Phishing simulation and education helps global investment company bolster security

A global investment company looking to better protect itself and staff against phishing attacks.

The Challenge

Phishing attacks – in which cyber criminals trick victims into handing over sensitive information or installing malware – have become an increasing issue for companies. A 2021 report found that 70% of organisations have seen increased phishing attacks since the pandemic began.

While most of us have wised up to basic phishing emails (essentially spam), cyber criminals have begun to use highly targeted spear phishing attacks towards a specific individual, organisation or business – particularly those operating in the finance sector. Recognising the threat, our client wanted to see how staff responded to fake email threats.

The Solution

We conducted a phishing simulation on a preferred email filtering and security platform, which is used to ingest incoming and outgoing emails to the business and weed out spam, malicious, and phishing emails. It has a built-in tool which enables us, and the client, to clearly see how users respond to different threats.

The results, including who opened emails, who clicked on links, who entered information, were then fed back.

The outcome

The client was able to identify the individual staff members who posed the greatest risk to the business when it came to falling for phishing attacks. We worked alongside the client to educate those members of staff, before re-running the phishing simulation.

The client is now much more secure in its defence against phishing and has put a policy in place for reducing staff errors and monitoring phishing attempts. Ultimately, constant education is crucial as cyber criminals adjust their methods.