There has been a recent upward trend in cyber-attacks and data breaches, in particular due to insufficient data protection measures and a lack of preparedness, as well as an increasing number of attacks in the workplace, including hacking into mobile devices and exploiting IoT vulnerabilities, according to Varonis statistics. IBM says 19% of breaches are due to stolen login credentials, 16% of breaches are due to fraud, and 15% of breaches are due to improper cloud service settings. The principles of remote working, as demonstrated by the Covid-19 pandemic, have only increased the need for data protection measures and the need to be properly prepared to use them and to be able to detect cyber-attacks.
One of the preventive measures is to increase cyber security, which is why VU Kaunas Faculty, together with partners from Lithuania, Latvia, Estonia, Cyprus and Malta, noticed the increasing trend of attacks using various online fraud schemes and decided a year and a half ago to develop a distance learning course called CyberPhish to help people recognise phishing attacks, understand the consequences and responsibilities, and know what to do if their data has been compromised.
CyberPhish course to raise awareness of online fraud
The CyberPhish course includes training material, self-tests to assess knowledge, simulations of phishing attacks to test how the trainee would behave in the situations presented, and finally a knowledge test which leads to a CyberPhish certificate. Individual participants can study at their own convenience and do not have to complete the entire course – learners can improve their knowledge on the topics that are most relevant to them. The course is also planned to be integrated in the higher education institutions of the consortium partners.
Successful pilot training in Lithuania
In order to assess the quality of the CyberPhish course, the project partners have carried out pilot trainings in their countries. In Lithuania, the pilot training was carried out by inviting members of the VU Kaunas faculty community, mainly students. The project partner, Information Technology Institute, prepared guidelines, developed questionnaires before and after the training, monitored the progress of the pilot training for all partners, and provided statistical information to the partners after the training data was systematised.
The Lithuanian pilot training was attended by students from Economics and Management, Lithuanian Philology and Promotion, Applied Systems of Finance and Accounting, and Information Systems and Cyber Security. It was decided to invite students from a wide range of study programmes in order to get as much feedback as possible, assessing not only the training material, the user-friendliness of the learning environment, but also the quality of the course. The project application foresaw inviting at least 24 participants in each partner country. It is pleasing to note that the number of participants in the pilot training in Lithuania has been significantly higher, with more than 90 participants having joined the CyberPhish course so far, 53 of whom have successfully completed the course and have been issued with a course completion certificate. The age range of the participants in the pilot training was 20-23 years old and there were slightly more males than females, with 60% of the participants being males.
Participants in Lithuania have a positive view of the CyberPhish course
The main objective of the CyberPhish pilot training was to test and assess their knowledge about online fraud. It is encouraging that the majority of participants in the pilot training in Lithuania were satisfied with the CyberPhish course. 43% of the participants stated that the simulations integrated in the CyberPhish course improved their ability to identify online fraud attacks, and a further 52% stated that they improved their ability to identify online fraud attacks even a lot.
Between 40% and 60% of the participants who completed the course said they had learnt many new things. Participants were very positive about following topics and stated that they had learned a lot of new things: “Handling of Cyber-Attacks”, “Legal aspects of Cyber Security”, “Different types of Phishing Attacks and Techniques” and “Social Engineering Modules and Manipulation”.
The feedback provided by the participants of the CyberPhish pilot training has confirmed the partners’ ambition to contribute to the development of cybersecurity skills and the forming of a safer society through the CyberPhish course.
About the CyberPhish project
The CyberPhish project, supported by the Erasmus+ programme, is implemented by the VU Kaunas Faculty in partnership with the Information Technology Institute (Lithuania), Altacom (Latvia), University of Tartu (Estonia), MECB (Malta) and Dorea (Cyprus). The aim of the project is to develop learning material that will help students of computer science, other specialisations and other interested persons to learn about a very important problem in cybersecurity today – phishing. Last but not least, they should not only learn about it, but also acquire the necessary skills and abilities to protect themselves against online fraud and know how to deal with such an attack.
Vytautas Evaldas Rudžionis
Renata Danielienė
More about CyberPhish project: https://cyberphish.eu
We invite you to register the CyberPhish course: https://cyberphish.eu/learn
This project has been funded with support from the European Commission. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which may be made of the information contained therein.