Skip to content
Search
Support
 Select language
Cancel

Case Study

Odebrecht Engenharia & Construção

At a Glance

More than 1,600 hours of training delivered in three months

94% of employees completed training

Training content delivered to 71 locations

Simultaneous training in three languages

Training in Three Languages for Teams Spread Across 71 Sites Worldwide

Odebrecht Engenharia & Construção provides services in the engineering, heavy civil construction and maintenance segments of industrial enterprises. Headquartered in Brazil, the organization serves six markets—Brazil, Angola, Ghana, United States, Panama and Peru— and currently has around 71 sites, including offices and construction projects in these countries.

With so many different locations, social cultures and languages, Odebrecht had the challenge of building a unique culture of security awareness. The organization needed to manage different operations and train approximately 4,500 users in different languages around the world.

Industry

Construction

Location

Salvador, Brazil

Challenge

Managing global training logistics across 71 sites worldwide while establishing an organization-wide security culture.

KnowBe4 Products

KnowBe4 Delivers High-Quality Security Awareness Training

KB4-CR-0699-OEC-Cityscape-800Before implementing KnowBe4 training, Odebrecht deployed training campaigns with in-house developed content about information security via email. “The material was available in Portuguese for 30 days. We then translated it into a second language—Spanish—and only after another 30 days were we able to publish the content in a third language—English. This meant a delay of 60 days between delivery training from the first and last group of users,” says Renato Sobral, Information Security Manager at Odebrecht.

Odebrecht spent two years trying out security awareness training and simulated phishing platforms—paid and open source—but none of them met the organization’s demands for technical support and specific resources.

“None of them had the quantity and quality of content and resources like the KnowBe4 Platform. Additionally, these other platforms were not strong in terms of data reporting and analysis, and did not support email being sent to a large number of domains automatically,” Sobral says.

In January 2023, Odebrecht began the implementation of the KnowBe4 Platform and planning the training campaigns with the support of AK Networks, one of KnowBe4’s partners in Brazil.

In April, Odebrecht’s IT security department ran the baseline simulated phishing test, which got a significantly high rate of users clicking on the phishing test email. Three months later, during the second simulated phishing test, this rate dropped over 80%.

“It took three months to implement the KnowBe4 Platform, which is very user-friendly, and set up the training sessions,” says Sobral, adding that “no doubt, the KnowBe4 training and simulated phishing platform had a significant impact on improving the rates and general awareness of our users in terms of security culture.”

Sobral emphasizes that the quantity and quality of content available in the KnowBe4 Platform are differentiators. “As soon as we launched the first training, we started to receive great feedback from our users, praising the materials for being intuitive and pleasant to deal with,” Sobral says. “I believe that the quality of the content engages users to complete their training.”

See KnowBe4 Security Awareness Training in Action

See how you can efficiently safeguard your organization from sophisticated social engineering threats.

Get a Demo

Security Awareness Training Tied with Onboarding Yields Greater IT Productivity

Odebrecht deploys training on the KnowBe4 Platform to comply with annual training requirements and to ensure new hires get the needed training when they start at the organization.

“In addition to the four security awareness training modules that we have established as a standard for all users, we also use the Policy Management feature within the KnowBe4 Platform. When a new employee starts working at Odebrecht, we use the platform to distribute our internal security policies and track our users’ acknowledgments, which they are required to read and accept within 30 days. If that does not happen, the manager is automatically notified,” Sobral says.

The KnowBe4 Platform also enables Odebrecht to automate dynamic user groups to receive security awareness training, which helps manage the high turnover rate inherent in construction projects.

“People come and go as construction projects start and end. The KnowBe4 Platform allows us to deactivate users in a very simple way, in addition to establishing settings associated with languages, worker release dates, leaves and vacations to determine which users should or should not receive each type of training,” Sobral says.

Among the many features offered by KnowBe4, Sobral highlights the Phish Alert Button (PAB), which allows users to quickly report a suspicious email to the information security department.

Sobral stresses that the PAB is extremely helpful in the IT team’s productivity.

“Early on, we installed the PAB plug-in in every user’s Outlook,” Sobral says. “We ran an internal awareness campaign, and today, with one click, they can report the suspected phishing email, which is then deleted from the user’s inbox, avoiding the risk of accidental opening at a later time.”

Odebrecht’s information security department is currently made up of a reduced team, Sobral says. Only a few of them are in charge of security awareness campaigns, and even then, they are not required to dedicate 100% of their time to it. The team’s small size makes the KnowBe4 Platform’s automated features crucial for success, Sobral says.

“The effort to conduct an awareness program without automation would require at least four dedicated people,” Sobral says.

“No doubt, the KnowBe4 Platform had a significant impact on improving the rates and general awareness of our users in terms of security culture.”

Renato Sobral, Information Security Manager,Odebrecht Engenharia & Construção

Measuring Success on a Global Scale

Odebrecht uses the reports from the KnowBe4 Platform on a large scale. “The reporting part is comprehensive. It allows us to generate various key performance indicators (KPI) for all areas and teams in each market where Odebrecht operates, meeting audit and compliance requirements,” Sobral says. “We have specific answers and details on training per user to address any questions from each area.”

More than 1,600 hours of training delivered in three months

Odebrecht has delivered over 1,600 hours of training to users in roughly 71 locations—ranging from construction sites to offices across the world. The global rate of users with completed training is 94%.

“This high completion rate is thanks to the quality of the content, its intuitiveness, and the availability provided by the KnowBe4 Learner App,” says Sobral, referring to the feature for accessing training on the platform anytime and anywhere, from mobile devices. “We really encourage our staff to use the mobile app.”

Automating Phishing Mitigation and Analysis is Next for Odebrecht

Following the program’s successes, Sobral says the next step is automating the treatment of user-reported emails using the PAB that are ingested by KnowBe4’s PhishER platform—which allows the infosec team to respond quickly to these potentially suspicious emails in an accurate and efficient manner.

Download the PDF