After improving phishing detection, this company is focusing on response.
A global commercial development company needed to train employees to recognize and report phishing. The company launched Cofense PhishMeTM and Cofense ReporterTM, conditioning users to identify potentially malicious emails and empowering them to report with a single click.
Reporters now outnumber susceptible employees.
After just two simulated phishes sent to all users, the number of reporters outpaced the number of susceptible employees. Initially, the susceptibility rate was over 50% and the reporting rate less than 10%. Such quick results were possible because the company decided to launch Cofense Reporter right away, hand in hand with Cofense PhishMe.
Now, reporters are at over 45%, with susceptible employees well under 20% and even less for attachment and data entry phishes. In fact, more than 90% of employees have failed only four or fewer scenarios out of 17.
Here’s a dramatic piece of evidence. Holiday e-cards are among the most effective phishes. The first time this company sent one to employees, over half were fooled. But the next time, less than a quarter of users failed to recognize the phish. And a couple of months after that, the e-card susceptibility rate was below 15%.
With results these good, the company was able to start sending more complex simulations, preparing users to help combat the latest active threats.
Triage and Intelligence will bring faster, better response.
With the number of reported emails rising steadily, the company is adding Cofense TriageTM to automate their analysis. Freed of the task of sifting through the “email abuse” inbox, incident responders will be able to hunt threats faster.
The company also added Cofense IntelligenceTM. Like Cofense Triage, Cofense Intelligence is phishing-specific. It yields insights on threats from millions of sources, all vetted by human analysts, helping the company spot emerging phishing and malware threats.
As the company expands, it gains exposure to email threats. Building on its success in security awareness training to create a comprehensive defense is a smart move.
Learn more about phishing defense in Cofense’s 2017 Phishing Resiliency and Defense Report.