Kaspersky ASAP: Automated Security Awareness Platform Eﬀective training for employees. Ease of use for managers. k-asap.com

2 Kaspersky ASAP: Automated Security Awareness Platform More than 80% of all cyber-incidents are caused by human error, with companies losing millions recovering from staff-related incidents. Yet the effectiveness of traditional training programs intended to prevent these problems is limited, and frequently fail to inspire and stimulate the necessary behavior. Human error is the biggest cyber risk $1,315,000 per enterprise organization The average ﬁnancial impact of data breaches caused by inappropriate IT resource use by employees* $132,000 per SMB The average ﬁnancial impact of a data breach caused by physical loss of company owned mobile devices exposing the organization to risk* 50% of businesses reported experiencing threats directly caused by inappropriate staﬀ behavior, making this the most common threat to IT security* 43% of small businesses suﬀered a security incident due to IT security policies violation by employees* 26% of employees said their personal email has the same password as their work account** Barriers to launching an eﬀicient security awareness program While companies are eager to implement security awareness programs, many are unhappy with both the process and the results. Small and medium businesses, which don’t usually have the experience and resources needed, are particularly challenged in this area. Not eﬀicient for students Perceived as diﬀicult, boring, irrelevant drudgery. It’s all about ‘don’t’ rather than about ‘how to’ Knowledge is not retained Reading and listening isn’t as eﬀective as doing An administrative burden How to create a program and set goals How to manage training assignments How to control the progress How to fully engage people with the training * Report: Report “IT security economics 2021”, Kaspersky ** https://www.beyondidentity.com/blog/password- sharing-work

3 Eﬀiciency and ease of training management for organizations of any size Introducing the Automated Security Awareness Platform, which forms the core of the Kaspersky Security Awareness training portfolio. The Platform is an online tool that builds strong, practical cyber-hygiene skills for employees throughout the year. Launching and managing the Platform doesn’t require special resources or arrangements, and it provides the organization with built-in help at every step of the journey towards a safe corporate cyber-environment. How to evaluate an awareness program One of the most important criteria when choosing an awareness program is its eﬀiciency. With ASAP, eﬀiciency is built into the training content and management. The platform’s content is based on a competency model consisting of 300+ practical and essential cybersecurity skills that all employees should have. Educate your employees about cybersecurity to change their attitude and behavior and protect your business and IT systems. Consistent – Well thought-out, structured content – Interactive lessons, constant reinforcement, tests, simulated phishing attacks to ensure skills will be applied Training materials and their structure are arranged in accordance with the speciﬁcs of human memory, our ability to absorb and retain information. Practical & engaging – Relevant to employees’ everyday working life – Skills that can be put to immediate use Examples from real life situations in which employees can recognize themselves contribute to learner engagement while helping to retain information. Positive – Puts a proactive spin on safe behavior – Explains ‘why’ and ‘how to’ instead of the taboos Too many rules and restrictions can cause discontent, while explanations and convictions aligned with the way people think naturally contribute to adoption and behavior change. Easy to manage Fully automated learning management brings every employee up to the security skills level appropriate to their risk proﬁle without any intervention of the platform administrator Easy to control “All-in-one” dashboard & actionable reports Easy to engage Invitations and motivational emails as well as weekly student and administrators reports are sent automatically by the Platform. Eﬀicient training Easy management

4 Better learning principles Kaspersky ASAP is changing the way we provide cybersecurity learning content. Now you can choose whether to assign employees a basic express course that will help you quickly meet regulatory requirements for cybersecurity training, or refresh their knowledge, or opt for a full course broken down into complexity levels Express course A short version of the training in audio-video format. Each of 6 major cybersecurity topics contains several small lessons to help the user master basic cybersecurity skills. - Interactive theory - Videos - Tests Simulated phishing attacks are not included in the learning path, but can be assigned additionally by the administrator as a phishing campaign Speciﬁc learning paths for each risk proﬁle Use automated rules to assign employees to a certain group based on their desired educational target level. This target level depends on the risk their particular role poses to the company. The higher the risk, the higher the target education level should be, e.g. IT or accountants typically represent a higher risk than other workers. Flexible learning • The scope of the training is completely ﬂexible, while retaining the advantages of sequential automated learning management • For each training group you are able to select: - Main or express course or a combination of both - Topics to train in the main course and/or the express course which students in the group need to learn - The target level you want students to achieve for each selected topic in the main course. Actionable reports anytime • Enjoy dashboards with all the information needed to control and manage statistic summaries about company users, training slots, and group training, with the ability to drop down to the individual level • Get suggestions on how to improve results • Download reports from the main page in a single click, and conﬁgure the frequency of receiving reports by mail Freedom to perform Employees may study at any convenient time and from any device. Mobile-friendly design makes learning even more comfortable. Users can access the training portal using personalized links from the training invite or use a single link for all users via Single Sign-On (SSO) technology ASAP management: simplicity through full automation Start your program in 4 simple steps Upload users Launch training Divide users by risk proﬁle & set target levels for each group This is the only step where the administrator needs to think and make decisions The platform builds an education schedule for each group, based on pace and target level, and delivers actionable reporting and recommendations Automated training management done by ASAP Flexible learning path

5 Example: Skills trained in “Websites and the Internet” topic Beginner To avoid mass (cheap and easy) attacks Elementary To avoid mass attacks on a speciﬁc proﬁle Intermediate To avoid well-prepared focused attacks Advanced* To avoid targeted attacks 23 skills, including: – Recognize fake pop-ups – Pay attention to redirects – Distinguish genuine download links from fake ones – Recognize executable ﬁles found on the web – Be able to determine the authenticity of a browser extension 34 skills, including: – Enter data only on sites with a valid SSL certiﬁcate – Use diﬀerent passwords for diﬀerent registrations – Recognize fake sites by a number of signs – Avoid numeric links – Recognize invalid network link addresses by fake subdomains 12 skills, including: – Check sharing links before sending – Use software only from trusted manufacturers for torrents – Download legal content only from torrents – Clear browser cookies regularly 13 skills, including: – Recognize sophisticated fake links (including links looking like your company websites, links with redirects) – Check sites using special utilities – Recognize if the browser is mining – Avoid black SEO sites + reinforcement of elementary skills + reinforcement of the previous skills + reinforcement of the previous skills Key subjects covered in the topic: Links, Downloads, Software installations, Sign-up & Login, Payments, SSL Each topic comprises several levels, detailing speciﬁc security skills. Levels are deﬁned according to the degree of risk they help to eliminate: Level 1 is normally enough to protect from the easiest attacks and mass attacks. To protect from the most sophisticated and targeted attacks, the higher levels need be studied. Training topics • Passwords & Accounts • Email • Websites and the Internet • Social media & Messengers • PC Security • Mobile Devices • Protecting conﬁdential data • GDPR • Industrial Cybersecurity ASAP main course methodology Continuous incremental learning • From the simple to the more complex, topic by topic and level by level: learning knowledge increases • Expanding and applying previously acquired knowledge in new contexts Multimodal content • Each level includes: Interactive lesson reinforcement assessment (test and simulated phishing attack where applicable) • All training elements support the particular skill being taught in each unit, so that skills are truly mastered and become part of the new, desired behavior Interval learning • The Ebbinghaus ‘forgetting curve’ – learning methodology based on the speciﬁcs of human memory • Repetition forms builds safe habits and prevents forgetting • Reinforcement in each every module The Ebbinghaus Forgetting curve Repeated reinforcement helps build strong skills. 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Obliteration Remembering after reinforcement * Will be added during 2022

6 Well-balanced, structured content relevant to real-life to ensure eﬀiciency Learning principles in ASAP are based on the methodology that takes into account the speciﬁcs of human nature, our ability to perceive and absorb information. The content is full of real life examples and cases that highlight the personal importance of cybersecurity for employees. The Platform focuses on training skills, not just providing knowledge, so practical exercises and employee-related tasks are at the core of each module. Visual style and texts are not only translated into diﬀerent languages, but are adjusted to reﬂect diﬀerent cultures and local attitudes. Phishing campaigns are an addition to the main training process that test employees’ practical skills in avoiding phishing attacks. This will help the training manager identify gaps in user knowledge and encourage them to study topics they’re having trouble with. The platform comes with ready-made email templates containing phishing examples that can be sent to platform users in all available languages. The set of available templates is regularly updated with new ones. You can also create custom emails based on predeﬁned templates. Try a simulated phishing attack before you start the training - check your employees’ resilience! It will help employees and management to see the beneﬁts of training. Languages The Platform (both student’s and admin interface) are available in the following languages: * are coming in 2022 Simulated phishing campaigns Example of the editable simulated phishing template and feedback • Arabic • Dutch • English • French • German • Italian • Portuguese • Russian • Spanish • Czech • Kazakh • Polish • Slovenian • Rumanian • Turkish • Hungarian • Danish • Swedish • Greek* • Serbian • Brazil (Portuguese)* • Portuguese • Romanian • Serbian • Slovenian • Swedish • Turkish • Greek • Japanese • Chinese (Mandarin)*

7 Kaspersky Security Awareness – a new approach to mastering IT security skills Kaspersky Security Awareness oﬀers a diverse range of solutions covering all the cybersafety-speciﬁc needs of enterprises, and teaches the skills everyone needs using the latest learning techniques and technologies. One ﬂexible training solution for all Choose a single solution that addresses a speciﬁc security need, or let us provide packages that make it easy for you to launch and target training according to all your needs and priorities. You can ﬁnd more information about packages here: kaspersky.com/awareness Key program diﬀerentiators Substantial cybersecurity expertise 20+ years’ experience in cybersecurity transformed into a cybersafety skillset that lies at the heart of our products Training that changes employees’ behavior at every level of your organization Our gamiﬁed training provides engagement and motivation through edutainment, while the learning platforms help to internalize the cybersecurity skillset to ensure that learnt skills don’t get lost along the way. Kaspersky Security Awareness worldwide 75 countries About 1,000,000 trained employees I n t e r a c t i v e w o r k s h o p f o r C -le v e l E x e c u t i v e t r a i n i n g A u t o m a t e d S e c u rit y A w a r e n e s s P l a t f o r m A ll E m p lo y e e s G eneralist IT A ll E m p l o y e e s С-Level Executives С - L e v el E x e c u tiv e s

www.kaspersky.com Kaspersky ASAP free trial: k-asap.com Enterprise Cybersecurity: www.kaspersky.com/enterprise Kaspersky Security Awareness: www.kaspersky.com/awareness IT Security News: business.kaspersky.com 2022 AO KASPERSKY LAB. ALL RIGHTS RESERVED. REGISTERED TRADEMARKS AND SERVICE MARKS ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS.