Cyber security in the aerospace industry is possibly even more important than in other sectors. Manufacturer SABCA wants to adequately protect itself against data loss, and the IT department has invested heavily in technologies to keep malware and viruses at bay. Generally, however, it is the computer users who are seen as the weak link in the security chain, and for this reason SABCA called on Xylos to set up an awareness course. So far, all 650 staff have completed the course and SABCA expects a considerable decrease in the number of cyber alerts.

In the tender dossier, SABCA addressed a number of typical situations and incidents, together with the procedures the employees should follow in these situations. “This is why it is not possible to order a standard cyber security course. Every organization has different objectives, expectations and solutions. Xylos made an excellent analysis of the problem, and asked us the right questions. They also suggested an instructor who had previous experience with the Computer Crime Unit. It is difficult to come with stronger arguments, I think.”

A very hands-on course

Xylos personalized the course to comply with SABCA’s procedures and practices. The course incorporated both operational examples and potential cyber incidents which people may encounter at home. That was enough to grab the attention and interest of their employees, a prerequisite to the success of any course.

After Xylos made their proposal, Pauwels and three colleagues from the IT team spent a further three hours with the instructor to run through all the details of the course. Less than a month after assigning Xylos the job, the first course began, which lasted a total of almost two and a half hours. Xylos started with two pilot courses in the two national languages, from daily to occasional computer users, such as blue-collar workers. The course needed to be sufficiently generic to interest a diverse audience. Subsequently, the six hundred and fifty participants, in groups of twenty, were instructed on cyber security.

‘Industrial cyber security’ was included

The course was divided into three sections. The first slides were aimed at making staff aware that they really could be the target of an attack, and these were supported by an introductory video and some striking statistics. What followed was more structured and dealt with the different cyber incidents, arranged by theme. All possible forms of attack were discussed: phishing, social engineering, spear phishing, web and Wi-Fi exploits, and so on. Finally, the course also focused on the importance of industrial cyber security, such as access control systems or camera surveillance.

Helpdesk immediately has fewer queries to process

“The course was very interactive, and the participants were given plenty of tips. How can I create a strong password that I can remember easily? The feedback was very positive, everyone found something useful that they could implement. With a satisfaction score of 80%, we are also very pleased with the result. Such a high score for both the course content and the instructor is exceptional, given the heterogeneity of the group. We have also noticed that the helpdesk is currently receiving fewer calls with questions about specific emails or documents. And that is the most important Xylos tip: if you don’t trust it, don’t click.”

Pauwels takes a satisfied look back at both the commercial and operational processes. “It all went exactly as we wanted. However, it was important that the various teams collaborated very closely, and you should never put this kind of course together in a hurry. But, both in the preparation and logistics of the actual course, Xylos proved to be a high-quality and flexible partner. I would do it all exactly the same way again.”