KnowBe4 Decreases the Risk of Phishing Attacks from 32% to 7% at SIG

Editorial Type: Case Study Date: 2020-06-01 Views: 1,183 Tags: Security, Cyber Security, Threats, Training, Risk, KnowBE4, KnowBe4
SIG plc. is a leading wholesale distributor in Europe of building materials, particularly insulation and interiors, roofing, as well as exteriors and air handling. Founded in 1957 as a single site insulation distribution business from the inside of a converted ice cream van in Sheffield, the company has made several acquisitions over the course of 63 years, allowing them to become the powerhouse it is today. Indeed, they have around 9,000 employees dispersed across 585 branches in the United Kingdom, Ireland and mainland Europe.

The Challenge
In an effort to maintain their prominent role in the construction industry, SIG has the primary goal of advancing its operational and financial performance within three primary areas: customer service, customer value and operational efficiency. However, to achieve this, it depends upon key ‘strategic enablers’. This includes investing in technology and systems to better understand customers and products, while simultaneously becoming more efficient. It also means greater investment into data management because access to, and the use of data is the bedrock behind the realisation of the company strategy. With this growing importance in technology and data, it became increasingly vital that SIG was protected from a cyberattack. Indeed, one of the main challenges the company faces lies in their final ‘strategic enabler’: the talent.

SIG, like any company, relies on its dedicated and talented employees. Regrettably, it’s well-established that employees also act as the likely entry point for bad actors to infiltrate the organisation’s IT systems. One wrong click on a malicious link or phishing email poses a colossal risk to the organisation.

The Remedy:
Fortunately, the board clearly understood the risks of phishing attacks and gave their chief information security officer, Carl Baron, the green light to take the necessary measures to improve the company’s cybersecurity. In his plan, security awareness was made a priority. While Carl had worked with Softcat in the past and considered Cofense and Proofpoint, he ultimately elected to go with the services offered by KnowBe4. This includes security awareness training as well as a simulated phishing platform.

Unlike many other security awareness providers, KnowBe4 stood out as the best contender because they treated SIG as a valued partner. In Carl’s words, he did not feel as though he were “just another sale”. KnowBe4 listened to every one of his concerns and tailored the ideal plan for SIG.

Knowing full well that SIG’s employees would not respond with much enthusiasm to a repetitive course, KnowBe4 overcame this with a dynamic and inspired training plan built from multiple creative houses. They also ensured that each training module lasted no longer than 10-15 minutes, which helped to maintain employee engagement. Moreover, the content was offered in a range of languages which complimented SIG’s multinational nature. In this way, Carl was essentially offered a buffet of choices which he could pick from to create the most appropriate training plan for each geographical area of the business. With all that KnowBe4 has to offer, one might assume that they would charge a premium price, but he was pleasantly surprised to find that their price point was actually very competitive.

Implementation:
The implementation of KnowBe4’s training programme was as easy as Carl’s decision to take it on as SIG’s security awareness provider. It is installed as a platform from which he can prescribe various training modules to employees on a regular basis as well as conduct simulated phishing tests on them. In addition, he receives monthly reports tracking progress among employees. This allows Carl to demonstrate to board members, with measurable results, the improvements he has made to SIG’s overall security hygiene.

Outcome:
The results for SIG since the implementation of KnowBe4 have been phenomenal. While the first round of tests revealed that nearly one-third of the company (32%) was prone to falling for phishing attempts, since using the platform, that number has been drastically reduced to just 7%. This makes Carl’s goal to reduce the percentage to 4% this year very achievable. After all, as this percentage drops, the business undoubtably becomes safer from cyberattacks.

Carl has also been able to prove the value derived from the platform through monthly measurements and metric reports which cite the number of people who have been trained, which specific campaigns have been completed, the number of people who have been phished as well as how many are susceptible to being phished. With these statistics, he can then continue to tweak and customise the content he selects for the next month’s training. All whilst resting assured that the multi-language content would operate easily in the respective geographical regions and respect various privacy regulations. If, however, he ran into any complications, the KnowBe4 team was quick to provide support, of which Carl asserts is “second to none”.

Lastly, and most importantly, SIG’s employees are happy, giving only positive feedback.