Efficiently Training Large Enterprises In Constant Flux: VRT
As a large, dynamic company, VRT needed a scalable solution to train its employees thoroughly in cybersecurity topics. The flexibility of Phished also makes it possible to efficiently train temporary employees and 'guest employees'.
Despite the many people who enter the VRT buildings every day and connect their devices to the VRT network, the broadcasting corporation has never been the victim of a large-scale hack or data leak. "Of course, we did have to deal with minor phishing attempts and the like, resulting in small-scale incidents," says Wim Wauterickx, CISO at VRT. "Of course, we cannot resign ourselves to this, and we want to further step up our efforts.”
When we set up tests ourselves, it is not easy to put a difficulty level on them. Everyone gets the same message and personalisation is almost impossible.
For an organisation with so many e-mail addresses, of which several are regularly closed and some newly added, it is important that the people behind these mailboxes are well trained in digital security. "The Phished platform supports us greatly in this," Wauterickx says. "New employees or mailboxes are automatically added to the platform, so we don't waste time and energy on that, and the chance for errors is nil.”
Previously, Wauterickx conducted an annual phishing prevention campaign. "Of course those were not dynamic tests. Such one-off tests take up a lot of time and energy, and after just a few days you lose a large part of the effect. Moreover, it was always a snapshot: a week later, a new colleague started and he or she missed the campaign. With Phished, we can provide continuous training that is tailor-made for everyone."
The varying degree of difficulty can also count on the approval of Wauterickx: "When we set up tests ourselves, it is not easy to put a degree of difficulty on them. Everyone gets the same message and personalisation is almost impossible. With Phished, that happens and we don't have to configure it ourselves; the platform does its job and adapts itself when necessary."
The media sector is a small pond, so at first glance it does not make sense for a hacker to target this industry. However, Wauterickx thinks otherwise: "Despite the fact that we broadcast a lot of our information or content, and thus make it public, we can be an interesting target for hackers who want to support their phishing campaigns with a credible source."
With this, Wauterickx refers to fake news, which has been on the rise in recent years. "Criminals who would have access to our platforms, have access to national information dissemination. Of course we could notice and stop major interventions, but imagine that they make subtle changes to articles, for example. Adjust a few figures to support their false stories. If something like that were to happen, it would certainly have a major impact on our reputation. Data integrity is very important."
Criminals who would have access to our platforms have access to national information dissemination
"The technological evolution towards the cloud is also occurring in the media sector." says Wauterickx. "The closed ecosystem in which this technology is only analogue and is located in our own data centres is behind us. This evolution requires more attention to keep the entire situation secure, in function of the risks present of course. Phishing prevention therefore plays a very big role for us."
As a public broadcaster, VRT plays an important role in Belgian society. It is a large employer for hundreds of people and at the same time it is responsible for a significant part of the information gathering in Flanders. In order to guarantee these information flows and keep them as reliable as possible, an extensive cybersecurity policy is needed - one in which phishing prevention plays an important role.
Through the automated operation of both the phishing simulations and the recipient base, Phished can contribute to relevant training for each employee, at their own pace. By training each employee individually, VRT can prevent a hack from having an impact on an entire society.