Cofense Case Study

Global CPG Leader Accelerates Phishing Reporting and Incident Response with Cofense

Background and Challenges

This consumer product goods (CPG) leader had no formal anti-phishing program. Knowing the threat was growing and its security team needed help, the business began using Cofense PhishMe® to measure employee’s susceptibility to suspicious emails and Cofense Reporter™ to report them with one click. Later, the CPG firm deployed Cofense Triage™ to help incident responders recognize threats and remediate them faster. 

According to the CPG company, 28 percent of employees, as well as third-party contractors, clicked on bad emails during initial Cofense simulations. “That was a wakeup call,” said the CPG company’s head of security awareness. “We knew we needed improvement, but thought we were in better shape than that.” Employees needed help in spotting potential phishes – especially critical departments more heavily targeted by attackers. 

Moreover, the company needed a central storehouse where suspicious emails could be forwarded and automatically prioritized. Incident responders had to spend hours sifting through 500 to 1000+ emails reported daily. Instead of focusing their efforts on dealing with real phishes – not to mention the myriad other security issues they faced – responders wasted time manually sorting through the clutter to distinguish threats from noise. 

Executive Summary

Client: A consumer product goods (CPG) business with USD 16.6B in annual net sales and 40K employees in over 100 markets

Challenges: Helping frequently targeted teams recognize and report phishing and enabling incident responders to distinguish real threats from noise

Solutions: Cofense PhishMe, Cofense Triage, and Cofense Reporter

Results:

  • Fewer than 1 in 10 employees now click on simulated phishes 
  • Up to 9 in 10 employees in some critical departments correctly report simulated phishes 
  • Just 20 percent of reported emails are personally triaged by incident responders – thanks to automation 
“Our leadership wants to know that we’re always getting better. PhishMe lets us demonstrate that.” 
- Head of Cybersecurity, CPG leader 

Solution and Results

Cofense PhishMe and Cofense Reporter 

Implemented simultaneously, Cofense PhishMe and Cofense Reporter proved a powerful combination. Cofense PhishMe tested employees’ susceptibility to phishing under simulated conditions. And Cofense Reporter “relieved employees of having to figure out whether and how to report a suspicious email,” said the head of cybersecurity. “If they had any doubts, they could report an email with a single click and get on with their day.” For that reason, the company installed Cofense Reporter on devices before deploying Cofense PhishMe.

Cofense Triage

With training and implementation help from Cofense professional services, the CPG leader now has a dedicated, purpose-built mailbox where employees can forward suspicious emails. Cofense Triage automates the process of distinguishing threats from noise. 80 percent of reported emails are resolved automatically – and just 20 percent now require active attention from responders. The service’s clustering capability helps identify larger phishing campaigns so that the incident response team can address them swiftly. 

“Our incident responders are making much better use of their time now. They can recognize and respond to a real incident, instead of sifting through tons of emails before stumbling upon something important. Cofense Triage improves the quality of work our responders can do.” 

“Our incident responders are making much better use of their time now.” 
- Head of Cybersecurity

Conclusion

With susceptibility rates in the single digits and reporting rates steadily rising, the head of cybersecurity reports that “employees have become an important line of cyber defense.” And thanks to the automation and analytics of Cofense Triage, “we’re not drowning in information anymore and can act on threats right away.” 

Search

We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on wpml.org as a development site.