By Susan Mo
More and more, boards of directors are security decision-makers. One example: Cofense just published a case study on a company whose board lit a fire for a stronger phishing defense—and it’s paying dividends.
This board took the lead in launching phishing simulations.
Queensland Airports Limited (QAL) Aviation hails from my part of the world, Australia. As an aviation company, QAL has a public presence. Translation: any security issues would likely make headlines. So the QAL board mandated an anti-phishing program. Using Cofense PhishMeTM, QAL now runs phishing simulations to condition its employees to recognize and report phishing emails.
The program is still in the early stages, but already the results are encouraging. User susceptibility to phishing emails has dropped by 10%. Moreover, the rate of users clicking on embedded links in emails has dropped by 9%. Further proof the program is not just effective but necessary: even members of QAL security teams have fallen for simulations.
And the best proof of all: “Our security teams are stopping attacks reported by employees,” said QAL’s General Manager of Technology and Innovation. Real users are helping to stop real phishing threats.
For further details, view the full case study.
Cofense board reports show results and ROI.
To make sure that boards and other leadership teams see results, Cofense provides free board reports to our customers. Cofense PhishMe customers can request a report from their dashboards or in Cofense Community. They’ll get an easy-to-read two-page summary of their program’s progress.
At a glance, each report shows susceptibility rates, rates of users reporting phishing, and the resiliency rate—that is, the ratio of users reporting emails to those that take the bait. A ratio of 1 reporter to 1 susceptible user is a good start. A rate of 5:1, for instance, would be very good.
The reports also benchmark progress within a customer’s industry. If you’re in financial services, you can see how your anti-phishing compares to other Cofense financial customers. You can even zoom out to see a comparison covering over 20 major industries.
One customer said their report gave them “the high-level ROI analysis our leadership needed.” It’s the kind of information security-minded boards require—and that security and awareness teams can use to justify budget.
For a broader view of the role boards play in cyber-security, view this article in Forbes.
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.