A financial services firm that had experienced security incidents in the past found that 33% of their employees were failing routine phishing tests. They did not have a Chief Information Security Officer (CISO) in place, and needed strategic guidance to help them better understand their environment and strengthen their security awareness training program.
The client reached out to CBI, and our Virtual CISO (vCISO) experts were engaged. Through surveys and interviews with key stakeholders, we evaluated the organization’s cybersecurity stack and the current maturity level of their security awareness training program.
Armed with insight into their environment and tools, we were able to identify and acquire the threat intelligence sources they needed to develop and maintain strong vulnerability and patch management processes, and advance their user education and data security initiatives.
Top concerns and risk factors in specific areas of the organization were identified, and short and long-term goals were developed to facilitate the advancement of awareness training from annual, compliance-focused efforts to continuous activities focused on motivating employees to promote the organization’s security and business goals.
CBI developed an actionable roadmap to help the client address the human element of cybersecurity and accelerate vulnerability management processes.
Detailed recommendations have enabled them to operationalize threat intelligence at scale to quickly detect and address threats, without overburdening their security team. Insight into gaps in their
defenses and a better understanding of how threat actors think, collaborate, and act has enabled them
to make informed decisions and keep their systems up to date.
Phishing susceptibility rates have been reduced as our vCISO experts continue to guide the organization’s progression towards an engaging approach to security awareness training that drives behavioral change and reduces the impact of security incidents.
|View Case Study|