Case Study Burckhardt Compression
Burckhardt Compression is a Swiss company specializing in the development, manufacturing, and servicing of reciprocating compressors, primarily for industrial gas applications. Founded in 1844, the company is headquartered in Winterthur, Switzerland, and has grown to become a global leader in compression solutions, serving industries such as oil and gas, chemical processing, petrochemicals, and industrial gas production. They have over 3000 employees worldwide.
The situation before baseVISION:Rising Phishing Threats and Awareness Challenges at Burckhardt Compression
Given that over 90% of all attacks start with phishing, raising awareness among employees was crucial but challenging due to the company’s size. Operating in over 80 countries, different languages Burckhardt Compression is a significant target for cyber criminals. To address this growing threat, they reached out to us with the goal of enhancing their employees’ awareness of phishing.
The Vision – Cultivating Cybersecurity Awareness Through Targeted Campaigns
- Raise awareness for cyber attacks throughout the company.
- Provide employees with the knowledge and tools how to spot and react to phishing.
- Familiarizing employees with how phishing is evolving and new methods attackers are using.
- Ensuring that everyone is informed and able to recognize phishing attempts.
Given the challenges and goals outlined, Burckhardt Compression recognized that partnering with baseVISON for their “Phishing Prevention Campaigns” was the right decision. The complexity of managing cybersecurity across a global workforce, with employees speaking 10 different languages and operating in over 80 countries, required a comprehensive and tailored approach. baseVISIONS expertise in creating targeted phishing prevention strategies, including language-specific content and detailed reporting, aligned perfectly with Burckhardt Compression’s needs.
From the beginning, the goal has been not to entice as many employees as possible with a deceptive link, but to ensure that everyone is informed and able to recognize phishing attempts. Together we focused on fostering a learning environment where knowledge is shared without blame, empowering our team to stay one step ahead of potential security breaches.
The Solution – Awareness Campaigns
To address the cybersecurity challenges faced by Burckhardt Compression, a detailed and strategic roadmap was developed in collaboration with baseVISON. This roadmap outlines the key steps and milestones necessary to implement the “Phishing Prevention Campaigns” effectively.
Kick-off Meeting
It all started with a kick-off meeting. During this meeting, we determined which users would receive the email (scope), what content the email would include in which language (payload), and the start and end dates of the campaign.
Creation of Phishing Mail
To create customized content for phishing emails, baseVISION used publicly available information about the company. This approach mirrored the tactics used by attackers, making the training more realistic and effective. baseVISION used templates, in over 10 languages, to address the different languages spoken in the company. Understanding the evolving nature of cyber threats, baseVISION developed campaigns based on new technologies being exploited by attackers. For example, they addressed OAuth abuse, where users receive emails asking for permission to run a malicious application. This proactive approach helped employees stay ahead of emerging threats.
Campaign
The campaign was run for one month. Until the last day of the campaign, users could click on the phishing link and automatically receive the appropriate training. baseVISION automated the delivery of selected training sessions to users in their native language, ensuring that all employees, regardless of their location, received the necessary training to recognize and respond to phishing attempts.
Reporting & new campaigns
Once the campaign concluded, we began the reporting process and analyzed the data. Interpreting the results was crucial. During the reporting meeting, we discussed the outcomes of the current campaign to enhance awareness and plan the next campaign. This meeting allowed us to identify trends, compare campaigns, and discuss current news in the field of phishing. Repetition was essential to maintain and increase awareness, which is why we emphasized the importance of ongoing campaigns.
We went through this process five times with Burckhardt Compression, and the next three campaigns were already in the planning stages.
Result of an ongoing awareness campaign
We are pleased to observe a decrease in the number of clicked phishing links and entered credentials, alongside an increase in reported phishing emails. Users who clicked on a phishing link and received training did not fall for subsequent campaigns, demonstrating the effectiveness of the training.
Summary
Burckhardt Compression partnered with baseVISION to tackle their cybersecurity challenges through tailored phishing prevention campaigns. These campaigns targeted employees in their native languages, provided training on recognizing phishing attempts, and included discussions on recent cybersecurity trends. The results were impressive, with a significant decrease in clicked phishing links and entered credentials, and an increase in reported phishing emails. The ongoing collaboration and repeated campaigns have proven essential in maintaining and enhancing employee awareness and vigilance against phishing threats.