Advisory Financial Services Client Story

Using Phishing Awareness Testing After Information Security Awareness Training

A financial services Client mandates security awareness training across their organization on a regular basis. Our Client wanted to verify the effectiveness of their awareness training and evaluate the risk exposure of critical business units within the organization.
Read our other Financial Services Client Stories.

Validating online security training effectiveness
Financial Services

Practice Areas
  • Phishing and Employee Awareness Campaigns

Our Client’s Challenge:

  • Phishing, a form of social engineering, is a common avenue by which an intruder can gain access to a company’s internal systems. An attacker who tricks employees into providing their credentials can leverage such accounts to perform damaging attacks.
  • Though security awareness training was mandated for all employees, our Client was unsure of the effectiveness of the awareness training and wanted to focus on a phishing simulation to align training knowledge to real-world outcomes.
  • In addition, our Client wanted to evaluate the risk exposure of critical business units within the organization which were more likely to be impacted by a phishing attack.

Our Approach:

  • Working closely with our Client, Security Compass designed and tailored a custom phishing simulation and email campaign that would test employee response to phishing.
  • General phishing campaigns were performed enterprise-wide on a periodic basis to measure improvements over time. The campaigns included phishing attacks delivered via email, text messages and phone calls.
  • In-depth, targeted, spear phishing was performed on targeted individuals and business units to evaluate and measure the risk exposure of these critical areas.

The Result:

  • Security Compass helped benchmark our Client’s enterprise awareness to phishing, including measuring the effectiveness of anti-phishing security controls, employee response levels, and identifying the risk level of each campaign.
  • Dashboards were created to illustrate areas for improvement against industry benchmarks for phishing. Recommendations to reduce employee risk to phishing were provided.
  • We helped our Client verify the business groups which were of highest risk to phishing attacks. Armed with the results of these phishing assessments, our Client was able to definitively target additional security awareness training towards the more vulnerable areas of the organization, helping minimize the future risk of phishing.
Armed with results of Security Compass’s comprehensive phishing assessments via email, phone calls and text messages, our Client was able to definitively target additional security awareness training towards the more vulnerable areas of the organization to help minimize the future risk of phishing.

Back to Client Stories

Contact Us

Our Advisory services team has more than a decade of experience focused on Application Security. We take a flexible approach to your strategic security problems.

Whether you are a global enterprise looking for advice on security strategy and governance, a major financial seeking support on regulatory compliance and penetration testing activities, or a startup looking for high quality assessments to give customers assurance for your business, we're here for you.

Our credentialed professionals are experts in how to break applications and fix code, who take pride in helping you succeed in your Secure SDLC and Secure DevOps programs. Contact us today to learn how we can help solve your organization’s application security challenges.

Opt-In for Future Communications

Some of
(Choose One)
(All that apply)
Web Search
Online Ad
White Paper
Analyst Report
Trade Show
Worked With Us Elsewhere

By submitting your information, you are agreeing to the
Security Compass Terms of Service & Privacy Policy