{"id":12550,"date":"2022-08-15T15:42:11","date_gmt":"2022-08-15T13:42:11","guid":{"rendered":"https:\/\/blog.rwth-aachen.de\/itc\/?p=12550"},"modified":"2022-08-15T15:42:45","modified_gmt":"2022-08-15T13:42:45","slug":"cyber-security-awareness-training-2","status":"publish","type":"post","link":"https:\/\/blog.rwth-aachen.de\/itc\/en\/2022\/08\/15\/cyber-security-awareness-training-2\/","title":{"rendered":"Cyber-Security-Awareness-Training at RWTH &#8211; a Review"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_12550 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_12550')){$('.twoclick_social_bookmarks_post_12550').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blog.rwth-aachen.de\\\/itc\\\/en\\\/2022\\\/08\\\/15\\\/cyber-security-awareness-training-2\\\/\",\"post_id\":12550,\"post_title_referrer_track\":\"Cyber-Security-Awareness-Training+at+RWTH+%26%238211%3B+a+Review\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><div id=\"attachment_12551\" style=\"width: 310px\" class=\"wp-caption alignright\"><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/08\/cyber-security-gf19f89a47_1920.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-12551\" class=\"wp-image-12551 size-medium\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/08\/cyber-security-gf19f89a47_1920-300x180.jpg\" alt=\"Padlock in front of world map\" width=\"300\" height=\"180\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/08\/cyber-security-gf19f89a47_1920-300x180.jpg 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/08\/cyber-security-gf19f89a47_1920-1024x614.jpg 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/08\/cyber-security-gf19f89a47_1920-768x460.jpg 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/08\/cyber-security-gf19f89a47_1920-1536x921.jpg 1536w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2022\/08\/cyber-security-gf19f89a47_1920.jpg 1920w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-12551\" class=\"wp-caption-text\">Source: <a href=\"https:\/\/pixabay.com\/de\/photos\/internet-sicherheit-hacker-3194286\/\">Pixabay<\/a><\/p><\/div><\/p>\n<p>No more simulated phishing emails in your inbox? No more access to the eLearning program for employees of the RWTH? That can only mean one thing: the cyber security awareness training at RWTH Aachen University ended for the time being on May 09, 2022.<\/p>\n<p>Today we look back on the training and share the results with you.<!--more--><\/p>\n<h3><span style=\"color: #00549f;\">Cyber-Security at RWTH\u00a0<\/span><\/h3>\n<p>RWTH makes many efforts, whether in the central facilities or in the teaching and research institutions, to maintain an appropriate level of security. However, these technical and organizational measures can only be fully effective if employees also have the necessary awareness of the danger and know what contribution only they can make to prevent attacks on RWTH data or at least make them more difficult.<\/p>\n<p>In our article &#8220;<a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2022\/05\/16\/insider-bedrohung\/\">Insider Threat: The Threat from Within<\/a>&#8220;, we go into more detail about this and reveal what exactly insider threats are, how they can occur, and how they can be avoided. You will also learn what to do in the event of a data protection incident at RWTH and how to report it.<\/p>\n<h3><span style=\"color: #00549f;\">Phishing simulation at RWTH<\/span><\/h3>\n<p>Due to the increasing number of cyber attacks, which are also directed more and more frequently against universities and other institutions, RWTH conducted an internal phishing simulation from December 06, 2021 to May 09, 2022 with the help of the security company SoSafe GmbH to increase <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2021\/11\/17\/it-security-awareness\/\">cyber security awareness<\/a>.<\/p>\n<p>As part of this phishing simulation, all RWTH employees and students received emails spread out over this period that simulated possible phishing attacks on our university. The emails we sent served as training to identify dangerous emails by certain characteristics and to create awareness to become aware of the threat.<\/p>\n<p>Here you can check again which simulated phishing emails we sent to you:<\/p>\n<ul>\n<li>\u201eBuchung der Lernr\u00e4ume\u201c<\/li>\n<li>\u201eMicrosoft: Bitte authentifizieren Sie Ihr Konto\u201c<\/li>\n<li>\u201eVideo: Bist Du das??\u201c<\/li>\n<li>\u201eIhr Beitrag zum RWTH-Jubil\u00e4um\u201c<\/li>\n<li>\u201eSicherheitshinweis: Neuer Evakuierungsplan\u201c<\/li>\n<li>\u201eFw: Bund plant grundlegende Bildungsreform\u201c<\/li>\n<li>\u201eVerfahren gegen Mitarbeiter bei RWTH eingeleitet. Zeugen gesucht!\u201c<\/li>\n<li>\u201eDringend: E-Mail-Kontingent aufgebraucht\u201c<\/li>\n<li>\u201eWettbewerb: Das sicherste Passwort\u201c<\/li>\n<li>\u201eAnmeldeinformation zum Training\u201c<\/li>\n<li>\u201cRWTH Service Update am 16. Februar 2022\u201d<\/li>\n<li>\u201eSie haben einen verpassten Anruf\u201c<\/li>\n<li>\u201ePaket mit hoher Priorit\u00e4t: Verfolgen Sie es jetzt!\u201c<\/li>\n<li>\u201e[Jobtickets und Parkausweise] Erstattungen nach der Pandemie\u201c<\/li>\n<li>\u201e[Semesterticket] Jetzt in der gesamten Euregio\u201c<\/li>\n<li>\u201eUpdate VPN-Client 5.7.3\u201c<\/li>\n<li>\u201eOutlook 2023 vor der T\u00fcr\u201c<\/li>\n<\/ul>\n<p>Neither the RWTH as the client nor the external service provider could see at any time how you personally clicked or behaved. The RWTH only received an anonymous, summarized evaluation of the click rates.<\/p>\n<h3><span style=\"color: #00549f;\">Phishing simulation in figures<\/span><\/h3>\n<p><u>Initial phase (06.12. &#8211; 17.12.2021)<\/u><\/p>\n<p>During the initial phase, more than 160,000 simulated phishing emails were sent to the nearly 60,000 students and employees of RWTH. In 20.8% of the cases, one of the phishing elements such as a link, image or attachment was clicked on.<\/p>\n<p>It is noticeable that over 40% of the emails were opened on a mobile device (smartphone or tablet). On these devices in particular, the default settings of the email apps are often set so that images are automatically reloaded. This makes it more difficult to identify what kind of link is hidden behind it and which page is thus opened.<\/p>\n<p><u>Follow-up phase (03.01. &#8211; 09.05.2022)<\/u><\/p>\n<p>In the follow-up phase, a total of over 270,000 of these simulated emails were sent. The frequency was already significantly reduced: While in the initial phase (= two weeks) three emails were sent per RWTH member, during the follow-up phase (= 4 months) an average of one email per month was sent. However, the sending was randomized this time as well.<\/p>\n<p>During this phase, a phishing element was clicked on in 16.7% of the cases &#8211; and thus 4.1% less than in the first phase. In parallel, 8.5% fewer emails were also opened on a smartphone or tablet (31.5% in total).<\/p>\n<p><u>Support requests (06.12.2021 &#8211; 09.05.2022)<\/u><\/p>\n<p>In this context, our support team has received more than 4,500 requests from you (including content and technical questions, feedback, forwarding of the suspicious emails) via chat, email or phone call during the entire period.<\/p>\n<h3><span style=\"color: #00549f;\">Your feedback on the phishing simulation<\/span><\/h3>\n<p>During the training, we also received a lot of constructive feedback from you &#8211; whether about the frequency, the content or the lack of bilingual texts. However, the overall mood was positive &#x1f60a;<\/p>\n<p>We would also like to take this opportunity to thank you very much! Because only with your feedback can we optimize our service and take it into account for future campaigns and thus offer you added value in the end.<\/p>\n<h3><span style=\"color: #00549f;\">Accompanying e-learning offer for RWTH employees<\/span><\/h3>\n<p>In order to deepen the knowledge around the topic of cyber security and phishing, RWTH employees were provided with a parallel e-learning offer from 25.10.2021 to 09.05.2022.<\/p>\n<p>Overall, 13% of eligible RWTH participants took advantage of the offer and successfully completed the hands-on and interactive learning modules with an average score of 91 out of 100.<\/p>\n<p>Again, at no time did RWTH have knowledge of who completed the learning modules and with what results.<\/p>\n<h3><span style=\"color: #00549f;\"><strong>Conclusion<\/strong><\/span><\/h3>\n<p>Such actions as the cyber security awareness training and your support lead to a reduction of the risk of cyber attacks. We are convinced that it will be more difficult for real cyber attackers to plant malware or steal passwords at RWTH in the future.<\/p>\n<p>Want to learn more about IT security and phishing? You can find all our blog posts on this topic under the tag <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/tag\/it-sicherheit\/\">IT-Security<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<p>Responsible for the content of this article is <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/IT-Center\/IT-Center\/Team\/~epvp\/Mitarbeiter-CAMPUS-\/?allou=1&amp;gguid=0x178A69B715E4B24AB87DCFA4BC438FD7&amp;lidx=1\">Nicole Kaminski<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Sorry, this entry is only available in Deutsch.<\/p>\n","protected":false},"author":1859,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"c2c_always_allow_admin_comments":false,"footnotes":""},"categories":[305],"tags":[609,61,70,610,149],"class_list":["post-12550","post","type-post","status-publish","format-standard","hentry","category-themen","tag-cyber-security","tag-it-sicherheit","tag-phishing","tag-phishing-simulation","tag-safetyfirst"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/12550","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/users\/1859"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/comments?post=12550"}],"version-history":[{"count":4,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/12550\/revisions"}],"predecessor-version":[{"id":12555,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/12550\/revisions\/12555"}],"wp:attachment":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media?parent=12550"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/categories?post=12550"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/tags?post=12550"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}