RESILIA® Frontline Case Study: A Financial Services Perspective

The banking and personal savings sector is a prime target for hackers. That is no surprise: as one notorious criminal replied when asked why he robbed banks, “Because that’s where the money is.” Cyber criminals are constantly refining their attacks on both financial institutions and their customers. They use social engineering to phish for people too distracted to notice, or not aware of good security behaviours, on both sides of the fence: the people who work for financial organizations and their customers.

As 90 per cent of successful cyber attacks succeed because of human error, it is clear where the frontline in the battle against the hackers is: people. This is the reason why a leading brand in the UK financial services marketplace turned to RESILIA® (from AXELOS, the leader in global best practice) and Unicorn training. They were looking for a solution that would help their people become their greatest defence against cyber attacks.

As their Chief Executive put it, "We take our commitment to securing ‘other people’s money’ very seriously. As an organization, we are always looking to improve how we do things, especially when it comes to security. We need to make sure that we move with the threats we face and provide all our colleagues with simple and practical guidance that is relevant to their role and enables them to better protect our business."

The commitment to protecting their customers’ interests is clear, and the leadership team understands that the frontline against cyber attacks is not technology, but people. The Chief Executive continues, “We use multiple techniques to help our people identify and avoid getting caught out by phishing and other attacks. The wider board are very supportive of cyber awareness initiatives and we are committed to a high level of engagement with staff to ensure that they actively engage with and complete all training modules.”

The organization makes it clear to every member of staff that it is their everyday actions that represent the first line of defence against attack. The data that is collected, stored and used is, by definition, sensitive and therefore of real value to cyber criminals. Customers and stakeholders must be confident that their data and money will be protected.

And these internal values emphasize a human touch. And it applies to all staff engagement, especially training. “We are constantly communicating with our staff on all aspects of security,” says the organization’s Risk Director. “It enables us to be consistent across all our functions and to be compliant with the requirement of regulators and auditors.”

Adding RESILIA Frontline staff awareness learning to bolster the other techniques used to raise awareness of cyber security internally, while inculcating best practice and resilient behaviours, was an important move for the organization.

"We utilize a range of learning methods to get these critical messages across,” says the organization’s Risk Director, “and the inclusion of RESILIA Frontline was an important addition to our suite of training materials, which spans from communications via our intranet to our induction programme."

All of the staff were initially sent an email informing them of the new approach to cyber security awareness training using RESILIA Frontline. Then, after the initial email, all subsequent internal communications were supported by regular messages posted on the organization’s intranet. The rollout of RESILIA Frontline forms an integral part of the organization’s broader cyber security awareness programme, and regular awareness sessions are conducted as part of an ongoing campaign-based approach to cyber security awareness.

The adoption and response to the training has been enthusiastic across the organization. "We’d been running modules on the subject before, but RESILIA Frontline helped reinforce these vital messages. The videos have been especially appreciated as a visual aid," added the Chief Executive.

RESILIA Frontline has been designed to be comprehensive and engaging, delivering vital messages which cover the full spectrum of cyber risk from phishing, social engineering and online safety through to password safety, BYOD, information handling and remote working. All modules can be accessed and completed on desktop, tablet and mobile devices. The modules are focused on engaging people to adapt and sustain their resilient behaviours.

That is what attracted this leading financial services organization to RESILIA Frontline; it is completely aligned with their people-centred values. The range of formats and combination of best practice guidance with innovative, short, relevant learning modules delivers effective cyber security awareness training to all staff, regardless of their roles or responsibilities.

And it works. “We have seen a reduction in the number of colleagues being caught out by our phishing tests,” their Risk Director added. “The human frontline is more resilient and RESILIA Frontline will continue to be part of our efforts to ensure that that resilience keeps pace with the evolving threats we all face, helping to make our people a strong defence against cyber attacks.”

AXELOS is a joint venture between HM Government in the United Kingdom and Capita plc, a leading FTSE organization. AXELOS was formed to develop and promote a global portfolio of best practice solutions and qualifications.

The AXELOS Global Best Practice portfolio includes the PRINCE2® and ITIL® methodologies, certification and training which are used by project management and IT professionals around the world.

Thousands of varied and successful organizations around the world now use AXELOS Global Best Practice including NASA, The Walt Disney Company, UNOPS, HP, Microsoft, P&G and the Australian Government.

RESILIA

RESILIA is a cyber resilience best practice portfolio that includes online cyber security awareness training, certified training, executive development and publications designed to help organizations put people at the centre of their cyber resilience strategy, prevention and response.

In 2015, AXELOS launched the RESILIA Portfolio designed to address the growing need to adopt Best Practice in cyber security to counter the relentless threats to organizations and their most valuable and precious information and systems.

Unicorn is an industry-leading provider of digital learning, and has worked in partnership with AXELOS Global Best Practice to produce and support the RESILIA Cyber Awareness portfolio.

With more than 30 years’ experience delivering learning solutions to the financial services and associated markets, Unicorn has built a strong reputation as a leading provider of governance, risk and compliance training – underpinned by their globally-recognised award-winning Learning Management System (LMS).

Thousands of organizations globally benefit from Unicorn’s learning solutions.  Find out more about Unicorn Training at unicorntraining.com

AXELOS®, the AXELOS swirl logo®, ITIL®, PRINCE2®, PRINCE2 Agile®, MSP®, M_o_R®, P3M3®, P3O®, MoP®, MoV® and RESILIA® are registered trade marks of AXELOS Limited. All rights reserved.
Copyright © AXELOS Limited 2018.

Cover image is copyright Getty/scott baldock

Reuse of any content in this Case Study is permitted solely in accordance with the permission terms at https://www.axelos.com/policies/legal/permitted-use-of-white-papers-and-case-studies

A copy of these terms can be provided on application to AXELOS at [email protected]

Our Case Study series should not be taken as constituting advice of any sort and no liability is accepted for any loss resulting from or use of or reliance on its content. While every effort is made to ensure the accuracy and reliability of information, AXELOS cannot accept responsibility for errors, omissions or inaccuracies. Content, diagrams, logos, and jackets are correct at time of going to press but may be subject to change without notice.

Sourced and published on www.AXELOS.com