Sorting
Deployments found: 17
Companywide reporting climbed to 43 percent, with some key departments reporting at over 90 percent.
While metrics continue to improve, including phishing susceptibility rates under 10%, “Our leadership wants to know that we’re always getting better. Cofense lets us demonstrate that. We can’t just do the same basic simulations over and over. With Cofense PhishMe, it’s easy to customize more complex phishing scenarios. Over time, we’ve made the exercises more advanced, personalizing emails by name and company logo, to reflect what’s happening in the real world.” The company also needed a central storehouse where suspicious emails could be forwarded and automatically prioritized. With training and implementation help from Cofense professional services, the CPG leader now has a dedicated, purpose-built mailbox where employees can forward suspicious emails. Cofense Triage automates the process of distinguishing threats from noise.Before, incident responders spent hours sifting through emails. Now, 80 percent of reported emails are resolved automatically – just 20 percent require active attention.
The solution’s clustering capability helps identify larger phishing campaigns, so the incident response team can address them swiftly. “Our incident responders are making much better use of their time now. They can recognize and respond to a real incident, instead of sifting through tons of emails before stumbling upon something important. Cofense Triage improves the quality of work our responders can do.” With low susceptibility rates and reporting rates steadily rising, the head of security awareness reports that “employees have become an important line of cyber defense.” And thanks to the automation and analytics of Cofense Triage, “we’re not drowning in information anymore and can act on threats right away.”- Fewer than 1 in 10 employees now click on simulated phishes
- Up to 9 in 10 employees in some critical departments correctly report simulated phishes
- Just 20 percent of reported emails are personally triaged by incident responders – thanks to automation
Even better, team members are reporting real phishing emails that got past tools like secure email gateways (SEGs). With such good results, we went straightaway into using Cofense Triage and Intelligence as well. We don’t want team members to spend a moment thinking, okay, this email I got — is it really a phish? Even if it’s an internal email, we tell them to report it and Triage will take care of it. Cofense Reporter sends our SOC analysts a clean set of emails, properly formatted, with all the information they need. Then Triage handles noise reduction, so analysts spend time only on genuine phishing threats.
When they look at an email, they can easily see which other team members received it and, if necessary, pull it from their inboxes. We also sometimes see clients whose emails have been compromised and used in phishing attacks. Our team members are familiar with the email addresses but they don’t click, because they know the language is odd or something else is off. In one instance, when we notified the client they were able to alert their entire customer base within a day. Normally, when we reach out to compromised clients they aren’t aware of the problem. This has happened often enough that our clients, along with our internal teams, see the benefit of what we’re doing. Our security team likes the Intelligence product because it’s based on emails that bypassed security rules. The team also says the intel correlates with what they see. Some intelligence products flag these same threats, but not as quickly. The team’s overall opinion is they love the product—it’s really useful. My team in security awareness feels the same about Cofense PhishMe. We had used products from other vendors with not much success. We weren’t able to do monthly phishing simulations, so we had to settle for periodic simulations. As soon as we got on board with Cofense, we could easily run monthly exercises. That dropped our susceptibility rates pretty rapidly. Why is it important to do monthly exercises? Well, not doing it every month wasn’t working. We used to have susceptibility rates around 25%. While our rates have dropped, we also realized we would never get to zero clicks, so reporting is the key metric. Working with Cofense, we show value by helping to stop phishing attacks technology missed. It’s hard to get a dedicated budget for security awareness. But teams across the company understand what we’re doing. People talk about it, including the board of directors. They know that data protection is our number one risk.
Our program has received a lot of visibility and that’s been awesome. It’s really driven security awareness and made our company much more secure. By: Information Security Analyst, Global Financial Services Company
We’ve been able to show the connection between phishing simulations and real threats that users report.
Our Cofense support analyst has helped us create reports that show the overlap between simulations and verified threats. We want to know how someone performs on a simulation versus a real phish. The idea is to identify groups that get attacked a lot and the ones reporting the most real phish. We want to see how that interplay works. We’ve used the data to educate people who fall susceptible to certain attacks. We’ve found that most of those users aren’t susceptible in later simulations. They’re paying more attention and reporting at much higher rates. For example, we’ve been able to run targeted custom campaigns using domains and executive spoofing, based on real attacks we’ve seen in our environment.We’ve found that running targeted campaigns resulted in more than 25 percent higher reporting rates, compared to the average user over the next three months.
It’s really exciting to track data and show how it relates to performance, plus how it can shape the next round of simulations. We let repeat clickers practice as much as they need. If an employee clicks on a simulation, rather than just relying on a pop-up page to teach them, we send another phish. If the user clicks again, that’s the learning moment. That person will ask, “What signs did I miss?” They’ll be more aware. To identify real threats, we use the managed version of Cofense Triage. Cofense analysts look at everything that’s reported, pull out any IOCs, and send them back to our SOC. It eliminates a layer of analysis and enables the SOC to scope the campaign immediately. Who else in the organization got the phishing email? Then the SOC can pull those emails from inboxes, so users can’t click on them, and block the sender’s IP address, at least temporarily.One recent phishing email said, “I’m in a meeting and can’t be contacted. Can you help me out?”’....Luckily, some recipients reported it.
That email, a real phish, involved a typo squatted domain, which looked like our domain with one letter changed. The email purportedly came from a senior executive, using a signature block that looked very close to ours. A bunch of users throughout the organization received the phishing campaign and, while some started responding to it, others began reporting. We were able to stop the campaign before any real damaged was done. That was a huge win for us. It was a very sophisticated campaign, so it shows that our training is working. Of course, you’ll never get to zero clicks, so there’s always work to be done.The ROI4CIO Deployment Catalog is a database of software, hardware, and IT service implementations. Find implementations by vendor, supplier, user, business tasks, problems, status, filter by the presence of ROI and reference.