— Information Security Analyst, Global Financial Services Company
Our company started working with Cofense several years ago. We began to launch phishing simulations and also deployed the Reporter button. We saw our phishing susceptibility rate drop steadily and user reporting go up. Today, our reporting rate in simulations is around 60%.
We encourage team members to report everything. Then we let Cofense Triage do its job.
We don’t want team members to spend a moment thinking, okay, this email I got—is it really a phish? Even if it’s an internal email, we tell them to report it and Triage will take care of it. Cofense Reporter sends our SOC analysts a clean set of emails, properly formatted, with all the information they need. Then Triage handles the noise reduction, so analysts spend time only on genuine phishing threats.
When they look at an email, they can easily see which other team members received it and, if necessary, pull it from their inboxes.
We see lots of emails that bypass Office 365 tools – real phishing attacks that got past the email gateway.
We also sometimes see clients whose emails have been compromised and used in phishing attacks. Our team members are familiar with the email addresses but they don’t click, because they know the language is odd or something else is off. In one instance, when we notified the client they were able to alert their entire customer base within a day.
Normally, when we reach out to compromised clients they aren’t aware of the problem. This has happened often enough that our clients, along with our internal teams, see the benefit of what we’re doing.
We’re in financial services. There’s a heavy investment in the best tools. Cofense Intelligence is one of the tools our security team relies on.
Our security team likes the Intelligence product because it’s based on emails that bypassed security rules. The team also says the intel correlates with what they see. Some intelligence products flag these same threats, but not as quickly. The team’s overall opinion is they love the product—it’s really useful.
My team in security awareness feels the same about Cofense PhishMe. We had used products from other vendors with not much success. We weren’t able to do monthly phishing simulations, so we had to settle for periodic simulations. As soon as we got on board with Cofense, we could easily run monthly exercises. That dropped our susceptibility rates pretty rapidly.
Why is it important to do monthly exercises? Well, not doing it every month wasn’t working. We used to have susceptibility rates around 25%. While our rates have dropped, we also realized we would never get to zero clicks, so reporting is the key metric.
A lot of people don’t realize the value of security awareness. But our team sees the value in programs that stop real attacks.
Working with Cofense, we show value by helping to stop phishing attacks technology missed. It’s hard to get a dedicated budget for security awareness. But teams across the company understand what we’re doing. People talk about it, including the board of directors. They know that data protection is our number one risk.
Our program has received a lot of visibility and that’s been awesome. It’s really driven security awareness and made our company much more secure.