Earlier this week, we released a new industry case study in conjunction with our partner Future Com, a leader in the network foundation, performance, and security space. The study illustrates how our security awareness and training solutions — delivered by Future Com — helped the City of Garland, Texas, reduce phishing susceptibility by 80%, build a stronger culture of security, and avoid a potentially costly business email compromise (BEC) attack.
The 13th largest city in Texas, Garland is a major manufacturing and industrial hub for the Dallas/Ft. Worth Metroplex. The City’s journey to improving its users’ cybersecurity awareness and knowledge began when Shannon Mejia, Garland’s IT Support Services Manager, heard Chris Boykin, the CTO of Future Com, present at a local industry event. There, Boykin spoke about the importance of accounting for human behavior in managing risk, a philosophy that is reflected in Future Com’s partnership with Wombat. Future Com uses Wombat’s industry-leading assessment, education, reinforcement, and reporting tools to deliver effective security awareness and training services to its clients.
A short time after she met Boykin, Mejia worked with Future Com to send a simulated phishing assessment to 1,300 City of Garland employees. The phishing test generated a click rate of 31%; when Mejia shared this failure rate with City managers, directors, and other officials, they agreed the City needed a robust security awareness training program for its users.
Download your free copy of the case study.
A Holistic Cybersecurity Education Program With Measurable Results
Future Com helped Mejia design the City of Garland’s cybersecurity curriculum, which includes Wombat’s ThreatSim® Phishing Simulations, PhishAlarm® email reporting, year-round interactive training assignments, and business intelligence tools.
During the first year of its employee training program, the City saw an average failure rate (across all campaigns, including the baseline assessment) of just over 17%. By three-quarters of the way through its second year, the average failure rate across all campaigns dropped to just 3.4% — an 80% reduction from year one. In addition, in the two months following implementation of the PhishAlarm reporting button, employees identified and reported more than 200 suspicious emails.
But the improvements went beyond click rates and reported emails. The City of Garland also saw a real-world BEC attack thwarted by an alert employee. The scam had started with a vishing phone call before progressing to email — and Garland was not the attacker’s only target.
“We heard that, the following week, another city in Texas had the same exact type of attack happen to them,” said Mejia. “Unfortunately, their employees did not catch the scam, and they lost hundreds of thousands of dollars because they were tricked into wiring money to a fraudulent account. Our employee really came through for us, and I don’t believe we would have had the same outcome if we hadn’t been delivering training.”
In speaking about Future Com’s partnership with Wombat, Boykin noted that our methodology differentiates us from other security awareness training solutions. “Wombat’s bite-sized, interactive training is designed to keep the users’ attention while teaching them practical ways to spot scams,” he said. “Combined with their simulated phishing and Teachable Moments, the training goes beyond security awareness, and provides a mechanism to actually alter human behavior when it comes to security. We have seen significant improvement from the baseline test to subsequent monthly tests performed at City of Garland, as well as our other clients.”