Managing Phishing Reports and Creating a Culture of Cybersecurity

August 16, 2024

The Challenge

This Cofense client, a Fortune 600 company in the global food industry, operates within a highly competitive and regulated environment. With a large network of partners and a vast digital footprint, ensuring the security of its email communications is critical. 

Despite their established security measures, the company struggled to manage the influx of phishing reports submitted from the more than 5,000 employees who use their email server. As a result, their internal threat detection and response team was left consistently overwhelmed and unable to address all phishing reports to create a consistent feedback loop, making it more difficult to foster a culture of cybersecurity within the wider organization. 

Unacknowledged phishing reports can have several consequences. When an employee reports a potential email as phishing and receives no response indicating whether it is a true threat, the likelihood of the employee reporting future phishing emails is reduced. This is why when trying to instill the importance of email security within an organization, emphasizing the necessity of reporting phishing emails is key.  

The Solution

To address these challenges, the company implemented Cofense’s comprehensive security solutions, which include: 

Security Awareness Training

  • Leveraging insights from Cofense Intelligence and the Cofense Phishing Defense Center (PDC), they integrated real, current threats into their phishing simulations.
  • These simulations provided their internal threat detection and response team with robust training materials and real-time data, enhancing the effectiveness of employee training programs.


Phishing Detection and Response:

  • The Cofense PDC automated the ingestion and analysis of all suspected phishing emails.
  • Upon identifying malicious content, the PDC quickly quarantined the threats from the customer’s email environment, significantly reducing the backlog of reported emails and minimizing risk. These emails are then removed from all other Cofense customers’ email environments as well, eliminating the threat entirely across the entire customer base.


“Before we implemented the PDC and improved the whole ecosystem, people were reporting, but it was kind of into a black hole. They didn't know what happened after, or if the report was even received.  Now, they get that feedback saying ‘Thank you, this email you reported was not a threat, or it was a threat…’ They're getting that feedback. That's huge ... that ability is what keeps us at Cofense using the PDC.” 

The Impact

The implementation of Cofense email security solutions yielded measurable and impactful results for the company. Following an internal quantified risk assessment, it was determined that the partnership generated a positive return on investment due to a significant reduction in risk exposure. Prior to implementing the PDC, the sheer volume of reported emails rendered the company’s threat detection and response team unable to address all threats, leaving many unchecked. After implementing the PDC, all phishing reports could be addressed, and the internal security team used the data received from the PDC to arm their employees with important information about email security and its importance.  

“The PDC is what really stands out for us. We’ve had demos of Knowbe4 and Proofpoint, and other solutions that tell us they can do the same thing that the PDC does, but they don’t have somebody who is analyzing the new emails that come in the way the PDC does. We have not found another solution that does that.” 

This endorsement underscores the PDC's superior capability in automating the ingestion and analysis of potential phishing emails, which significantly enhanced the company’s ability to manage phishing threats in real-time. This was indicated by a phishing defense simulation that achieved a 75% response rate, a significant improvement from a previous low of 23%. This increase demonstrated enhanced employee awareness and engagement in cybersecurity practices.  

Conclusion

Through the strategic implementation of Cofense's security awareness training and phishing detection solutions, this Fortune 600 global food company successfully mitigated email security risks and fostered a culture of cybersecurity awareness and reporting among its employees. The partnership with Cofense not only alleviated the burden on their threat detection and response team, but also empowered the workforce with the knowledge and tools to combat phishing threats effectively. 


Want to share? Download this case study.


See Cofense in action.

Request a Demo

You'll learn how to:

  • Transform your employees into cyber-resilient assets and active phishing reporters.
  • Automate classification and remediation of AI-powered attacks that bypass your traditional or AI-based SEG.
  • Leverage globally-sourced threat intelligence to identify and mitigate post-compromise risk