Read the article and answer the questions. Post your comment on the Discussion Fonm. Complete the exercises and read your classmates commerts and write comments for at least two of your cissernates' writings. The value of the activity is 20 points. The deadine for the cuestions can be found in "Tools" located in "Calendar" in the Blackboard plarfion - What do you think about the training programs and techniques used by MasterCard to help their employees with the cybersecurity problems? - Do you think of cther solutions to their problem? MASTERCARD MAKES EMPLOYEES FEE. THE IMPACT OF PHIISHING SCMMS service model employees experionced the shock of falling prey to ptisting scams and leam what they can do to proted themsolves, custioners and the compary. The Chalenge Phishing scams cost companies bllions every yeat. Teaching employees how to avoid phisting attacks is koy to an effoctive cybertocurty program. Long gone are the days of poorly writien emais from Sctional foreign digntares asking recipients for personsl inlormaton. Today's phisting scans are much more sophisfcatod and diffout to recognize, often appearing to come from an employee's colleagues - and they can tappen anwitere at any time with devastating corsequences. In 2015, Ubiquit Networks, a network technology company, lost 546.7 million to a personalzed phishing scam in which the scammer ingersonating the compary's finance dopartment convicoed employees to transter money to an account in Hong Kong. In 2016 , the internal Revenve Service issued as deer to its poypol and hR stall waming of a phisting scheme . purportody from execotives requesting employees' personal intormation. If just one person is fooled by these scams t can be Inancialy devastating fox a concany and destroy customer' lath in the brand. Yot they have becomo the most caminon secuily sone new piece of malware will iand in an enployee's intox. Thars why the most efoctive cobersecurity programs incluse enployee training as a last ine of deflense. MaserCard recogrized that training is a ciscal component of ts cybersecurty strategy and that the content coultit be just a nin-ofthe-mill course. They nooded something compeling that would capture employeer' attention and make them realize the risk these phishing scars topresent. One of the key obstados in teacting about of bessecurty is employoos ofen dont tawe it seriousy or tall bo understand the impect their actions can hive. The Solution Show employees the impsed of dicking on phishing scams, then teach them the hight approsch Wenteying and ropoting melchos phishing athicks. Show employees the impact of clicking on phishing scams, then feach them the right approach. MaslerCard set the aggressive goal of reducing the number of employees who opened phishing emais to 15 percent or less - substantialy lower than the industry standard of 24 percont. To do that, the complany developed an enterpnise-wide spear phishing exercise to thwart bad behavioc, buld cyber acumen and teuch employees how to be vigilant about "We wanted to heip entoloyees proactively recognize different types of phishing emails to protect MastorCard as another line of defense against such attacks, "said Poonam Vema MasterCard vice president, vilinerability management. To initiate the leaming program (Figure 1), employees recolved authentiotooking omal's but instead of getting a geneal awareness page when clicking on a suspicious link, GP Strategies created a program that mimics a hacker removing dala from the employee's computer. Figure 1 Transforming Compliance Training from Compulsory to Compelling Simulated e-learning dramatically boosted engagement in Mastercard's annual cybersecurity training. "Even though the phishing experience was simulated, to the employoe, it appeared to be a real hfe event," said Jim Palton, business development managor, GP Strategies. The program leaders developed two phishing emalls that were sent three fimes crer three months to a randomly solocted group of employees making up 25 percent of the general workorce. Each email was constructed with progressive intersity to entice leamers to click the phishing Ink. The emals were tracked and employee responses were ranked as elther: - Bad: they opened emat and cilched on the link - Ungware: completely ignared the emad. - Good. old not realy drove hame the sericusness of meeting the leaming objectives, "said Jawende Staber, MassterCard vico prosident, global talent development Employees who fased to follow secuity protocol recoived a diect tink to an e-teaming course wh an introduction by the chilef secunty officer. The course contred the impact of phishing to the businoss, how to recognize and avoid phisting scams, and the compary's fomal reporting and emal isolaton procedtures. In addition to onine content, the course offered a printable quick reference guide on what to do in the event a phishing omail is cponed or a phishing ink is selected. The Resitts MastorCard mot ts target to exceed industy standards and employees report foring tho program. ingugemont in the training program (Figure 2). But the nambers alone don't tell the whole story. Over the last fow years, the company's L 8D leam has set out fo create new and engaging compliance training that emplojees realily respond to. By that measure, the spear phishing program devoloped with GP Strategies was considered a huge success. "Feotbock from employees showed they found the course to be innovative, provocative, entertainting and informafive, "said Maureen Doran Howithan, MasterCand vice presidinf, global talent development and leaming and development. in fact, one participant conmented: "This is how training should be l almost wanted it to last langer," Cyborsocurity is vital in todoy't world. Ensuring employees are edveatod about phishing scams and understand the inportance of toilowing siops to mulgats their inpact is a hey rist mansgement atritegy that wil hoip beep the company more socure from aftack