The Background
Cybercrime has become an enormous threat to the German economy. Phishing and Spear-Phishing attacks rank right at the top of the attack statistics. Fraudsters exploit the “human factor” as the supposed weakest link in the security chain, for example, to steal confidential data.Â
Spear-Phishing attacks can have particularly serious consequences for companies in the highly regulated environment of the financial industry. One of them is Star Finanz, which was founded in 1997 and has been a wholly owned subsidiary of Finanz Informatik, the IT service provider of the Sparkassen Finance Group, since 2010. As a leading provider of multi-bank-capable online and mobile banking solutions in Germany, the company frequently deals with financial and transaction data of end customers and companies.
André Haase
Senior Security Architect – Star Finanz
The Challenge
To protect this sensitive customer data from Phishing and Spear-Phishing attacks, Star Finanz had already established an IT security strategy. In addition to technical security measures, such as spam, Phishing filters and firewalls, Security Awareness Training was provided to employees. These included monthly blog posts and meetings on acute awareness topics, in which all company departments participated. Each training session concluded with a knowledge exam.Â
“But it soon became clear that internal training was no longer sufficient to sustainably protect our company from increasingly sophisticated Spear-Phishing attacks,” reports AndrĂ© Haase, Senior Security Architect at Star Finanz. “So the security management decided to put the issue in professional hands.”
Â
The fact that IT-Seal was chosen is partly due to the full-service concept pursued by the leading provider of Security Awareness Training.Â
For this purpose, e-learnings, videos and classroom training are combined with practical Spear-Phishing-Simulations.Â
The Solution
Hands-On Spear-Phishing-Simulations
These Phishing-Simulations use real company and employee information to recreate authentic attacks.
If an employee falls for a simulated attack, they land directly on an interactive explanation page. There, he is shown what suspicious features the email contains: from letter misspellings in the address line to fake subdomains and dubious links.
“Spear-Phishing-Simulations are extremely effective because they use an employee’s ‘Most teachable Moment’ to make him aware of his misconduct,” emphasizes AndrĂ© Haase. “It is precisely then that this employee is particularly receptive and internalizes the new learned awareness in the long term.” Â
Employee Security Index (ESI®) measures Learning Success
The Star Finanz security managers were also convinced by the patented Employee Security Index (ESI®) from IT-Seal. It provides a metric for measuring employee security awareness and is derived from how employees respond to Phishing-Simulations of varying levels of difficulty. The ESI® enables Star Finanz to determine the individual learning progress of its employees at any time and to derive the targeted use for further training measures.
Since IT-Seal processes customer data exclusively in Germany, all training measures are compatible with the EU-GDPR. This is of key importance for a provider in the financial sector environment. In addition, by using IT-Seal’s recognized awareness measures, Star Finanz has set an important course for possible future ISO 27001 certification. Â
Successful Campaign Launch
In June 2021, the first Phishing-Simulations were launched. For this purpose, IT-Seal created and sent out hundreds of fully automated attacks in various levels of difficulty to the approximately 350 employees of Star Finanz. The staff had been prepared for the Phishing campaign in advance via blogposts and circular e-mails.
After the campaign was completed, IT-Seal released the first e-learning in the Security Hub to deepen the learning content. This is a learning platform to which all participants have their own access, in order to call up the training courses and view their learning progress. Star Finanz security officers have their own front end – the Awareness Manager – which they can use to access the anonymized campaign results. They are also provided with regular stakeholder and quarterly reports by IT-Seal. To date, several Spear-Phishing campaigns, e-learnings and face-to-face training sessions have been conducted. The respective thrust is determined by Star Finanz and IT-Seal at quarterly meeting dates. The basis is the ESI®, which is evaluated anonymously by IT-Seal for the entire workforce and for the individual areas.
“Together, we are constantly planning further optimizations in order to maintain and further improve the high level of security already achieved by our employees,” says security manager Haase, drawing up an initial interim balance. “Even today, we have decided to make the Awareness Training courses permanent training courses, as this is the only way to achieve a long-term effect, even with new employees.”
„Thanks to IT-Seal’s full-service, we were able to achieve significant learning progress without having to worry about managing and implementing the Security Awareness Trainings.
In order to achieve a long-term and sustainable effect, we decided to make the campaigns permanent.“
AndrĂ© Haase – Senior Security Architect – Star Finanz
Â
Conclusion
With the Security Awareness Trainings from IT-Seal, Star Finanz was able to significantly improve the Security Awareness of its employees for Spear-Phishing risks.
Innovative methods and tools are combined to a full-service offer, which is up to date with the latest attackers and relieves the internal security management.
“Without having to worry about managing and implementing the training, we were able to make significant learning progress,” emphasizes AndrĂ© Haase – and praises the familiar and friendly way of dealing with IT-Seal: “We have a great customer advisor and maintain a great, often daily, exchange on all the important issues of the campaign and on the planning and implementation of further measures.”
More Information
Security-Awareness-Trainings from IT-Seal:
Benefits at a glance
click here
Employee Security Index (ESI®) makes Security Awareness measurable
Use Spear-Phishing-Simulations for the "Most teachable Moment" of employees
Additional e-learnings, videos and classroom training
Campaigns always up to date on newest attacker schemes
Full-service offer relieves internal resources
Data-saving Awareness Training, EU-GDPR compliant
Recognized Security Awareness measure for ISO 27001
Use Spear-Phishing-Simulations for the "Most teachable Moment" of employees
Additional e-learnings, videos and classroom training
Campaigns always up to date on newest attacker schemes
Full-service offer relieves internal resources
Data-saving Awareness Training, EU-GDPR compliant
Recognized Security Awareness measure for ISO 27001
About
Star Finanz - Software Entwicklung und Vertriebs GmbH
click here
Star Finanz - Software Entwicklung und Vertriebs GmbH
Star Finanz, a Finanz Informatik company, is the leading provider of multi-bank online and mobile banking solutions in Germany. For twenty-five years, the company, headquartered in Hamburg and Hannover, with currently more than 350 employees, has played a decisive role in shaping online banking.
In the product business, Star Finanz offers StarMoney, StarMoney Deluxe and StarMoney Business, as well as SFirm, custom-fit banking programs for private and corporate customers. In the mobile sector, the company develops the Sparkasse app and other solutions.
www.starfinanz.de In the product business, Star Finanz offers StarMoney, StarMoney Deluxe and StarMoney Business, as well as SFirm, custom-fit banking programs for private and corporate customers. In the mobile sector, the company develops the Sparkasse app and other solutions.
Start your Customer Success Story today!
Get to know our Next-Gen Security Awareness Training at Hornetsecurity without obligation. Request your personal demo now for free and learn all about:
- Spear-Phishing-Simulation
- E-Learnings in the Security Hub
- Control Panel
