About the customer
One of our customers is a globally operating fast moving consumer good company producing and selling consumer products such as dairy-based beverages, infant nutrition, cheese, and desserts. Through her subsidiaries, the company serves customers in many European countries, as well as in North- and South America, Asia and Africa.
With office branches in more than 30 countries, the customer employs nearly 24,000 people in total, and her products are found in more than 100 countries. Having such a wide reach, with employees and clients from across the globe, cyber security is of great importance to the company.
Detecting and reacting to phishing emails is one of the main cyber security challenges.
Initially the cybersecurity team of the customer manually created phishing email templates to send to the employees. The templates were distributed twice a year to test awareness, as well as gauge how employees acted in response. Although the testing method was somewhat beneficial, this approach did not achieve a behavioral change across the organization.
In addition to the lack of effective response, the cybersecurity team also found the testing method to be unnecessarily time-consuming due to the many manual steps in the process to create and send the phishing email templates.
As a result, the cybersecurity team started looking at options for automating the process. Rather than continuing to lose valuable hours on an inefficient security method, they were looking for a solution that would help employees recognize and respond to phishing threats in a more frequent and automated way.
The Solution: Hoxhunt
The customer started testing Hoxhunt and the integrated automated constant learning environment for her employees. Hoxhunt integrated easily in the core working environment and it provides users real life threat simulations on a regular basis.
Simulation results with Hoxhunt
With Hoxhunt’s simulations starting to reach the employees mailboxes and their employees starting to engage in the training, the customer quickly began seeing a decline in the rate that her employees clicked on phishing emails. The failure rate dropped from an initial 8% close to 2.5%.
Integration into the email client
Before Hoxhunt, the customer’s employees had to call or email the service desk when noticing a suspicious email. They would then be instructed to save the email as an attachment and forward it to the service desk. This practice was cumbersome for the user, leading to a low reporting rate of phishing emails.
Example of a simulation sent by Hoxhunt
With the integration of Hoxhunt into the email client, customer’s employees now have a one-click user experience and are able to easily report any type of suspicious emails. When receiving a Hoxhunt-generated phishing simulation email, employees are rewarded for recognizing and reporting those emails to the Hoxhunt platform. When receiving an actual phishing email, the response team is notified instantly and provides the reporting employee with feedback about the threats being acknowledged. With a Hoxhunt button in every employee’s email client, the company is easily able to stay on top of threats while simultaneously building a strong human layer of defense.
Many of customer’s employees gave us an NPS rating of 9 or higher. Here are three example reactions:
“It's fun to get see the dangerous emails. And you learn to spot them, that is also very handy in your private emails.”
“Practical approaches with simulated phishing emails and details on how to identify and report phishing emails.”
"HoxHunt makes it fun to detect phishing mails, without taking too much time."