In today’s world of advanced persistent threats and government sponsored attack, we observe that cybercrime, financial frauds and social engineering attacks have blended together into such a malicious force that it may even completely destroy our trust in technology.
All of these attacks rely strongly on exploiting this very trust factor. The trust that we place in our people, processes, and infrastructure. One of the strongest deterrents against such attacks is to constantly drill the message of information security through the rank and file of your organization. These initiatives must be multi-pronged, creative, tuned to your culture, and measures on a periodic basis for their effectiveness.
Key benefits of NII’s Security Awareness Program
Over the years, we have evolved a comprehensive offering on security awareness. The main benefits of this program are:
- Helps you to enhance user resilience to new-age threats such as Advanced Persistent Threats (APTs), threats around BYOD policy implementation and social engineering attacks.
- Ensures that the IT and security teams are aware of the latest developments in information security
- Provides an easy to understand content which engages in unique and interesting ways with different stakeholder groups
Elements of the Program
We work with your various teams to determine which of our program elements shall work best and in what order.
These graphic signs attract the user’s attention even if they are casually passing by. We constantly update the content of our posters with the most recent security attacks and safeguards. Typical topics include password security, acceptable usage of office, laptop protection etc.
We periodically roll out security newsletters that drive the importance of information security at all user levels. We keep our content precise with extensive usage of info-graphics.
We design security awareness related screensavers customised for your organization and pushed via the Active Directory Group Policy. These screensavers combine humour, creativity and technical insights in order to highlight security policies and organizational risks.
Our creative content development partners take our inputs to write scripts for explaining security fundamentals to your people. They specialize in creating storyboards and animated storylines for easy grasping of security concepts even to non-technical persons.
Spear Phishing Campaigns
We engage in planned spear-phishing campaigns tempting your users to click on those links, and urging them to disclose their credentials by visiting on crafted phished sites.
Important takeaways from spear-phishing campaign are:
- Percentage of users who fell for the first stage of the attack (typically, this is where the user discloses his/her password)
- Demographic analysis by location, department, level of user
- Browser’s user-agent analysis
- Users who would have fallen for an APT-style attack if it were to happen (this is where the user downloads a non-malicious but compromised file)
Social Engineering Exercises
We also carry our various social engineering exercises to help the organisations assess how susceptible they are from cleverly crafted social engineering attacks.
Important takeaways from these exercises are:
- Identifying loopholes in physical security and help address them
- Identifying user susceptibility to impersonation of authority
- Checking the effect after running the security awareness campaign
Conducting Workshops with Internal Security Team
After the preliminary discussion with your security teams, we understand their current set of challenges and then brainstorm with them by discussing our solution and ideas. The outcomes from these discussions prove very insightful for both sides.
Senior Management Engagements
Our senior consultants hold specialized sessions with senior management to increase their sensitivity towards information security. Accordingly, they help them to plan and take strategic risk-aware business decisions on security investments and the benefits they cause to the business.
There are numerous other benefits such as:
- Creation of Formal Program Schedule
- Monitoring post implementation process
- Content Development Workflow
- Offering Learning through E-Learning Portals
Additionally, NII’s training arm Institute of Information Security (IIS) offers specialized trainings for your various technical teams. We offer specialized trainings for both IT and security teams for greater emphasis on developing and enhancing the security practices in your organization.