A strategic partner organisation was receiving a concerning level of social engineering attacks. The majority of these were through phishing emails.
We conducted a threat modelling exercise and discovered the emails were highly targeted at senior members of staff, or staff who had access to financial or sensitive data. It was clear the malicious parties were spending a lot of time on reconnaissance, often using social media to gather information then targeting key employees.
As these attacks were non-technical, we established the existing technical network protection measures were sufficient. But the key gap was in staff awareness of identifying, stopping and reporting the threats and attacks. To treat this vulnerability, we then designed a training and awareness package to be delivered to all staff.
Since then, numerous attacks have been prevented and the significantly improved reporting of them has allowed deeper analysis of the threats to be carried out and delivered.
You guys are always the best! Appreciate your team so much!”