CASE STUDIES

Dumarey, the automotive excellence group

Overview

The Dumarey Group, formed under this name about a year ago, was born behind the impetus of Guido Dumarey, founder and current chairman, who made his first acquisition in 1983: a small Belgian company specializing in metal punching.
The Group now employs more than 3,000 people in 6 locations in Europe and Asia, with annual sales of about 1 billion euros.

The challenge

Given the amount of information handled, the high number of employees and the high technological profile, the Dumarey Group has chosen to have a special focus on information security issues.
Not only in terms of technology but also in terms of staff training and awareness , which is also a prerequisite for obtaining many of the industry certifications.

The solution

To protect the company from growing cyber risk, the Dumarey Group has adopted the newly developed Cyber Guru training model, a training platform that is quick and easy to deploy and measurably effective, to lower cyber risk in a short time, turning employees into the first line of defense against cyber attacks.

After just one year with Cyber Guru, cyber risk is much lower

Paolo Carlo Pomi, Ciso of the Dumarey Group for about a year now, in addition to focusing on technology has bet on employee training, partly because industry certifications require the company to engage in staff training and awareness on cyber security issues.

“I believe that in order to be more resistant to social engineering attacks,” Pomi says, “continuous training is necessary. In my field, the effectiveness of the face-to-face course, done once a year, may solve the compliance problem, but it is not effective enough to manage risk. On this issue, communication often comes across as boring and uninvolving. To protect the company from growing cyber risk, technology must be coupled with a training solution that is quick and easy to deploy and measurably effective, which in is able to lower the risk in a short time, turning employees into the first line of defense against cyber attacks.”
According to Pomi, the strength of a training plan like Cyber Guru’s lies primarily in the continuity of the message. “An ongoing program with training and simulation sections and testing resilience in the face of social engineering attacks. It’s not just phishing, but it’s another line of defense, in addition to technology, that turns every employee into a vigilant guardian of the company’s boundaries.”

In addition, today we are all connected, and often the two worlds, the professional and work world and the personal world, overlap and become confused.

“This, in fact, is another major risk factor that can no longer be ignored,” says Pomi. “No matter how hard we try to keep the two separate, even using corporate devices, the social engineering attack plays heavily on this interpenetration. So since you can’t control employees’ personal devices, the only way to lower the risk is to raise their awareness and attention.”

Continuous training is needed; attention must be trained.

The Cyber Guru training program has been adopted by the Dumarey Group for about a year now, first in the Turin office and recently in the other offices for only those staff who have a corporate email.

“In the long term, my goal,” says Pomi, “is to extend this type of training to people who do not have a corporate email available. In fact, it’s a useful type of training for the personal sphere as well, and regardless of the context in which you operate.”

According to Pomi, one year after adopting the training program, the first important feedback is already being seen.
“There has certainly been an increase in awareness and a lowering of the risk level.
Many are reporting and few are clicking. An incident that confirms this new trend is one from a few days ago, an employee told me that to make a reservation at a restaurant he was asked for his credit card information.
However, the page where he was supposed to enter them was strange and lacking in certification, and so the reservation was not made.
This is a confirmation of a training course like Cyber Guru’s, both able to raise the threshold of attention and recognize a potential scam.
This was not an insider, but a salesperson.
So the message, explained in a concrete, practical and understandable way, reaches everyone, regardless of the tasks employees perform.
After one year, the level of awareness is much higher than before.
In addition, this ensures that the company is successful in the visits of the auditors of the various certifications who ask for an account of the awareness part and the training part…”

To read the entire interview and learn more click here