Cofense PhishMe for energy grid
Categories
Description
Background. A diversified energy and utility company with more than $30 billion in assets and operations in 25 states. The company operates regulated utilities and electricity generation through two primary lines of business and includes eight electric and natural gas utilities, serving 3.1 million customers in New York and New England. The organization operates 6.3 gigawatts of electricity capacity, primarily through wind power, across the United States, as well as employs 7,000 people.
Challenges. Energy providers face a cybersecurity double whammy: An attack could cut power to thousands of customers and cause millions of dollars in damage. And, since the company is subject to North American Electric Reliability Corporation Critical Infrastructure Protection (NERC/CIP) regulations, it risks incurring fines up to $1 million per violation per day.
Solutions. An anti-phishing solution had to meet several criteria – ease of use, a good value, compatibility with other systems, and actionable data delivery. After evaluating a handful of solutions, the company decided to conduct a limited proof of concept of Cofense PhishMe. The results sold the energy company on Cofense PhishMe.
A cloud-based SaaS immersive learning platform, Cofense PhishMe works easily with all major web browsers. It instructs users on the dangers of phishing through periodic simulations. Users have to decide if suspected phishes are legitimate or report them as suspicious. “Because we are a global company, we looked for a phishing platform that was extensible. Cofense PhishMe fit that bill because of its worldwide presence and multi-language capabilities,” the cyber security manager says.
Results. The energy company launched its simulation program on a small scale by targeting company executives and their assistants. Over an eight month period, they expanded it to include HR, customer service, legal, corporate security and finance personnel. Each time, the phishing team shared results and susceptibility levels with management. It soon became clear departments that had already experienced phishing simulations had lower susceptibility rates. This proved that training and simulations work. Since leveraging Cofense, the energy company has seen employee susceptibility trends decline.
Conclusion. The manager says in theory, the energy company could lose $3 billion in market valuation if it suffered a serious data breach. “If Cofense can help us prevent that, and if it can help us keep the lights on and the natural gas flowing for our customers, that’s a big deal.” The company has calculated the cost of each simulation at approximately 60 cents per employee. That’s a reasonable price, considering the improvements in susceptibility rates and the attacks the company may have already averted thanks to heightened phishing awareness, the manager says. “Because we work for an energy services company, we have a duty to protect the grid. One of the ways we do that is by encouraging our employees to step up and accept that higher responsibility – to teach them to stop and think before they download an attachment, for instance. And we believe Cofense will continue to help us do that and prevent bad things from happening.”
Details
Business tasks
Enhance Staff Productivity
Ensure Security and Business Continuity
Problems
Risk of attacks by hackers
Risk of data loss or damage
Shortage of inhouse IT resources