The First Line of Defense: Educating Employees to Combat Threats

In response to the rising threat of sophisticated cyberattacks, Kyndryl started a journey to

develop a customized, in-house cybersecurity education program in 2023. By 2024, the CompanyKyndryl started seeing an increasing number of deepfakes – using sophisticated social engineering to use voice and video of our CEO to make urgent, security-compromising requests to employees via WhatsApp. With the increase in threats and potential for cyberattacks, the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) teams, in collaboration with Learning, HR, and Employee Communications, designed, created and launched a multimedia, “choose-your-own-adventure” education program that allowed employees to take a traditional one-hour course, or choose an alternative route that provided a choice of immersive labs, entertaining videos or ‘Family Feud’-like gamification. The goals of this new program were: 1) Engage employees who are the first line of defense to any company’s cybersecurity program; and 2) Ensure that the new curriculum was fun and engaging – inspiring employees to take a proactive part in protecting the company . The specific target outcomes Kyndryl set out to achieve were: 1) Secure a 100% completion rate of the training by all employees 2) Meet industry benchmarks for employees reporting phishing attacks 3) Prevent major cyberattacks on the company Kyndryl exceeded its objectives for the campaign (outlined below) – not only by enhancing employee vigilance but also setting a new standard for internal cybersecurity training, making this effort a deserving contender for this prestigious award.