The Challenge
Dundee Precious Metals (DPM) is a Canadian-based international mining company engaged in the acquisition, exploration, development, mining and processing of precious metal properties.
As a Cybersecurity and IT Compliance Manager, Stefanov Svilen leads the cybersecurity department at DPM. Initially, the company was running an in-house cybersecurity awareness program, but this effort costed too much IT resources. Yet making sure employees knew how to spot and report on cybersecurity incidents was critical to protecting the organization security incidents. Svilen evaluated several agencies and AMATAS stood out because of its broad skill set, its ability to deliver content in multiple languages, and its technical capabilities.
“We wanted to create an information campaign to introduce ourselves to the company, deploy in-depth training and provide a clear communication path for reporting possible security incidents. AMATAS could deliver a comprehensive managed cybersecurity awareness service, which is exactly what we needed.
Svilen Stefanov, Cybersecurity and IT Compliance Manager, DPM
The Solution
AMATAS Managed Cybersecurity Awareness Training program leveraged KnowBe4, the world’s largest integrated platform for security awareness training, to disseminate educational videos, content and assessments. AMATAS also delivered in-person training seminars as well as a variety of additional materials to drive awareness for the campaign itself among DPM employees, including simulated phishing campaigns, custom AI-generated videos, relevant email communications, and newsletters. All of the materials were translated into English and Bulgarian and some of them into Serbian and Spanish, too.
Running a cybersecurity awareness and training program requires communication skills, technical knowledge, creativity for messaging and design, and the ability to work cross-functionally with marketing, HR and the IT organization.
Svilen Stefanov, Cybersecurity and IT Compliance Manager, DPM
The Result
To assess the program’s success and help the team optimize their cybersecurity training efforts, AMATAS created and executed simulated phishing attacks. Those enabled both AMATAS and DPM to benchmark the current state of awareness and measure improvements over the course of the program. According to Svilen, the reporting ratios — one of the primary metrics to indicate the program’s success — have increased substantially.
“We could pinpoint individuals that were not recognizing the attacks, for example, and tailor our training for them accordingly. Creating clear and concise instructions for reporting incidents had an immediate impact. The reporting rate for phishing emails is about 4X greater than it was 2 years ago.
Stefanov Svilen, Cybersecurity and IT Compliance Manager, DPM