Choose a business site

Vodafone Business

Our business solutions portfolio and solutions for global businesses.

Local market

Find solutions local to your business. Choose your region:
Close dialog


A case study with an oil and gas company

16 Nov 2022


  • Employee security awareness
  • Preventing data loss
  • Reducing vulnerabilities


  • Anti-phishing campaign
  • Rollout of real-life scenarios
  • Analysis and reporting


  • Higher cyber security awareness
  • Reduced threats and data loss
  • Better business resilience

The customer and the challenge

Identifying security needs

An oil and gas company delivers crucial services to their customers, so it must ensure business continuity and safety is at its best. The client required a comprehensive social engineering exercise to verify the level of security awareness throughout the company with email-based scenarios involving employee impersonation. This way, they’d be able to spot the main needs they’d have to address, such as training, further security policies, and so on.

Raising awareness and compliance

Cyber security threats were causing confidential data loss, creating vulnerabilities in IT systems and increasing the cost of improving cyber defence mechanisms. Phishing has been by far the biggest information security challenge for the client, with a significant number of attacks occurring globally each day, due to the ever-changing IT threat landscape. But this had to stop. Our aim was to spread cyber security awareness among employees, reinforce the importance of following security policies and advise on further rules or guidelines where needed.

How we helped them

Things are not always what they seem

With our Phishing Awareness Service, we created multiple email-based scenarios with various levels of credibility to measure the susceptibility of employees. The emails were sent from impersonated employees and supported by the client’s internal collaboration channels, with malicious attachments, credential extraction landing pages and forms for capturing user credentials. We’ve also provided recommendations for an improved security awareness programme, so their business could become even more resilient.

Covering all the bases

Using a valid client account and with access to collaboration media and the corporate directory, we created highly credible insider simulations. We conducted multiple anti-phishing campaigns by rolling out scenarios to employees using the ‘Phish me’ tool. We managed the end-to-end phishing campaign including the development and launch, rollout, monitoring and response to user queries and feedback. We’ve also performed business analysis and reporting, Consequence Management, Training and Awareness and rollout of different real-life themes – including data entry, click-only, attachment-based and double barrel.

Spreading cyber security awareness across the globe

The client was successfully able to determine and monitor a baseline for susceptibility to phishing attacks by using simulated real-world scenarios. We created and implemented an information security behaviour change programme for all client employees across the globe. Our consultants implemented a multi-stage programme, designing and delivering an ethical phishing campaign that met the client’s needs. Now, their business and employees are safe – and their information, secure.

Why choose us?

Security simplified: one bill, all in one place

Proven to protect over 150 million IoT devices globally

Fit for the future protection, integrated partnerships

Related articles

Interested in our solutions?

Send us an enquiry and one of our Sales Specialists will call you back