Cofense PhishMe for Global Financial Services Company

Our company started working with Cofense several years ago. We began to launch phishing simulations and also deployed the Reporter button. We saw our phishing susceptibility rate drop steadily and user reporting go up. Today, our reporting rate in simulations is around 60%.
Even better, team members are reporting real phishing emails that got past tools like secure email gateways (SEGs). With such good results, we went straightaway into using Cofense Triage and Intelligence as well. We don’t want team members to spend a moment thinking, okay, this email I got — is it really a phish? Even if it’s an internal email, we tell them to report it and Triage will take care of it. Cofense Reporter sends our SOC analysts a clean set of emails, properly formatted, with all the information they need. Then Triage handles noise reduction, so analysts spend time only on genuine phishing threats.
When they look at an email, they can easily see which other team members received it and, if necessary, pull it from their inboxes. We also sometimes see clients whose emails have been compromised and used in phishing attacks. Our team members are familiar with the email addresses but they don’t click, because they know the language is odd or something else is off. In one instance, when we notified the client they were able to alert their entire customer base within a day. Normally, when we reach out to compromised clients they aren’t aware of the problem. This has happened often enough that our clients, along with our internal teams, see the benefit of what we’re doing. Our security team likes the Intelligence product because it’s based on emails that bypassed security rules. The team also says the intel correlates with what they see. Some intelligence products flag these same threats, but not as quickly. The team’s overall opinion is they love the product—it’s really useful. My team in security awareness feels the same about Cofense PhishMe. We had used products from other vendors with not much success. We weren’t able to do monthly phishing simulations, so we had to settle for periodic simulations. As soon as we got on board with Cofense, we could easily run monthly exercises. That dropped our susceptibility rates pretty rapidly. Why is it important to do monthly exercises? Well, not doing it every month wasn’t working. We used to have susceptibility rates around 25%. While our rates have dropped, we also realized we would never get to zero clicks, so reporting is the key metric. Working with Cofense, we show value by helping to stop phishing attacks technology missed. It’s hard to get a dedicated budget for security awareness. But teams across the company understand what we’re doing. People talk about it, including the board of directors. They know that data protection is our number one risk.
Our program has received a lot of visibility and that’s been awesome. It’s really driven security awareness and made our company much more secure. By: Information Security Analyst, Global Financial Services Company