How the Nuclear Decommissioning Authority Leverages Cofense Email Security Solutions
Background
The Nuclear Decommissioning Authority is a non-departmental public body made up of 26,000 members across the Department for Business, Energy, and Industrial Strategy. With limited resources to dedicate to anti-phishing education and awareness, as well as limited time for quick-response threat identification and removal, NDA worked closely with Cofense to build a proper tech stack to enhance their email cybersecurity posture.
We asked Neil Kendall, CTI/CYAS Manager at the NDA, during a recent fireside chat to discuss the relationship and how Cofense solutions not only play a critical role in thwarting potential attacks at NDA, but also provide a continuum of educational resources for identification and reporting of phishing emails.
Click here to view the fireside chat video.
Executive Summary
Customer: Nuclear Decommissioning Authority, a non-departmental public body made up of 26,000 members across the Department for Business, Energy and Industrial Strategy.
Challenges: Executives fear that their teams are being targeted for hours when using traditional SEGs, AND there is a lack of communication regarding phishing.
Solutions: Cofense PhishMe, Cofense Triage, Cofense Vision
Results: Educating employees with real phishing simulations as well as spreading awareness by stopping attacks using crowdsourced intelligence.
Challenges
On education and awareness, NDA wanted to prevent attacks from entering the office, but realized education had to be about all devices and environments, and that crowdsourced reporting was just as important as initial identification. Kendall explains the need to “really spread the word to report, even if the person is on the fence and they’re not sure is this malicious, is it non-malicious? Report it. Being able to look at that, identify it as being malicious and then spreading the word around the rest of our group, is vitally, vitally important.”
He further expands on education and the use of Cofense PhishMe, stating “We can use things like the PhishMe scenarios to be able to test our defenses, test our staff, and we can look to where our soft spots are so we can harden them, and we can then look to bolster them.”
For the security team, it was time to move beyond dependence on their Secure Email Gateway and add Cofense solutions Triage and Vision to find, prioritize and eliminate what SEGs do not. Kendall explains, “It’s that second line again, it’s that defense in depth, it’s the layered approach that we are not just relying on one technology and what their map of the world is.” Cofense Triage helps the NDA team prioritize the threats so remediation can happen faster, and more time can be returned to security team members to focus on more important issues.
Going one step further, they paired Triage with Cofense Vision to auto-quarantine phishing threats lurking in their email environment. They can also configure auto-quarantine to look for any new phishing campaigns automatically and continuously and to proactively stop attacks in their tracks.
We encourage you to watch the entire chat to hear additional thoughts from Neil Kendall on the need for a multi-layered approach to email security and how NDA’s partnership with Cofense has significantly enhanced their security posture.