Cofense PhishMe for global manufacturer

I’ve managed our company’s security awareness program for three years now. We launched it after a handful of successful spear phishing attacks, realizing that we needed to do a better job of educating users. We wanted a solution to help them spot suspicious emails, one with strong metrics to help track progress. That’s why started using Cofense PhishMe and Reporter. We now send monthly simulations to 60,000 users. Our reporting rate is often around 30 percent. We use PhishMe to run monthly simulations with our global users, all 60,000 of them. The first year of the program our click rate was up around 25 percent. Now we’re under 10 percent, so it’s definitely making a difference. In fact, we used to say that a click rate of 10 percent was good, but now we shoot for eight percent. I get a lot of positive feedback from people in different departments. They’re interested in the metrics: how is my team doing compared to other teams? For example, our legal department used to be dead last, but after working with me to educate their team their performance has really improved. The companywide results have been mostly good. In April of 2019 we did a Package Delivery scenario, which got a click rate of only 6 percent and reporting rate of 29.6. In July, we ran a Quarantine Email phish where 7.21 percent failed, with reporting just under 23 percent. I do a quarterly newsletter where I stress the importance of reporting suspected phish. We call it out prominently: ‘When in doubt, report!’ We want people to know that if they don’t report, the SOC won’t know about a possible phishing threat. There are only so many ways to tell people what to look for in emails. The best way help them is through reiteration. Our SOC tells us that user reporting definitely gives them better visibility to threats. The SOC now has Cofense Triage to sort through reported emails faster, filtering out the harmless ones—like my employee awareness newsletter!—from real phishing threats. They love it. They get thousands of email reports every single day, so Triage saves them a ton of time. The team no longer has to guess about the true nature of an email. The SOC has blocked a lot of emails that users reported and Triage verified. Our incident responders see all types of phishing emails, especially credential phish. Recently, there’s been a huge increase in sextortion emails, where the sender uses information from accounts that were compromised in breaches like the LinkedIn hack, to scare the recipient into making a payment. The SOC has also been seeing a rise in file-sharing malware as well, with emails containing links to box.com, SharePoint, We Transfer, and the like. Talking to the SOC is an important part of our awareness. I’m working on creating a process to get this information as a matter of course, so if something is a big concern we can work it into our simulations.