Cofense PhishMe for the bank

Additional information

Source: Supplier's web site


Background. United Community Bank (UCB) is a $10.4 billion regional banking institution with 140-plus branches across Tennessee, Georgia, South Carolina and North Carolina. The company employs nearly 2,000 people who use email throughout the business day. Management wanted to ensure all employees use email safely and have the ability to recognize a phishing attempt when one crosses their inboxes. Phishing defenses are especially critical to banks since they are a favorite cybercrime target. Challenges. UCB chief executives have seen their fair share of phishing attempts in their inboxes, according to UCB Chief Information Security Officer Jim Stewart. But while an executive may have a stronger nose for sniffing out phishing emails, management worried the majority of employees may be less attuned to the threat. “We decided we needed to condition our employees against phishing,” Stewart says. Doing so wasn’t without challenges because “there’s a fine line between security and service.” If you lean too far in one direction and block everything that looks suspicious, it could be at the expense of responding to customers. Since world-class customer service is what distinguishes UCB from larger competitors, the company needed the right vendor to provide a scalable phishing solution while saving UCB time and effort. Results. The first simulation targeted the bank’s 14-member technology steering committee. Ramp-up time was limited because the committee was scheduled to meet two weeks after deployment, but thanks to the ease of installation, UCB completed the test successfully. “With a lot of other security solutions, we just wouldn’t have tried to run a proof of concept in that short time frame,” noted Stewart. “It’s usually impossible. But with Cofense it was just easy.” As simulations continued, department heads became invested in the program, even treating it as a competition. Our chief legal counsel, whose staff had scored particularly high, Hucko says, “sat everybody down, put them through extra training and really emphasized the importance of understanding the effects of a potential phishing attack on the company. Ever since that meeting, his group has had the lowest susceptibility in the company.” Stewart credits the Cofense team with making the implementation straightforward. Whenever he’s had a question or request, the team has responded promptly and effectively. For instance, the team obliged his request to parse users by job title and location. Per Stewart, Cofense has provided solid guidance and support, “all the way from sales and demos to contract implementation to post implementation support. Time is of the essence in everything we implement so when something’s that easy, you start out of the gate with a very positive feeling about it.” Conclusion. Stewart initially had some misgivings about an anti-phishing campaign. “It feels a little bit devious, like you’re trying to trick your employees.” Then he realized while he was thinking about the situation “with a conscience,” attackers have no such moral quandaries. A company of 2,000 employees is a company with 2,000 potential vulnerabilities. Using a little deviousness to determine phishing susceptibility and which employees are the most likely to click suspicious emails is a small price to pay to prevent a phishing attack. Cofense, Stewart says, has helped turned those 2,000 vulnerabilities into 2,000 defenders.



Shortage of inhouse IT resources

Risk of attacks by hackers

Risk of data loss or damage

Business tasks

Enhance Staff Productivity

Ensure Security and Business Continuity

Similar deployments