CASE STUDIES

Italiaonline, safety is learned

Overview

Italiaonline, resulting from the merger by incorporation with SEAT Pagine Gialle, is Italy’s largest internet company. Digital communications agency, web advertising concessionaire with more than 29 million unique users and four billion impressions per month, and email history – 9.4 million accounts managed with the Libero and Virgilio portals – it steadily occupies the top spots of Italy’s most visited portals.

The challenge

Cybersecurity is certainly an important element of Italiaonline’s business. So much so that Italiaonline has created an ad-hoc structure to develop a cyber strategy that integrates best practices on the model adopted by large companies. Cybersecurity awareness is one of them. The starting point, shared by management, is that technology alone is not enough to implement an effective cyber strategy.

The solution

Focus on the human component, the weakest link in the security chain by its very definition, which, if properly trained and given responsibility, can make all the difference, through 2 Cyber Guru-based initiatives: the first is e-learning with agile and interactive lessons and a final proficiency test; the second is structured mock phishing campaigns, through the transmission of emails simulating an attempted attack.

Anti-phishing awareness and training programmes integrated into the cyber strategy of Italy’s first internet company

“Cybersecurity is definitely an important element of Italiaonline’s business” the Data Manager tells us
Marcello Fausti, head of cybersecurity. “We are a fully digital company. Revenues are channelled completely on digital platforms. If the Libero or Virgilio websites were not available there would be an economic and reputational impact. With repercussions in the sphere of the trust relationship with the client. It is therefore clear that there is a strong focus on developing defensive approaches to prevent threats as best as possible.”

“We are increasingly using technology based on artificial intelligence, machine learning. We are convinced that these tools will become even more effective if they are accompanied by adequate training for the people who surf the Internet every day using the companies’ working tools,” says Fausti.

“In the field of security, the human factor plays a central role,” says Fausti. “Almost all attacks come through phishing emails, so learning to understand the threats they can conceal is very important. This ability is achieved by training people. With this in mind, we have launched two initiatives, both based on Cyber Guru: the first is an e-learning one, the second has structured fake phishing campaigns.”

Field results

The awareness programme involved all Italiaonline personnel, around 1,700 people. “I must say that a very positive climate has been created around these activities. As demonstrated by both the level of participation (93%) and engagement, with teams competing against each other to be the best. A sort of company contest immersed in a very positive atmosphere.”

On the anti-phishing front, the results were also in line with expectations. “Already after five months of targeted fake phishing campaigns, we have achieved click-through rates half as low as the market benchmark. With abatement rates of up to 85%, even compared to previous experiences in the company less than two years ago.”

“Compared to the number of incidents we handle on so-called endpoints, we have found several cases where people have reported suspicious emails to us that would immediately result in a PC being compromised. “Furthermore,” says Fausti “there has been a significant reduction in malware infections on PCs. Then we think of all the attacks based on social engineering that are leveraged on people’s willingness to trust”.

To read the full interview prepared by the Data Manager click here.