About Friesland Campina
FrieslandCampina produces and sells consumer products such as dairy-based beverages, infant nutrition, cheese and desserts in many European countries, in Asia and in Africa via its own subsidiaries. Dairy products are also exported worldwide from the Netherlands. In addition, products are supplied to professional customers, including cream and butter products to bakeries and catering companies in West Europe.
FrieslandCampina has branch offices in 34 countries and employs 23,769 people. FrieslandCampina’s products find their way to more than 100 countries.
Because they have thousands of employees in offices across the world, it’s important for them to keep the data safe.
“HoxHunt didn’t only change the way we look at cyber security. They actually managed to make cyber security the hottest topic in our employees lunch tables.”
Phishing is the single biggest problem Friesland Campina has in their cybersecurity. Previously Friesland’s cyber security team used to create manually twice a year phishing email templates that they would send out to employees to test the response. They noticed that even if it did help them create awarenss about phishing emails, it didn’t really drive behavior change across the organization. The team noticed it was also time consuming to create the templates and measure how employees responded.
They were looking for something that would automatically train their employees to recognize and react to threats.
At first, their internal stakeholders were not sure about how solutions like Hoxhunt can help them with this problem.They also have done and still do e-learning to teach their employees why phishing threats are not just a problem to the company, but also that their personal data are in risk and phishing emails do happen outside business as well.
Hoxhunt was initially recommended as a solution by another CISO. They engaged in a pilot with Hoxhunt to convince the internal stakeholders to invest in Hoxhunt. A group of employees engaged in the pilot and within that group they were able to show how the behavior of the employees had changed with the simulation. They had to prove to the internal stakeholder that the learning curve actually would go up, which it did.
That convinced them to take Hoxhunt in use for a bigger group internally. What they initially liked about Hoxhunt was that it provides a constant learning environment for the users. An important factor for them was also that Hoxhunt is present in their daily work and it simulates real life threats well. It is present in their core working environment. Hoxhunt was also easy to setup and a solution that would scale across their vast workforce.
What they also noticed was that training users constantly provides a constant level of awareness in the company. This helped Friesland to detect and report actual phishing attacks. With Hoxhunt the number of reported threats more than doubled, which created another problem, more load for the service desk. This is where the incident response model came in. The reported threats could be now categorized with the incident response model so the threats that were the most urgent could be prioritized.
Pre Hoxhunt employees had to call or email the service desk when they noticed a suspicious email. They were then instructed to save the email as an attachment and send an individual email to the service desk. WIth the Hoxhunt reporting plugin, all the employee had to do was to click a button in their email client and the threat was noticed by the response team. The employees also got feedback about their threats being acknowledged.
When Friesland encounters a phishing attack, they use the Hoxhunt dashboard to grasp how wide the incident is and how many people are encountering it. This helps them to assess the threat and react quickly to them.
Every employee has the Hoxhunt button in their email client which helps the company to stay on top of threats and build a strong human layer of defense. The time of the security team is freed to work on reacting to the threats instead of having to spend a lot of time educating the employees about phishing threats.