Safer business

Why cybersecurity education is taking off at Heathrow Airport

In response to social engineering emails, London Heathrow Airport created a culture of continuous, targeted cybersecurity education.

Share article

You might not think of cybersecurity first when it comes to airport safety, but Jasvinder Pham, Head of Cyber Development and Assurance and Matthew Bourne, Cyber Security Manager, believes it’s at the heart of London Heathrow’s safety practice. And education is their most important protective gear against cybercriminals that use psychological tricks, also known as social engineering, on their staff.

In Tomorrow Unlocked’s video Next Departure: Fighting Cybercrime, Pham and Bourne outline how they’re helping Heathrow staff see through cybercriminals’ mind games.

What is social engineering?

Social engineering is when a hacker wants to access information from an organization for stealing or sabotage. They look to emotions to make you do something you normally wouldn’t – like an email presenting an offer you can’t refuse.

Jasvinder Pham, Head of Cyber Development and Assurance, London Heathrow Airport

And Pham says it’s a common tactic. “Nine out of ten breaches are done through social engineering. At Heathrow, we tend to get scattergun emails across the whole estate. We call that phishing. They’ll ask a user to enter login and password details or click a link.”

Learning to recognize the mind tricks

Where phishing emails are a scattergun approach, the Heathrow cybersecurity team responds with carefully targeted cybersecurity education.

They use internal advertising to raise staff awareness of social engineering techniques, then send out their own phishing-style test emails to see who takes the bait.

It’s part of a wider cybersecurity education program based on identifying those who can benefit most from the learning. Bourne says, “We’ve turned training courses on their head by asking the questions first. If you answer them all correctly, you don’t need the training. If you don’t, you can sometimes complete training in less than 10 minutes.”

Bourne believes cybersecurity training should resemble real-world cyberthreat situations. “We’ve started using live actors to get a bigger impact and bring it to the context of the airport.”

Customers are ready for better security

Pham says Heathrow wants to be on the cutting edge of security technology, but it’s not always easy. “We want to stay one step ahead, but I feel like we’re one step behind.”

But Pham believes one thing on their side is staff and customer readiness to embrace the latest security features. “People use services like WhatsApp and multi-factor authentication in their home. They want more, so we need to make sure we don’t miss out.”

Expert tech in expert hands

Kaspersky Expert Security’s three-pillar approach conquers complex cyber incidents.

About authors

Suraya Casey is a freelance writer, editor and content strategist based in New Zealand. Her interests include cybersecurity, technology, climate, transport, healthcare and accessibility.