Technology Record - Issue 28: Spring 2023

98 INTERVIEW Using simulation for cybersecurity The risk of cyberattack can be reduced by improving user behaviour, and interactive education can help build a security-aware organisational culture, says Fortra’s Theo Zafirakos BY ALICE CHAMBERS Simulation is used by us all in our daily lives– be it a weather forecast or fire drill – to prepare ourselves for potential risk. There are widespread applications in industry too, ranging from crash test dummies in automotive to the modelling of medical procedures in healthcare. Enterprises in all sectors can benefit from simulation for their cybersecurity. Security solution provider Fortra uses it to educate employees and thereby help organisations reduce their risk of attack. “We believe in empowering people,” says Theo Zafirakos, chief information security officer at Fortra’s Terranova Security. “When people are informed, educated, supported and empowered, they do amazing things. Give people the appropriate security awareness training, tools and support, and together we can build a cyber secure and aware culture.” Fortra works with its customers to define security awareness programmes that aim to reduce their business risk levels. It provides courses on a variety of topics including eliminating unsafe end user behaviours, reducing cyber risks and keeping sensitive information safe. “Before they come to us, many organisations have nothing in place or only have reactive processes for when their cybersecurity is put at risk,” says Zafirakos. “It largely boils down to their users, who are often not aware of the threats they face when using technology and the internet.” Cloud security is more important now than ever before, Zafirakos points out. The Covid-19 pandemic has boosted the growth of remote work – the International Labour Organization reports that more than 70 per cent of fulltime workers in Europe are now choosing to work from home, compared to just 5.4 per cent in 2019. This means that more people are interacting with multiple cloud services, often over unsecured networks. “Some of the most significant risks to cloud computing come from user behaviours,” says Zafirakos. “Managing these risks starts with having robust guidelines for cloud usage and security. Now, more than ever, cybersecurity relies on effective education more than technology. Firms can prevent and reduce security breaches, attacks and downtime by providing up-to-date, fun and interactive awareness activities.” Fortra develops training programmes that include progress tracking, phishing simulations and gamified activities so that organisations can reduce security breaches caused by user behaviour. “Simulations ensure employees can detect and avoid cyber threats like phishing, social engineering and ransomware,” says Zafirakos. “These interactive tests can be part of any security awareness training programme, facilitating the process of detection, reducing risk, building threat resilience and creating a security-aware organisational culture. “Simulations are most effective when they leverage real-world cyber threats that users may encounter. Within a safe environment, employees can learn how to detect and avoid phishing attacks so that organisations can leverage their results to adjust their future awareness efforts and improve their security as a whole.”