Cofense PhishMe for Global CPG Leader

Background and Challenges. In 2015, this consumer product goods (CPG) leader had no formal anti-phishing program. Knowing the threat was growing and its security team needed help, the business began using Cofense PhishMe® to measure employee’s susceptibility to suspicious emails and Cofense ReporterTM to report them with one click. Later, the CPG firm deployed Cofense TriageTM to help incident responders recognize threats and remediate them faster. According to the CPG company, 28 percent of employees, as well as third-party contractors, clicked on bad emails during initial Cofense simulations. “That was a wake- up call,” said the CPG company’s head of security awareness. “We knew we needed improvement, but thought we were in better shape than that.” Employees needed help in spotting potential phishes – especially critical departments more heavily targeted by attackers. Moreover, the company needed a central storehouse where suspicious emails could be forwarded and automatically prioritized. Incident responders had to spend hours sifting through 500 to 1000+ emails reported daily. Instead of focusing their efforts on dealing with real phishes – not to mention the myriad other security issues they faced – responders wasted time manually sorting through the clutter to distinguish threats from noise. Solution and Results. While metrics continue to improve, “Our leadership wants to know that we’re always getting better. Cofense lets us demonstrate that. We can’t just do the same basic simulations over and over. With Cofense PhishMe, it’s easy to customize more complex phishing scenarios. Over time, we’ve made the exercises more advanced, personalizing emails by name and company logo, to reflect what’s happening in the real world.”

• Fewer than 1 in 10 employees now click on simulated phishes
• Up to 9 in 10 employees in some critical departments correctly report simulated phishes
• Just 20 percent of reported emails are personally triaged by incident responders – thanks to automation

Conclusion. With susceptibility rates in the single digits and reporting rates steadily rising, the head of cybersecurity reports that “employees have become an important line of cyber defense.” And thanks to the automation and analytics of Cofense Triage, “we’re not drowning in information anymore and can act on threats right away.”