Billions of data points. Millions of sources. Hundreds of communities.
TomTom is the mapmaker bringing it all together to build the world’s smartest map. They provide location data and technology to drivers, carmakers, businesses, and developers. Their application-ready maps, routing, real-time traffic, APIs and SDKs enable the dreamers and doers to shape the future of mobility. TomTom has been helping people find their way in the world for over 30 years.
Employees: 4,000 globally
“We were a small security team tasked with building up security capabilities very quickly, and Hoxhunt has been extremely useful for us. The response platform is a force multiplier that does the initial triage for us without us having to scale out a massive team to look at every email being reported to us by our well-trained employees.”
The personal navigation systems for which TomTom is famous were first stuck to car dashboards in 2004. But their traverse into B2B business territory necessitates delivering the highest standards of security. Doing business with tech giants and global automotive companies --where data breaches can endanger lives and compromise sprawling digital networks—of demand for continuous improvement in security maturity, starting with compliance.
Hoxhunt helped TomTom reach compliance in 12 months. As a result, the TomTom security team has effectively helped make security an integral part of the broader growth strategy and revenue enabler for B2B activity.
“Hoxhunt supported our continuous security maturity journey to achieve compliance in 12 months,.” —Craig Knox, Director: Platform and Product Security
Compliance was the beginning of the journey, not the destination. Ultimately, Craig and the security team knew they needed to demonstrate measurable security behavior change and human risk reduction to attain a competitive advantage for enterprise B2B partnerships.
Hoxhunt helped fuel outstanding behavior change training results:
“Our customers were a big, big driver in our push to level up our security posture. We had to show them compliance and we had to show them we have excellent awareness of security topics and of phishing attacks. With our enterprise customers, we absolutely had the drive to mature our security posture to drive new opportunities. But secondly, our automotive customers are becoming much more regulated, and to work with them security is no longer our only concern. Safety is a challenge as well: Can someone hack our software to get into the brakes of a vehicle? Can someone switch off the vehicle through our software?” —Craig Knox, Director: Platform and Product Security
As a company built on innovation and fast research and development, TomTom appreciated how well Hoxhunt allowed employees to level-up their security skills without slowing them down or distracting them from their work. Hoxhunt’s ongoing, personalized micro-trainings seamlessly integrated into corporate workflows and uplifted company security culture.
After implementing the program, TomTom was met with an enviable problem: the Hoxhunt security behavior change program worked too well! The employee threat reports went from a dozen trickling in per month, to pouring in by the thousand: undeniable proof that their security behavior change program was working.
Handling the deluge in a timely manner would have taken at least two full-time SOC analysts for triage, estimated Craig.
So the TomTom security team enlisted the Hoxhunt Incident Response Platform to do the heavy lifting. Hox Response automatically orchestrates threat data to group and categorize reports in order to accelerate incident response. It let the security team cut out the noise and prioritize real incidents.
“Hoxhunt has been extremely useful for us as a force multiplier. The response platform is a force multiplier that does the initial triage for us without us having to scale out a massive team to look at every email being reported to us by our well-trained employees.”
TomTom employees use the Hoxhunt button to report thousands of suspicious emails each month. Of those, the Feedback Rules feature allows admins to whitelist internal communications, which are commonly mistaken as phishing emails, in order to avoid interruption of employee workflow and prevent unnecessary threat feed bloat. The Hox Response Platform’s automated data orchestration has let Craig’s team focus only on the highest priority incidents.
This reduced threat feed noise by 99%, which equates to tremendous savings in SOC resources, costs, and time. Indeed, the element of time is crucial to incident response; the faster an incident is addressed, the more likely it's to be neutralized. Or, put another way, the longer an incident can fester in the system, the more damage it will do.
“Rather than building on guess work, where we have a perception of a problem in which we assume we get ‘X’ amounts of spam, commodity phishing, or targeted spear-phishing attacks, we use the Response platform and learn from our people’s reporting to us that for instance 20% of our phishing emails are commodity attacks, and 1% are targeted spear-phishing, and the rest are false negatives. This lets us strategically improve our controls. For instance, we can implement SPF, we can implement DKIM, we can implement DMARC. This sort of threat intelligence is very valuable.”