“Thank you Perigon One! We successfully implemented a comprehensive cybersecurity training program. Through tailored education and simulated phishing attacks, our staff’s awareness increased, leading to a significant reduction in successful phishing attacks. Perigon One has greatly enhanced our cybersecurity defenses, and we highly recommend their expertise.”
At Perigon One, we’ve been working closely with Brisbane-based Aeris Resources since they first acquired their Cracow gold operations site in 2020. Initially, we were tasked with integrating the existing on-site IT systems into Aeris’ own infrastructure, and you can learn more about that work in our previous Aeris Resources case study. The project was so successful that the team asked us to continue providing comprehensive, fixed-cost IT support, and we’ve been doing so ever since.
Aeris Resources grew and expanded with the addition of the new site, and the team were becoming more and more aware of the digital risks they were facing. With attacks becoming more sophisticated – and more frequent – within the mining sector, Aeris were keen to ensure their data, their sites, and their employees were adequately protected from attacks – particularly phishing.
Aeris Resources had decided that they wanted to implement a comprehensive cybersecurity training programme for their employees, to be rolled out initially across the Tritton copper operations site. The purpose of the training would be to educate employees about the risks associated with phishing, and equip them with the knowledge and skills to identify and respond to such threats effectively.
However, the team faced a number of challenges in making this a reality.
As Aeris already knew, there’s a big difference between understanding cybercrime & knowing what to do when faced with a threat, and putting that knowledge into action in a real-world scenario. How could they be sure that their training efforts would translate well into an actual attack situation?
Aeris Resources reached out to us. They asked us to design and deliver an expert cybersecurity training programme to Tritton staff to reduce the risk of attack on the Aeris network. This would involve delivering a total of 836 training sessions to ensure adequate coverage across all relevant personnel, and make sure everyone was provided with the knowledge they needed to respond to potential threats in the best possible way.
Our solution was to approach the training programme in two parts.
Firstly, we decided to run an educational campaign, delivering tailored training to over 150 employees working at the Tritton site. This would ensure that workers were fully aware of the specific risks that existed within the mining industry, that they understood how their data could be stolen using simple techniques – and that they knew how an attack could impact business operations and reputation.
Secondly, we ran a simulated attack alongside the education programme. This would involve the delivery of suspicious communications directly to Tritton site workers across a 12-month period. Designed to replicate real-world phishing attacks, this exercise would create a more immersive training experience for employees, helping them to connect their training to real risk.
In total, 440 training modules were completed, accounting for 53% of all training sessions delivered. Rostering meant that not everyone could undertake the programme in full. Despite this, over half the sessions were completed, and even with the instances of incomplete training, the team were still able to note impressive overall results.
Following the training, the email open rate for Tritton workers reduced from the previous year, suggesting that workers were becoming increasingly aware of what suspicious communications could look like. The number of workers falling victim to smart phishing attacks also decreased. This helped Aeris Resources to maintain a safer and more secure working environment, where data and people were well protected.
Overall, two notable benefits were seen:
The training programme contributed to a heightened sense of awareness among Tritton staff regarding cybersecurity threats, particularly phishing attacks. This increased awareness is reflected in the reduction of opened phishing emails and a notable decrease in reported successful attacks. The number of staff entering or giving up their data was reduced by 320%.
The combination of training and phishing campaigns significantly reduced the risk of cyber attacks on the Aeris network. In fact, the number of staff being phished was reduced by 80%. By equipping employees with the knowledge and skills to identify and report phishing attempts, the organisation has massively strengthened its overall cybersecurity posture.
The initial implementation worked so well that Aeris are looking to expand on the foundation that’s been built. The team would like to relaunch the cybersecurity training and phishing campaigns for Tritton and Cracow site workers with a new schedule. This will focus on a specific topic for 1.5 months before moving on to another important area of training. It’ll allow for the continuation of education for enrolled members, and the start of the introduction process of this training programme for new employees who haven’t yet embarked on the course.