Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong. Take 2 mins to learn more.

Building Security Awareness: Cyber October 2024

Mariusz Kondratowicz
on
22.10.2024
Reading time:
3 mins
Last edited on

if you don’t work on it regularly, it weakens, leaving you vulnerable to risks. In the digital age, where cyber threats are constantly evolving, training our "security muscles" is essential for the strength of the entire business. That’s why we launched our annual Cyber October initiative to ensure we’re all in top shape when recognizing and responding to security threats.

What is Cyber October?

Cyber October is an annual campaign that boosts security awareness and shares best practices across technology organizations to protect consumers and businesses.


91% of all security incidents begin with phishing or other social engineering attacks. (Deloitte)

Since phishing remains one of the most common and dangerous cyber threats, this year’s campaign focused on phishing and social engineering, equipping everyone with the knowledge and skills to identify and avoid these attacks. Our efforts went beyond the basics, considering emerging threats like AI-based social engineering tactics, which are becoming increasingly sophisticated.

While all new Ramp Network joiners complete InfoSec Starter training upon joining, we recognize that we need to refresh our knowledge regularly to stay relevant. Our annual Cyber October program helps us do just that, bringing everyone up to speed on current threats and best practices.

To kick off the initiative, we took a proactive approach in Q3 by launching a phishing campaign to gauge our current level of security awareness. This exercise helped identify gaps and guided our focus for the month-long program. 

What We Did During Cyber October

To make learning interactive and engaging, we created a 28-question quiz to cover a range of scenarios you might encounter online and offline. The quiz included questions like:

  • What action do you take when you see a suspicious email?
  • You notice a stranger sneaking behind a co-worker and entering the building without using a building pass. What should you do?
  • What best practices should individuals follow to avoid AI-based social engineering attacks?

These questions weren’t just theoretical; they mirrored real situations to help everyone think critically about responding to potential threats. By tackling diverse scenarios, we aimed to foster a culture where security awareness is not only an individual responsibility but a shared one.

To make Cyber October as engaging and effective as possible, we didn’t just stop at a quiz. The InfoSec Team introduced a dedicated course to dive deeper into cybersecurity awareness. This course consisted of six microlearning modules and an interactive 3D game to better understand today's threat landscape.

The course topics covered essential areas such as:

  • Anatomy of a Phishing Attack. This module helped employees understand phishing from an attacker’s perspective, revealing common tactics used to deceive victims.
  • Social Engineering Techniques and How to Recognize Them. Here, we explored various methods used by cybercriminals to manipulate people into divulging sensitive information, and practical ways to spot these tactics.
  • Real-life Case Studies examined actual incidents like “CEO Email Impersonation” where attackers mimic senior executives to trick employees into transferring funds.
  • How Deep is the Deepfake looked at how advanced technology can be used to create convincing fake videos or audio clips.

To complement the microlearning modules, we also introduced a 3D game focused on the theme of Working Securely While Remote. The game guided participants through different scenarios involving secure remote work practices, emphasizing the importance of maintaining security hygiene outside the office environment. Players faced challenges related to securing their devices, handling sensitive information, and recognizing potential threats while working from various locations.

By combining traditional learning with interactive and immersive experiences, we aimed to keep the training engaging and memorable, ensuring that the lessons would stick and be applied in real-world situations.

Staying Ahead of Emerging Threats

Cybercriminals are constantly refining their tactics in today's rapidly changing digital landscape.

Our Cyber October initiative reflects this reality by addressing classic phishing strategies and highlighting emerging risks like AI-driven attacks. We want everyone to be aware that while phishing emails may look convincing, AI can now be used to manipulate voice or text to imitate someone you know, making it even harder to distinguish friend from foe.

By staying informed and vigilant, we all play a part in protecting our data, our users, and our company’s reputation.

Why Cyber October Matters

The effort we put into cybersecurity awareness isn’t just for compliance; it’s about creating a resilient environment where every employee acts as a line of defense. Here’s why Cyber October is so important:

  • Reducing Human Risk: Human error is one of the leading causes of security incidents. By continuously educating our workforce, we significantly reduce the chances of someone falling victim to a scam.
  • Building a Culture of Security: Security shouldn’t just be the job of the InfoSec team; it’s everyone’s responsibility. Cyber October reinforces that we’re all accountable for keeping the company safe.
  • Preparing for New Threats: Cyber threats evolve quickly, and our awareness must evolve just as fast. With regular updates and focused training, we’re ready to face new challenges as they arise.

Flexing Our Cyber Muscles Year-Round

Cyber October may be our annual security awareness campaign, but the commitment to cybersecurity extends far beyond a single month. The lessons learned, the skills acquired, and the habits formed should serve as the foundation for a security-first mindset that lasts throughout the year.

Thank you to everyone who participated in Cyber October 2024. Let’s continue to flex those cyber muscles and keep our company secure. Remember, a strong security culture is built by reacting to incidents and preventing them before they occur.

We recently launched our bug bounty program, enabling ethical hackers to help us identify and address potential vulnerabilities before they can be exploited. Learn more about our proactive security approach here - https://bit.ly/3ZPwLpc

If you have feedback or would like to learn more about ongoing cybersecurity training, please reach out to security@ramp.network. Stay secure, stay aware, and keep building those security muscles!

Ready to start?

Get your integration started
Mariusz Kondratowicz

Head of Information Security

TABLE OF CONTENTS

Let’s get your integration started

Contact Sales