WIXLIB

Effective trainingfor employees.Ease of use formanagers.k-asap.comKaspersky ASAP:AutomatedSecurityAwarenessPlatform

Kaspersky ASAP: Automated SecurityAwareness PlatformMore than 80% of all cyber-incidents are caused by human error, with companies losing millionsrecovering from staff-related incidents. Yet the effectiveness of traditional training programs intendedto prevent these problems is limited, and frequently fail to inspire and stimulate the necessary behavior.Human error is the biggest cyberrisk 1,315,000per enterprise organizationThe average financial impact of databreaches caused by inappropriate ITresource use by employees* 132,000per SMBThe average financial impact of a databreach caused by physical loss of companyowned mobile devices exposing theorganization to risk*50%of businessesreported experiencing threats directlycaused by inappropriate staff behavior,making this the most common threat to ITsecurity*Barriers to launching an efficientsecurity awareness programWhile companies are eager to implement security awareness programs, many areunhappy with both the process and the results. Small and medium businesses, whichdon’t usually have the experience and resources needed, are particularly challengedin this area.Not efficientfor studentsAn administrativeburdenPerceived as difficult, boring,irrelevant drudgery.How to create a programand set goalsIt’s all about ‘don’t’ ratherthan about ‘how to’How to manage trainingassignmentsKnowledge is not retainedHow to control the progressReading and listening isn’tas effective as doingHow to fully engage peoplewith the training43%of small businessessuffered a security incident due to ITsecurity policies violation by employees*26%of employeessaid their personal email has the samepassword as their work account** *Report: Report “IT security economics 2021”, Kaspersky** g-work2

Efficiency and ease of trainingmanagement for organizationsof any sizeIntroducing the Automated Security Awareness Platform, which forms the core of theKaspersky Security Awareness training portfolio.The Platform is an online tool that builds strong, practical cyber-hygiene skills foremployees throughout the year. Launching and managing the Platform doesn’t requirespecial resources or arrangements, and it provides the organization with built-in help atevery step of the journey towards a safe corporate cyber-environment.How to evaluate an awareness programOne of the most important criteria when choosing an awareness program is itsefficiency. With ASAP, efficiency is built into the training content and management. Theplatform’s content is based on a competency model consisting of 300 practical andessential cybersecurity skills that all employees should have.Educate your employees about cybersecurity to change their attitude and behaviorand protect your business and IT systems.Efficient trainingConsistent– Well thought-out, structured content– Interactive lessons, constant reinforcement, tests, simulated phishing attacks toensure skills will be appliedTraining materials and their structure are arranged in accordance with the specifics ofhuman memory, our ability to absorb and retain information.Practical & engaging– Relevant to employees’ everyday working life– Skills that can be put to immediate useExamples from real life situations in which employees can recognize themselvescontribute to learner engagement while helping to retain information.Positive– Puts a proactive spin on safe behavior– Explains ‘why’ and ‘how to’ instead of the taboosToo many rules and restrictions can cause discontent, while explanations andconvictions aligned with the way people think naturally contribute to adoption andbehavior change.Easy managementEasy to manageFully automated learning management brings every employee up to the securityskills level appropriate to their risk profile without any intervention of the platformadministratorEasy to control“All-in-one” dashboard & actionable reportsEasy to engageInvitations and motivational emails as well as weekly student and administrators reportsare sent automatically by the Platform.3

ASAP management:simplicity through full automationStart your program in 4 simple stepsUploadusersDivide usersby risk profile & settarget levels foreach groupLaunchtrainingThis is the only step where theadministrator needs to think and makedecisionsAutomatedtrainingmanagementdone by ASAPThe platform builds an educationschedule for each group, based on paceand target level, and delivers actionablereporting and recommendationsBetter learning principlesKaspersky ASAP is changing the way we provide cybersecurity learning content. Nowyou can choose whether to assign employees a basic express course that will helpyou quickly meet regulatory requirements for cybersecurity training, or refresh theirknowledge, or opt for a full course broken down into complexity levelsExpress courseA short version of the training in audio-video format. Each of 6 major cybersecuritytopics contains several small lessons to help the user master basic cybersecurity skills.- Interactive theory- Videos- TestsSimulated phishing attacks are not included in the learning path, but can be assignedadditionally by the administrator as a phishing campaignSpecific learning paths for each risk profileUse automated rules to assign employees to a certain group based on their desirededucational target level. This target level depends on the risk their particular role posesto the company. The higher the risk, the higher the target education level should be, e.g.IT or accountants typically represent a higher risk than other workers.Flexible learning pathFlexible learning The scope of the training is completely flexible, while retaining the advantages ofsequential automated learning management For each training group you are able to select:- Main or express course or a combination of both- Topics to train in the main course and/or the express course which students in thegroup need to learn- The target level you want students to achieve for each selected topic in the maincourse.Actionable reports anytime Enjoy dashboards with all the information needed to control and manage statisticsummaries about company users, training slots, and group training, with the ability todrop down to the individual level Get suggestions on how to improve results Download reports from the main page in a single click, and configure the frequency ofreceiving reports by mailFreedom to performEmployees may study at any convenient time and from any device. Mobile-friendlydesign makes learning even more comfortable. Users can access the training portalusing personalized links from the training invite or use a single link for all users via SingleSign-On (SSO) technology4

ASAP main course methodologyContinuous incremental learningThe Ebbinghaus Forgetting curveRepeated reinforcement helps buildstrong skills. From the simple to the more complex, topic by topic and level by level: learningknowledge increases Expanding and applying previously acquired knowledge in new contextsMultimodal content100% Each level includes: Interactive lesson reinforcement assessment (test and simulatedphishing attack where applicable) All training elements support the particular skill being taught in each unit, so thatskills are truly mastered and become part of the new, desired behavior90%80%70%60%Interval learning50%40% The Ebbinghaus ‘forgetting curve’ – learning methodology based on the specifics ofhuman memory Repetition forms builds safe habits and prevents forgetting Reinforcement in each every module30%20%10%0%ObliterationRemembering after reinforcementTraining topicsEach topic comprises several levels,detailing specific security skills.Levels are defined according to thedegree of risk they help to eliminate:Level 1 is normally enough to protectfrom the easiest attacks and massattacks. To protect from the mostsophisticated and targeted attacks,the higher levels need be studied. Passwords & AccountsEmailWebsites and the InternetSocial media & MessengersPC SecurityMobile DevicesProtecting confidential dataGDPRIndustrial CybersecurityExample: Skills trained in “Websites and the Internet” topicBeginnerTo avoid mass(cheap and easy) attacksElementaryTo avoid mass attackson a specific profileIntermediateTo avoid well-preparedfocused attacksAdvanced*To avoid targetedattacks23 skills, including:34 skills, including:12 skills, including:13 skills, including:– Recognize fake pop-ups– Enter data only on siteswith a valid SSL certificate– Check sharing links beforesending– Use different passwordsfor different registrations– Use software only fromtrusted manufacturers fortorrents– Recognize sophisticatedfake links (including linkslooking like your companywebsites, links withredirects)– Download legal contentonly from torrents– Check sites using specialutilities– Recognize invalid networklink addresses by fakesubdomains– Clear browser cookiesregularly– Recognize if the browser ismining reinforcementof elementary skills reinforcementof the previous skills– Pay attention to redirects– Distinguish genuinedownload links from fakeones– Recognize executable filesfound on the web– Be able to determine theauthenticity of a browserextension– Recognize fake sites by anumber of signs– Avoid numeric links– Avoid black SEO sites reinforcementof the previous skillsKey subjects covered in the topic: Links, Downloads, Software installations, Sign-up & Login, Payments, SSL* Will be added during 20225

LanguagesThe Platform (both student’s and admininterface) are available in the followinglanguages: shHungarian paneseChinese(Mandarin)** are coming in 2022Example of the editable simulatedphishing template and feedbackWell-balanced, structured contentrelevant to real-life to ensure efficiencyLearning principles in ASAP are based on the methodology that takes into accountthe specifics of human nature, our ability to perceive and absorb information. Thecontent is full of real life examples and cases that highlight the personal importance ofcybersecurity for employees. The Platform focuses on training skills, not just providingknowledge, so practical exercises and employee-related tasks are at the core of eachmodule.Visual style and texts are not only translated into different languages, but are adjustedto reflect different cultures and local attitudes.Simulated phishing campaignsPhishing campaigns are an addition to the main training process that test employees’ practicalskills in avoiding phishing attacks. This will help the training manager identify gaps in userknowledge and encourage them to study topics they’re having trouble with.The platform comes with ready-made email templates containing phishing examples that canbe sent to platform users in all available languages. The set of available templates is regularlyupdated with new ones. You can also create custom emails based on predefined templates.Try a simulated phishing attack before you start the training - check your employees’resilience! It will help employees and management to see the benefits of training.6