Background and Challenges
This consumer product goods (CPG) leader had no formal anti-phishing program. Knowing the threat was growing and its security team needed help, the business began using Cofense PhishMe® to measure employee’s susceptibility to suspicious emails and Cofense Reporter™ to report them with one click. Later, the CPG firm deployed Cofense Triage™ to help incident responders recognize threats and remediate them faster.
According to the CPG company, 28 percent of employees, as well as third-party contractors, clicked on bad emails during initial Cofense simulations. “That was a wakeup call,” said the CPG company’s head of security awareness. “We knew we needed improvement, but thought we were in better shape than that.” Employees needed help in spotting potential phishes – especially critical departments more heavily targeted by attackers.
Moreover, the company needed a central storehouse where suspicious emails could be forwarded and automatically prioritized. Incident responders had to spend hours sifting through 500 to 1000+ emails reported daily. Instead of focusing their efforts on dealing with real phishes – not to mention the myriad other security issues they faced – responders wasted time manually sorting through the clutter to distinguish threats from noise.
Executive Summary
Client: A consumer product goods (CPG) business with USD 16.6B in annual net sales and 40K employees in over 100 markets
Challenges: Helping frequently targeted teams recognize and report phishing and enabling incident responders to distinguish real threats from noise
Solutions: Cofense PhishMe, Cofense Triage, and Cofense Reporter
Results:
- Fewer than 1 in 10 employees now click on simulated phishes
- Up to 9 in 10 employees in some critical departments correctly report simulated phishes
- Just 20 percent of reported emails are personally triaged by incident responders – thanks to automation
Solution and Results
Cofense PhishMe and Cofense Reporter
Implemented simultaneously, Cofense PhishMe and Cofense Reporter proved a powerful combination. Cofense PhishMe tested employees’ susceptibility to phishing under simulated conditions. And Cofense Reporter “relieved employees of having to figure out whether and how to report a suspicious email,” said the head of cybersecurity. “If they had any doubts, they could report an email with a single click and get on with their day.” For that reason, the company installed Cofense Reporter on devices before deploying Cofense PhishMe.
Cofense Triage
With training and implementation help from Cofense professional services, the CPG leader now has a dedicated, purpose-built mailbox where employees can forward suspicious emails. Cofense Triage automates the process of distinguishing threats from noise. 80 percent of reported emails are resolved automatically – and just 20 percent now require active attention from responders. The service’s clustering capability helps identify larger phishing campaigns so that the incident response team can address them swiftly.
“Our incident responders are making much better use of their time now. They can recognize and respond to a real incident, instead of sifting through tons of emails before stumbling upon something important. Cofense Triage improves the quality of work our responders can do.”
Conclusion
With susceptibility rates in the single digits and reporting rates steadily rising, the head of cybersecurity reports that “employees have become an important line of cyber defense.” And thanks to the automation and analytics of Cofense Triage, “we’re not drowning in information anymore and can act on threats right away.”