through an employee clicking on a phishing email.1
1 Hacker attack completely paralyses city of Witten - numerous services unavailable
Image source: Trainees at Breitenfeld Edelstahl AG | Copyright: Stefan Nadrag