There has been a recent upward trend in cyberattacks and data breaches, in particular due to insufficient data protection measures and a lack of preparedness, as well as an increasing number of attacks in the workplace, including hacking into mobile devices and exploiting IoT vulnerabilities, according to Varonis statistics. IBM says 19% of breaches are due to stolen login credentials, 16% of breaches are due to fraud, and 15% of breaches are due to improper cloud service settings. The principles of remote working, as demonstrated by the Covid-19 pandemic, have only increased the need for data protection measures and the need to be properly prepared to use them and to be able to detect cyberattacks.
One of the preventive measures is to increase cyber security, which is why VU Kaunas Faculty, together with partners from Lithuania, Latvia, Estonia, Cyprus and Malta, noticed the increasing trend of attacks using various online fraud schemes and decided a year and a half ago to develop an online course called CyberPhish to help people recognise phishing attacks, understand the consequences and responsibilities, and know what to do if their data has been compromised.
CyberPhish course to raise awareness of online fraud
The CyberPhish course includes training material, self-tests to assess knowledge, simulations of phishing attacks to test how the trainee would behave in the given situations, and a test to receive a CyberPhish certificate. Participants do not have to complete the entire course and can improve their knowledge on the topics that are most relevant to them. The course is also planned to be integrated in the higher education institutions of the consortium partners.
Successful pilot training in Lithuania
In order to assess the quality of the CyberPhish course, the project partners have carried out pilot trainings in their countries. In Lithuania, the pilot training was carried out by inviting members of the VU Kaunas Faculty community, most of which were students. As a project partner, the Information Technology Institute prepared guidelines, developed questionnaires before and after the training, monitored the progress of the pilot training for all partners, and provided the partners with statistical information after the training data was systematised.
The Lithuanian pilot training was attended by students of Economics and Management, Lithuanian Philology and Promotion, Applied Systems of Finance and Accounting, and Information Systems and Cyber Security. The decision was made to invite students from a wide range of study programmes in order to get as much feedback as possible and assess not only the training material or the user-friendliness of the learning environment, but also the quality of the course. The project application foresaw inviting at least 24 participants from each partner country. It is exciting to note that the number of participants in the pilot training in Lithuania has been significantly higher, with more than 90 participants having joined the CyberPhish course so far, 53 of whom have successfully completed the course and have been issued with a course completion certificate. The age range of the participants in the pilot training is 20-23 years old and there are slightly more males than females, with 60% of the participants being male.
Participants in Lithuania evaluate the CyberPhish course positively
The main objective of the CyberPhish pilot training was to test and assess the participants’ knowledge about online fraud. It is encouraging that the majority of participants in the pilot training in Lithuania were satisfied with the CyberPhish course. 43% of the participants stated that the simulations integrated in the CyberPhish course improved their ability to identify online fraud attacks, and a further 52% stated that the courses improved this skill significantly.
Between 40% and 60% of the participants who completed the course said they had learnt many new things. The participants responded very positively about the course topics “Handling of Cyber-Attacks”, “Legal aspects of Cyber Security”, “Different types of Phishing Attacks and Techniques” and “Social Engineering Modules and Manipulation”.
The feedback provided by the participants of the CyberPhish pilot training has confirmed the partners’ ambition to contribute to the development of cyber security skills and the forming of a safer society through the CyberPhish course.
About the CyberPhish project
The CyberPhish project, supported by the Erasmus+ programme, is implemented by the VU Kaunas Faculty in partnership with the Information Technology Institute (Lithuania), Altacom (Latvia), University of Tartu (Estonia), MECB (Malta) and Dorea (Cyprus). The aim of the project is to develop learning material that will help students of computer science and other fields, as well as those who are interested to learn about a very important problem in cyber security today – phishing. And not only learn about it, but also acquire the necessary skills and abilities to protect themselves against online fraud and know how to deal with such attacks.
Assoc. Prof. Dr Vytautas Evaldas Rudžionis
Assist. Prof. Dr Renata Danielienė
More about the CyberPhish project: https://cyberphish.eu
To register for the CyberPhish course click here