Case Study - Personalised training in large enterprise

Flemish Radio and Television Broadcasting Organization

As a large, dynamic company, VRT needed a scalable solution to train its employees thoroughly in cybersecurity topics. The flexibility of Phished also makes it possible to efficiently train temporary employees and 'guest employees'.

The Challenge

As a public broadcaster, VRT plays an important role in Belgian society. It is a large employer for hundreds of people and at the same time it is responsible for a significant part of the information gathering in Flanders. In order to guarantee these information flows and keep them as reliable as possible, an extensive cybersecurity policy is needed - one in which phishing prevention plays an important role.

"The technological evolution towards the cloud is also occurring in the media sector." says Wauterickx. "The closed ecosystem in which this technology is only analogue and is located in our own data centres is behind us. This evolution requires more attention to keep the entire situation secure, in function of the risks present of course. Phishing prevention therefore plays a very big role for us."

Despite the many people who enter the VRT buildings every day and connect their devices to the VRT network, the broadcasting corporation has never been the victim of a large-scale hack or data leak. "Of course, we did have to deal with minor phishing attempts and the like, resulting in small-scale incidents," says Wim Wauterickx, CISO at VRT. "Of course, we cannot resign ourselves to this, and we want to further step up our efforts.”

The Outcome

For an organisation with so many e-mail addresses, of which several are regularly closed and some newly added, it is important that the people behind these mailboxes are well trained in digital security. "The Phished platform supports us greatly in this," Wauterickx says. "New employees or mailboxes are automatically added to the platform, so we don't waste time and energy on that, and the chance for errors is nil.”

Previously, Wauterickx conducted an annual phishing prevention campaign. "Of course those were not dynamic tests. Such one-off tests take up a lot of time and energy, and after just a few days you lose a large part of the effect. Moreover, it was always a snapshot: a week later, a new colleague started and he or she missed the campaign. With Phished, we can provide continuous training that is tailor-made for everyone."

The varying degree of difficulty can also count on the approval of Wauterickx: "When we set up tests ourselves, it is not easy to put a degree of difficulty on them. Everyone gets the same message and personalisation is almost impossible. With Phished, that happens and we don't have to configure it ourselves; the platform does its job and adapts itself when necessary."