The customer and the challenge
Identifying security needs
An oil and gas company delivers crucial services to their customers, so it must ensure business continuity and safety is at its best. The client required a comprehensive social engineering exercise to verify the level of security awareness throughout the company with email-based scenarios involving employee impersonation. This way, they’d be able to spot the main needs they’d have to address, such as training, further security policies, and so on.
Raising awareness and compliance
Cyber security threats were causing confidential data loss, creating vulnerabilities in IT systems and increasing the cost of improving cyber defence mechanisms. Phishing has been by far the biggest information security challenge for the client, with a significant number of attacks occurring globally each day, due to the ever-changing IT threat landscape. But this had to stop. Our aim was to spread cyber security awareness among employees, reinforce the importance of following security policies and advise on further rules or guidelines where needed.
How we helped them
Things are not always what they seem
With our Phishing Awareness Service, we created multiple email-based scenarios with various levels of credibility to measure the susceptibility of employees. The emails were sent from impersonated employees and supported by the client’s internal collaboration channels, with malicious attachments, credential extraction landing pages and forms for capturing user credentials. We’ve also provided recommendations for an improved security awareness programme, so their business could become even more resilient.
Covering all the bases
Using a valid client account and with access to collaboration media and the corporate directory, we created highly credible insider simulations. We conducted multiple anti-phishing campaigns by rolling out scenarios to employees using the ‘Phish me’ tool. We managed the end-to-end phishing campaign including the development and launch, rollout, monitoring and response to user queries and feedback. We’ve also performed business analysis and reporting, Consequence Management, Training and Awareness and rollout of different real-life themes – including data entry, click-only, attachment-based and double barrel.
Spreading cyber security awareness across the globe
The client was successfully able to determine and monitor a baseline for susceptibility to phishing attacks by using simulated real-world scenarios. We created and implemented an information security behaviour change programme for all client employees across the globe. Our consultants implemented a multi-stage programme, designing and delivering an ethical phishing campaign that met the client’s needs. Now, their business and employees are safe – and their information, secure.