KnowBe4 for Softcat

Challenge. The struggle that Softcat faced in containing issue boils down to two primary factors. Firstly, until three years ago, its security awareness programme was conducted on an ad hoc basis. Any training was typically implemented during the induction period, when new employees first joined the business. On top of being infrequent, training would often be missed due to a lack of time or getting lost in the long to-do lists that accompany starting a new job. Secondly, the field in which Softcat operates requires that employees work with a vast number of third parties. Indeed, at present, the company has upwards of 12,300 long-standing customers and at least a thousand partners. It also receives as many as 50,000 inbound emails a day. In other words, a quarter of a million inbound emails per working week! Solely considering the sheer number of clients and partners, as well as the immense influx of emails, the risks of a phishing attack are heightened multi-fold. One of the principal problems that Softcat has observed in the market is the compromise of business emails. On numerous occasions, a third-party suffers a phishing attack and the account becomes compromised. The account then sends out malicious emails to its contacts, including Softcat. At this stage, the risk is very high as the email appears to originate from a legitimate, known contact. Implementation. The implementation of KnowBe4’s training programme could easily be described as seamless as well. Under the sole supervision of an apprentice, Softcat was able to have the programme up and running in less than two months. Whenever a roadblock was hit, the customer relationship manager at KnowBe4 was quick to provide support. Indeed, Mark praised KnowBe4’s customer service as “second-to-none”, giving more time to the senior IT personnel to focus on other, more pressing jobs. Results. KnowBe4’s training content range as well as customisation options are among the most advantageous aspects of the service to Softcat. That, plus the frequent reminders and ease of use, allows Softcat’s employees to be efficiently made aware of the risks of operating online in the modern day. The fact that the programme runs without a huge administrative overhead is especially appreciated by Mark and his team of four, who have a heavy workload as it is. In the near future, Mark plans to build a phishing campaign that closely mimics the business email compromises that he sees occurring from within the supply chain. The great selection of email templates available through the KnowBe4 platform, as well as the option to customise templates will be beneficial in this process. The main goal for Mark going forward is to significantly reduce the baseline of 12%. “The more that employees are able to identify a phishing email, the more effectively and swiftly the IT team can spin off a workflow to neutralise the threat and safeguard the company’s cybersecurity.” – Mark Overton Head of IT Security, Softcat