PhishMe has been selected by City, University of London to empower over 20,000 staff and students to be an active line of defence and source of attack intelligence in its fight against cybercrime. The university will deploy a dynamic suite of PhishMe solutions – PhishMe Simulator, PhishMe Triage and PhishMe Reporter – as part of a three-year programme. Universities are being hit by hundreds of successful cyberattacks every year, with more than 1,152 intrusions into UK networks recorded in 2016-2017*. Massive, constantly changing populations of students and staff with many different endpoints are enough to tempt cybercriminals wanting to get their hands on valuable intellectual property and data that can be sold to the highest bidder. For City, improving defences against email-based phishing attacks, in particular, has formed a critical part of its overall strategy.
City engaged PhishMe in mid-2017, who ran a scenario during the annual freshers’ week to provide an indication of how susceptible they could be to phishing attacks. The results from the initial simulation showed a concerning susceptibility rate which was enough to convince the university that it needed PhishMe’s expertise in conditioning users to be more effective at identifying, reporting and mitigating phishing threats. PhishMe’s analytical data and one-touch reporting mechanism has been swiftly integrated into the university’s existing incident management system.
“Today, improving the security posture of the organisation can be found in the top two items of almost every CIO and CISO’s agendas,” says Claire Priestley, director of Information Technology at City, University of London.
“When we launched the latest Information Security Strategy last year, PhishMe was an easy choice to augment our underpinning programme of information security initiatives. Our user community numbers at least 20,000 at any given time. The rapid growth in ransomware contained in phishing emails across all sectors last year necessitated a solution that would help us quickly and effectively build awareness, provide targeted training solutions and offer a one-touch reporting mechanism that integrated easily with our incident management system.”
“With access to cutting-edge research and users who have a high degree of susceptibility to phishing tactics, universities present a lucrative target for threat actors,” said Rohyt Belani, CEO and co-founder, PhishMe. “For staff, a constant stream of new students can make it difficult to pinpoint suspicious emails, while students are often not fully incorporated into the organisational infrastructure and will not have had basic awareness training which might have raised resilience to phishing attacks. Employing human-focused conditioning techniques is therefore an effective approach for educational institutions such as City, University of London, looking to dramatically improve detection and responses to potential security threats.”
For the university, the ability for users to report threats in real-time is just as important to improving their incident response efforts as the conditioning of those users to recognise real phishing threats as they appear.
Claire Priestley added: “Rapid reporting and identification means we can deliver a faster response, and the additional analytics provide invaluable data to help further develop our security intelligence and target our training support to the users that need it most, at the optimum times.”
