One of the simplest attack methods that cyber criminals use is to target unsuspecting workers with Phishing emails. This is an especially tempting method for an unsophisticated attacker, as it tends to be inexpensive, requires little in the way of expertise, and can be highly effective.
Phishing emails can be sent to thousands of employees simultaneously, and it takes just one careless click for the hacker to succeed.
Like many organisations, our client was at a higher risk because of an underinvestment in phishing defences. This client was at risk for enabling fraudulent transactions, lost money, private commercially sensitive information being distributed, and reputational damage.
ThreeTwoFour took the organisation through a multi-step process:
- Collaboratively Building Requirements: First, we helped them to understand what requirements they needed to have in place to help mitigate successful attacks.
- Market Analysis and Recommendation: We completed a full market analysis, understanding the best options, and making a recommendation.
- Delivery: We supported the client through successful delivery, following through until the solution was fully functioning and ensuring they were delighted with the outcome.
- Benchmarking & Ongoing Testing: In order to continue improving and mitigating successful attacks, we created benchmarks and the client has run ongoing testing to prove decreases over time.
At the end of this project, the client was the proud owner of an enterprise-level anti-phishing capability, encompassing a technical solution coupled with new processes, expertly tailored to meet their needs. It left them able to persistently train staff members, raising awareness of these types of attacks. It also gave them best-in-class intelligence on new and current threats, enabling them to detect and respond in a timely and comprehensive manner. As a result, they’ve been able to materially decrease the number of successful attacks. Phishing attacks are too frequent and high risk for any responsible organisation to ignore. In fact, a data breach investigations paper released by Verizon in 2020 reported that 88% of companies worldwide experienced at least one spear phishing attack in that year.
Our client base includes small and mid-size clients who are looking for a balance between appropriate risk management and not stifling business activity.