Case Study - Maintaining vigilance

Ipcos

After an initial baseline measurement, Ipcos came to a remarkable conclusion: almost half of their highly trained employees were susceptible to phishing. Barely four months later, this figure was down to 13%.

The Challenge

After several incidents with real phishing attacks, it was decided to set up a structured training and coaching program

Van Overschee: “We once had to deal with CEO fraud: someone pretending to be me tried to embezzle large sums of money through social engineering and typosquatting (phishing where a proper name is changed slightly, e.g. Ipcas instead of Ipcos). At the time, everyone was shocked for a moment, but apparently human memory is not capable of maintaining that vigilance after all.”

The Outcome

Besides reporting, the simulations were the main eye-opener. After only four months on the Phished platform, cyber awareness had already increased significantly and the number of successful phishing attempts has decreased.

"By regularly coming into contact with possible phishing messages, we notice that everyone is now always alert and can spot the dangers," says Van Overschee. "We already had two-step verification and regularly discussed phishing during meetings, but it is clearly the frequent contact with simulations that makes the biggest difference."