Case Study – Vitra
Quantifiable learning success at Swiss designer furniture manufacturer
As a manufacturer of high-end residential and office furniture, Swiss company Vitra International AG is a key player in the fields of architecture and design. And the company wants to be one step ahead of the competition in more than just design: Arne Blum – CISO of the global, family-run company – also believes in the importance of cyber security.
“We had high quality standards in selecting our cyber security provider. This was necessary because we were looking for a state-of-the-art solution that both teaches our employees about an important subject, and is compatible with our complex workforce structure.”
Vitra’s employees in Switzerland, France, and Germany work together across borders. This means that German, French, and English are equally represented at the company.
Customized learning content and live updates via SCORM streaming
In order to be able to respond to current challenges, Vitra uses SoSafe’s Enterprise Package and Phishing Report Button. This package contains a comprehensive e-learning platform and SoSafe’s Phishing Simulation. The e-learning modules are provided in the three main languages spoken at Vitra, making the modules accessible to as many employees as possible and allowing them to undergo the training in their primary work language.
Vitra uses its internal Learning Management System (LMS) to provide access to the modules, while SoSafe uses SCORM Standard to upload the learning content directly onto the internal platform. The special SCORM streaming functionality allows updates to be automatically uploaded to the LMS, without any effort from the administrator. Internal branding is also used via the Customization Engine: The appearance of the learning pages in the Phishing Simulation is adapted to match Vitra’s corporate design. This makes it easier for employees to identify with the company, and creates greater acceptance of the training measures among the workforce. The contents of the Phishing Simulation are tailored for Vitra and were developed together with the SoSafe Social Engineering Team. The phishing emails are individually customized for the company’s field, and strike a nerve with employees.
Tangible effects: lower click rates as reporting culture spreads
Employees were notified of the Phishing Simulation before the awareness measures went live, but not how the simulated emails would look or when they would be sent. The starting phase itself was a success, as the click rate sank by over 20 percent after a short time, with a continued, strong downward trend during regular working times. At the same time, the Phishing Report Button gave the positive reporting culture at Vitra a significant boost: Overall, the number of reported emails increased by 188%. The Button gives employees the opportunity to easily and directly report suspicious emails. If the email is a phishing attempt from the SoSafe Simulation, the users are notified and are given learning content that matches the context of the email. All other instances are forwarded to the company’s IT Department. The Report Button thus also improves the internal reporting culture at Vitra, and helps prevent phishing. CISO Arne Blum has a very positive view of this function:
“The Report Button let us trim down our internal reporting chain even further, with visible results. Employees reported suspicious emails more frequently, including actual phishing attempts. They were actively helping to identify and prevent dangerous attacks.”