Background
Phishing attacks continue to spike year after year. Recognizing their employees were vulnerable to phishing attacks, a multinational manufacturer of imaging and optical products with more than 18,000 employees in the EMEA region concluded it was only a matter of time before a phishing attack would cause serious damage.
Security Challenges
Phishing is successful because it baits users into opening tainted emails that often bypass stringent technology layers to reach the user’s inbox. Employees can be too busy, distracted, or trusting to give much thought to possible risks.
“There’s always a way to penetrate the organization, or use an employee to get access because, for employees, security is not normally their area of expertise,” says the Information Security Manager at the global manufacturer. “If they see an email, they may not be able to recognize it as legitimate or malicious.”
The company decided to strengthen its phishing defenses since most of its efforts to raise awareness about phishing through video and classroom presentations so far had proven unsatisfactory; the company turned to Cofense to help strengthen their anti-phishing programs. “The whole concept of phishing as a service just struck us as genius.”
Solutions – Cofense PhishMe® and Cofense Reporter®
The relationship started with the implementation of Cofense PhishMe, an enterprise SaaS solution that drastically reduces an organization’s phishing susceptibility by conditioning users to recognize and avoid phishing threats using simulated phishing scenarios and immediate education.
Cofense PhishMe was highly successful in conditioning the company’s employees to recognize phishing attempts. The next logical step was to turn the employees into informants with Cofense Reporter, an add-on module that empowers employees to report phishing attempts to strengthen organizational response.
Looking ahead, the client is currently testing the Cofense Triage™ solution, a dedicated incident response platform that automatically organizes and analyzes suspected phishes to help IR teams more quickly respond to attacks in progress.
Gaining Global Adoption Among 18,000 Users
To test the waters with Cofense PhishMe, the client deployed it to about 5,500 employees and spent a year analyzing the results. Satisfied the solution worked as promised, with users getting wiser to the tricks and techniques of phishing, the company decided to expand Cofense coverage to all 18,000 employees.
The company runs simulations once each quarter for all employees and increases the frequency for smaller groups needing additional help with threat detection. Each time, the company uses a different phishing scenario to “keep users on their toes.” Some scenarios come stock with the solution, but clients can create their own.
“We’ve almost always customized the scenarios to an extent, and we did a couple that were fully customized,” notes the client. “ Cofense keeps updating scenarios based on events that occur in the real-world, and we find that really helps.”
One of the most compelling aspects of Cofense PhishMe, he says, is the ease of implementation. Ten minutes after deploying the software, you can start using it. Cofense’s atypical, proactive approach to phishing defense is also a major benefit, as is the statistics-generating capability to deliver a true picture of user awareness levels, he says.
Improved Reporting Capabilities
The company has rolled out Cofense Reporter to the 18,000 employees to encourage not only vigilance but active participation in security. “Before Cofense, it was difficult to get people, when they received a phishing email, to send in the email attachment. Some people don’t understand the concept of sending emails as an attachment to maintain the original headers. Cofense Reporter solved that because now you just press a button to send them.” There was an immediate and significant increase in the number of emails reported as suspicious.
The client is currently receiving more phishing reports than it can handle, the manager says. Although bulk phishing data adds risk for false positives, the client believes that adding an additional incident response tool like Cofense Triage will help reduce false positives and continue to strengthen their overall security posture.
Cofense Triage, he says, will help solve the problem of over-reporting by weeding out false positives more efficiently. Employees who send a report will get a response telling them which were false positives and which were real events. That will help the employees get even better at identifying real phishing threats.
The Cofense solution is essential to achieving his top goals for the year – to effectively address the phishing problem and raise employee awareness. Part of the reason phishing is such a vexing threat, he believes, is because no one ever thinks to fully train users on how to properly use email.
“No one really shows them what is good versus what is bad and how to make that determination. It’s hard to break bad habits through just videos or pamphlets and some don’t care because they suffer from information overload,” he shares. “A solution like Cofense shows them in real-time what a real phish looks like and does.”
Conclusion – “Buy Cofense”
The client’s ability to catch phishing emails has vastly improved since implementing Cofense PhishMe and Cofense Reporter. According to the client, Cofense’s technical support has remained accessible and responsive throughout the adoption process. “They give results in a couple of hours and they’re very nice people – all of them.”
The client notes that compared with other vendors getting support from Cofense is definitely easier. Based on that success and the technology’s tangible results, the Information Security Manager says he’d have no qualms about recommending Cofense to his peers.
When anyone asks him how to deal with phishing, his answer is simple: “Buy Cofense.”