Try demo
Case study

How we helped a leading Swiss financial technology and services provider teach employees to recognize and report threats

About
Headquarters: Switzerland
Employees: 3,500
Financial technology and services
Challenge
Impossible for the security team to measure any improvement or resilience against threats in the employees’ day-to-day activities toward phishing.
Solution
Engaging employees to become more resilient and proactive against incoming threats. And measuring the success of the training program.

Our customer is the number one provider in financial technology and services for banking. Its solutions are used by over a hundred of the leading banks worldwide. And the company has been recognized by leading industry analysts. Headquartered in Switzerland, it additionally has several offices all over the world.

 

Due to the increasing number of sophisticated cyberattacks reported in the financial industry, including affected partners, the company was looking to change its employees’ behavior and enable them to become more proactive and actionable against incoming cyber threats.

 

Before Hoxhunt: One-size-fits-all security training

Before using Hoxhunt, the organization educated its employees primarily with one-size-fits-all training activities like sending educational newsletters and hosting classroom sessions. These activities were paired with email filtering solutions to enhance the organization’s security. Yet, it was impossible for the security team to measure any improvement or resilience against threats in the employees’ day-to-day activities toward phishing.

 

The CISO mentioned that, previously, the training of employees strove to fulfill the necessary compliance regulations. However, the turning point derived from one of the organizations in their ecosystem that had been affected by ransomware, which really substantiated the call for enabling employees to better recognize and report threats resulting from phishing attempts.

 

‘We were looking for a lean solution.’

For the security team, the goal was clear; they needed to mature the organization’s first line of defense in terms of security by engaging employees to become more resilient and proactive against incoming threats. To do so, they considered several different solutions on the market and concluded that various elements of Hoxhunt were crucial in achieving that objective.

 

As little interruption as possible in terms of employee efficiency was one of the major reasons for choosing Hoxhunt. Hoxhunt doesn’t disrupt the workflow of employees despite the high frequency of training moments. Their employees now receive continuous training simulations that take place in a real environment using their day-to-day mail systems. As the CISO mentioned, whether employees failed or passed a simulation, they now receive micro-training immediately afterward to enhance their knowledge and make them more cautious, rather than their being forced to follow training three to four weeks after making a mistake.

 

‘Hoxhunt stood out because it was so effective at one thing: teaching employees to recognize and report threats.’

 

The security team wanted their employees to not only recognize threats but also actively and easily report them. That way, the SOC team could see what type of real threats was reported, to be able to delete similar threats from other employees’ inboxes as quickly as possible. As a result, the security team can proactively prevent further damage by similar threat campaigns.

 

‘Not only are employees trained to recognize basic phishing emails, (but) they are now also able to identify spear-phishing due to Hoxhunt’s personalized simulations and learning paths.’

 

Together with Hoxhunt, the security team enabled employees to recognize spear phishing, which became possible through the AI we leverage to send personalized simulations to each employee. The personal learning experience also helped in providing a highly relevant training experience for each employee that boosted the engagement rates with the training.

 

Other benefits that the CISO noted were the fully automated approach and Hoxhunt’s interoperable integration with the company’s existing technical ecosystems. Both freed up a lot of time for the security team.

 

The results

The company’s security team now focuses on different metrics to measure the success of their security training. The statistics and user trends of Hoxhunt now also form part of the key security metrics that are reported to senior executives, including the board of directors, on a regular basis.

 

Onboarding rate: Just under 80% of the employees have been successfully onboarded to Hoxhunt’s program through the efforts of the security team together with the customer success team. The goal is to onboard as many employees as possible. High onboarding rates mean a more reliable defense layer for the security team.

 

User onboarding rate stats

 

Reporting rate or success rate: Around 60% of the employees are actively reporting the threats they’re facing, consisting of both simulated and real threats. This gives the SOC team good insight into the type of threats that the organization receives in general and allows them to delete similar-looking threat campaigns from user inboxes.

 

Overview statistics

 

Failure rate: After six months of enrollment in Hoxhunt’s program, the security team noticed a significant drop in the failure rate among employees, even with the challenging spear-phishing attack simulations.

 

Failure rate graph

 

Trend in user behavior over time: The CISO stressed that this is a very important metric to track the user’s behavior development with threats is over time, and the impact that it has on the organizational risk profile. Overall, they noticed that the risk profile has significantly decreased after employees participated in Hoxhunt’s training for a longer time.

 

Qualitative feedback: Besides quantitative metric improvements, there has been feedback from employees who have been impressed by the quality of the simulations that were sent to them. Some of them wondered where all the personalized information came from. Simultaneously, the CISO mentioned that they’ve grown used to receiving simulated threats, which is a very healthy sign.

 

Developing even further

Together with our customer success team, the company strives to improve organizational resilience even further. The CISO noted that they want to integrate Hoxhunt even better into their current ecosystems and SOC operations. And recently, they’ve extended their contract for three more years with Hoxhunt to do so.