Cyber security training

The purpose of the training is to introduce different cyber-attack methods. By knowing these an organization can prevent serious threats, such as taking over an e-mail address, stealing personal data and trade secrets, or even taking control of the entire organization's infrastructure and business.
 

 Fraudulent e-mails (phishing/spoofing)

The e-mail implies that it comes from an important person in the company
The e-mail implies that there is a problem with the user’s account, and in order to solve it they should log into the account

 Password attacks

Password spray
Password dictionary attack
Most used passwords
Password recommendations
Password leaks, haveibeenpwned
Fake e-mail examples

 Spyware and adware

Various software programs that collect information from the user’s computer, monitor the activity of the user, and log everything that is written (e.g., passwords). Annoying ads that, when clicked on, take to a fraudulent page.

 Public Wi-Fi without password

As strange computers can connect to a public Wi-Fi accessible without password, that may be used for malicious purposes.
A hacker creates a Wi-Fi with the name of a company. A user connects to the Wi-Fi in good faith, but the network redirects the user to a fake network.

 Spam

Product or service ad/newsletter  
Malicious e-mails  

 Social Engineering

Art of manipulating people to give access to a hacker voluntarily.  
Thereby, advantage is taken of the person’s:  
   laziness  
   lack of attention  
   excessive trust (someone pretends to be an IT person)  
   enthusiasm (they promise X if you do Y NOW)  
   sincere wish to help  
  trust (they believe they are following the order of a superior)  
Old, discarded equipment that have not been cleaned up – contain data and accesses.  
Listening or observing the entry of password.  

Security solutions

PIN instead of password
Multi-factor authentication (MFA)
Passwordless login
Bitlocker
Microsoft Defender for Office365 instead of ATP


Time of training: agreed with the customer
Trainer: Tarmo Kumar/ Maido Juss
Duration of training:
2 hours
Place of training: online
Number of participants: up to 20 people in one group or as agreed with the customer
Investment: €600 + VAT

Cyber-attack simulation

Before the cyber security training, we recommend going through a cyber attack
simulation. The attack simulation enables to start realistic attack scenarios that enable to identify and find vulnerable users before an actual attack impacts the whole organisation.

The simulation tests the security measures with the help of various user-aimed techniques,
including:

  • Getting identification information: the attacker sends a message including a URL directing users to a website (often a well-known brand). The goal is to steal sensitive information.
     
  • Malware attachment: the attacker sends the recipient a message with an attachment that, once opened, executes a random code on the user’s device, so that the attacker can dig even deeper in the company network.
     
  • Attached link: a hybrid message where the attacker sends an e-mail with a URL attached.
     
  • Malware link: the attacker sends a message containing a link to a file sharing site known by the user (e.g., SharePoint Online or Dropbox). Clicking on the link releases a random code that enables the attacker to infiltrate into the network of the company.
     
  • Drive-by-URL: the attacker sends a message containing a URL that, once clicked, takes to a web page that in turn attempts to execute a background code to collect information about the recipient or launch a random malicious code in their device.

A prerequisite of the simulation is existing license of Microsoft Defender for Office 365 (Plan2).
It is possible to acquire one just for the simulation period, which is 1 month. 
During the simulation, relevant settings are done in the Microsoft 365 environment, and the simulation is run for 1 month, after which a report is created.

Investments: 

Microsoft Defender for Office 365 (Plan2): €5 per user for 1 month
Setup of service and report of results: €600

Download product sheet