blog-logo.png

A BLOG ABOUT CYBER SECURITY

Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.

Wombat Cybersecurity Education Helps Texas City Avoid BEC Attack

Posted by Gretel Egan on Nov 10, 2017 10:38:50 AM

Topics: Security Awareness and Training, Phishing, In the News, Vishing, Business Email Compromise, All Posts

Wombat_Blog_CityofGarland_November2017.jpgEarlier this week, we released a new industry case study in conjunction with our partner Future Com, a leader in the network foundation, performance, and security space. The study illustrates how our security awareness and training solutions — delivered by Future Com — helped the City of Garland, Texas, reduce phishing susceptibility by 80%, build a stronger culture of security, and avoid a potentially costly business email compromise (BEC) attack.

The 13th largest city in Texas, Garland is a major manufacturing and industrial hub for the Dallas/Ft. Worth Metroplex. The City’s journey to improving its users’ cybersecurity awareness and knowledge began when Shannon Mejia, Garland’s IT Support Services Manager, heard Chris Boykin, the CTO of Future Com, present at a local industry event. There, Boykin spoke about the importance of accounting for human behavior in managing risk, a philosophy that is reflected in Future Com’s partnership with Wombat. Future Com uses Wombat’s industry-leading assessment, education, reinforcement, and reporting tools to deliver effective security awareness and training services to its clients.

A short time after she met Boykin, Mejia worked with Future Com to send a simulated phishing assessment to 1,300 City of Garland employees. The phishing test generated a click rate of 31%; when Mejia shared this failure rate with City managers, directors, and other officials, they agreed the City needed a robust security awareness training program for its users.

color_bar.png

Download your free copy of the case study.

City of Garland Reduces Click Rates, Avoids BEC Attack

color_bar.png

A Holistic Cybersecurity Education Program With Measurable Results

Future Com helped Mejia design the City of Garland’s cybersecurity curriculum, which includes Wombat’s ThreatSim® Phishing Simulations, PhishAlarm® email reporting, year-round interactive training assignments, and business intelligence tools.

During the first year of its employee training program, the City saw an average failure rate (across all campaigns, including the baseline assessment) of just over 17%. By three-quarters of the way through its second year, the average failure rate across all campaigns dropped to just 3.4% — an 80% reduction from year one. In addition, in the two months following implementation of the PhishAlarm reporting button, employees identified and reported more than 200 suspicious emails.

But the improvements went beyond click rates and reported emails. The City of Garland also saw a real-world BEC attack thwarted by an alert employee. The scam had started with a vishing phone call before progressing to email — and Garland was not the attacker’s only target.

“We heard that, the following week, another city in Texas had the same exact type of attack happen to them,” said Mejia. “Unfortunately, their employees did not catch the scam, and they lost hundreds of thousands of dollars because they were tricked into wiring money to a fraudulent account. Our employee really came through for us, and I don’t believe we would have had the same outcome if we hadn’t been delivering training.”

In speaking about Future Com’s partnership with Wombat, Boykin noted that our methodology differentiates us from other security awareness training solutions. “Wombat’s bite-sized, interactive training is designed to keep the users’ attention while teaching them practical ways to spot scams,” he said. “Combined with their simulated phishing and Teachable Moments, the training goes beyond security awareness, and provides a mechanism to actually alter human behavior when it comes to security. We have seen significant improvement from the baseline test to subsequent monthly tests performed at City of Garland, as well as our other clients.”

 

icon-book.png

Try Our Interactive Security Awareness Training Modules

Our 25+ interactive training modules in topics like Email Security, URL Training, Mobile App Security, and more are proven to change the behavior of end users and reduce risk.

Try Our Modules

   Educate Yourself: Protect Against Security Vulnerabilities