The Hidden Costs of Phishing & BEC

A couple of months ago we sat down with Damian Stalls, vCIO director at Fluid Networks to discuss how they dramatically reduced the time their security analysts spent managing the problem of phishing, BEC, and user education. Here were some of the highlights from our discussion.

Recovering From Successful Attacks Are Painful 

‘’We identified we had a lot of users that were making silly mistakes and it was costing our company time and money. This is when we decided to implement Security Awareness Training’’.

In the beginning, it was clear that Damian and his team had a reactive approach to email security and incident response. Everything was post event, meaning after a user had clicked something they shouldn’t have, costing them a lot of resources to clean up successful attacks. In the recent Osterman report, it takes an average of 175 hours to recover from a successful attack, making it a top concern for security leaders moving forward.

Security Training: Help or Hinder?

Damian implemented security awareness training to help educate and stop his users from getting phished. Whilst they solved the problem of reducing the number of breaches, it created other problems. Damian said it significantly increased the number of reported messages and soon they became overwhelmed with alerts.

‘’One of my customers, a long-term friend of mine says, Hey, what happened to that email I sent you? The ticket… I clicked that button on that one email. Was it dangerous? Was it Safe?’’

The Osterman report, indicates that only 22% of organizations investigate all messages reported as suspicious and 84% of organizations saw security awareness training significantly increased the number of tickets / alerts. Security awareness training has created a culture of fear, causing users to forward messages to SOC’s to prevent being a victim of an attack.

Analysts Are Losing The Battle

Damian hired a full-time analyst just to investigate suspicious emails but soon come to realize they needed additional help.

‘’My analyst who was doing all the research on these emails, he was the one who is being burned out and I realized that he is losing this battle’’.

Alert fatigue and burnout are a real problem in the industry resulting in delayed, missed or ignored responses to reported messages.

On average, organizations spend 5,111 hours per year investigating and remediating email threats at a total operation cost of:

U.S: $311,154 (based on average security analyst salary plus benefits for USA)

U.K £107,959 (based on average security analyst salary plus benefits for U.K)

Try our incident response calculator to find how much it costs your organization to respond to email threats.

Eliminate The Time, Pain, & Money

At this point Damian started to look for an additional layer of security and found Cyren Inbox Security.

‘’You’ve completely taken the burden off of our team. You guys are proactively looking in all our users’ inboxes for any threats. If a user reports a threat, your team is on it to investigate it and respond directly back to the customer, letting them know the results of that reported email.’’

Cyren Inbox Security is a powerful plugin to Microsoft Office 365 that continuously monitors for and automatically remediates email threats, eliminating the time your analysts spend managing this problem. Request a demo today.