Burckhardt Compression is a Swiss company specializing in the development, manufacturing, and service of reciprocating compressors, primarily for industrial gas applications. Founded in 1844 and headquartered in Winterthur, Switzerland, the company has evolved into a global leader in compressor solutions for the oil and gas industry, chemical process engineering, petrochemicals, and industrial gas production. The company employs more than 3,000 people worldwide.
The Vision – Promoting cybersecurity awareness through targeted campaigns
- Raising awareness of cyber-attacks across the entire company.
- Equipping employees with the knowledge and tools to recognize and respond to phishing.
- Familiarizing employees with the development of phishing and the new methods of attackers.
- Ensuring that everyone is informed and able to recognize phishing attempts.
Given the outlined challenges and goals, Burckhardt Compression recognized that partnering with baseVISION for their “Phishing Prevention Campaigns” was the right decision. The complexity of cybersecurity management for a global workforce speaking 10 different languages and operating in over 80 countries required a comprehensive and tailored approach. baseVISION’s expertise in creating targeted phishing prevention strategies, including language-specific content and detailed reports, precisely met the needs of Burckhardt Compression.
From the beginning, our goal was not to lure as many employees as possible with a fraudulent link, but to ensure that everyone is informed and able to recognize phishing attempts. Together, we focused on creating a learning environment where knowledge is shared without blame, so our team is always one step ahead of potential security breaches.
«Unser Ziel bei baseVISION ist es, sicherzustellen, dass die Mitarbeitenden von Burckhardt Compression in der Lage sind, Phishing-Versuche zu erkennen und darauf zu reagieren. Durch die Nutzung der neuesten Cybersecurity-Trends und -Technologien haben wir effektive Phishing-Präventionskampagnen durchgeführt. Das positive Feedback und die erhöhte Sensibilisierung der Mitarbeitenden zeigen den Erfolg unserer Bemühungen.»
The Solution – Awareness campaigns
To tackle the cybersecurity challenges at Burckhardt Compression, a detailed and strategic roadmap was developed in collaboration with baseVISION. This roadmap outlines the key steps and milestones necessary for the effective implementation of the “Phishing Prevention Campaigns.”
Kick-off meeting
Kick-off meeting
To create tailored content for phishing emails, baseVISION used publicly available information about the company. This approach mirrored the attackers’ tactics, making the training more realistic and effective. baseVISION used templates available in over 10 languages to address the various languages spoken within the company. Knowing that cyber threats are constantly evolving, baseVISION developed campaigns based on new technologies exploited by attackers. For example, OAuth abuse was addressed, where users receive emails asking for permission to run a malicious application. This proactive approach helped employees stay one step ahead of new threats.
Create phishing mail
Create phishing mail
The solutions Microsoft Defender and Azure Defender help protect the entire attack chain on multiple levels. During the project duration, numerous smaller attacks were observed and responded to accordingly. A major advantage of the Microsoft Security Center products is the holistic view and good collaboration. This way, the entire environment can be protected. Additionally, the various levels ensure that the environment remains secure even if an attack bypasses the reporting system.
Campaign
Campaign
The campaign was conducted for one month. Until the last day of the campaign, users could click on the phishing link and automatically receive the corresponding training. baseVISION automated the delivery of selected training for users in their native language, ensuring that all employees, regardless of their location, received the necessary training to recognize and respond to phishing attempts.
Reporting & new campaigns
Reporting & new campaigns
After the campaign concluded, we began reporting and analyzing the data. Interpreting the results was crucial. During the reporting session, we discussed the outcomes of the current campaign to raise awareness and plan the next campaign. In this meeting, we were able to identify trends, compare campaigns, and discuss current news in the field of phishing. Repetitions were essential to maintain and increase awareness, which is why we emphasized the importance of ongoing campaigns.
We have gone through this process with Burckhardt Compression five times, and the next three campaigns were already in planning.
«Die Zusammenarbeit mit baseVISION war eine fantastische Erfahrung! Die Phishing-Präventionskampagnen haben das Bewusstsein und die Fähigkeit unserer Mitarbeiter, Phishing-Versuche zu erkennen, drastisch verbessert. Wir haben einen signifikanten Rückgang der angeklickten Phishing-Links und der eingegebenen Anmeldedaten sowie einen Anstieg der gemeldeten Phishing-E-Mails festgestellt. Die Schulung war unglaublich effektiv, da die Mitarbeiter, die sie erhalten haben, nicht auf nachfolgende Campaignn hereingefallen sind.»
Summary
Burckhardt Compression teamed up with baseVISION to tackle cybersecurity challenges through tailored phishing prevention campaigns. These campaigns targeted employees in their native language, offered training to recognize phishing attempts, and included discussions on current cybersecurity trends. The results were impressive: the number of clicked phishing links and entered credentials significantly decreased, and the number of reported phishing emails increased. Continuous collaboration and repeated campaigns proved essential in maintaining and improving employee awareness and vigilance against phishing threats.
Leading companies rely on us.
