wombatsecurity | March 10, 2015

Wombat Security Helps Global Engineering Services Company Lower Malware Infections by 42%

Wombat is enabling the large organization to reduce its susceptibility to cyber security attacks, saving hundreds of hours in remediation time

Pittsburgh, PA – March 10, 2015 Wombat Security Technologies (Wombat) released a new industry case study that shows how one large international construction and engineering services company reduced malware infections by 42%.  The Company is leveraging Wombat’s Continuous Training Methodology and software to educate its employees to recognize cyber-attacks, thereby dramatically reducing susceptibility to potential threats and costly malware infections.  The Company also benefited from a significant reduction in PC remediation time as well as decreases in USB and phishing attack susceptibility.

Despite its operational success, this international construction and engineering services company had a major phishing problem. Malware, viruses, and phishing emails were regularly infiltrating the organization, resulting in network disruptions and user downtime.  The company’s IT security officer was concerned about these and other vulnerabilities. In addition to broad-based phishing attacks, he was concerned about the potential for more targeted and sophisticated spear phishing emails.

“I realized a simple search of our company website and the web at large revealed a lot of our internal email addresses, particularly management and executive-level accounts,” he said.  For this IT security officer, knowing his company had an existing phishing problem and realizing that premium contact details were publicly available, made it clear that the organization needed to be more proactive about security awareness and training.

The IT security officer decided to take action and make the case for a security program. He experimented with mock phishing emails and proved employees were susceptible – the results of which he presented to his executive team.  “Even though our business is very technical in nature, it became clear to us that technical knowledge and cyber security savviness are two entirely separate things,” said the IT security officer.

To solve these problems, the Company turned to Wombat.

In his search for a suitable education program, the IT security officer considered a few mock phishing “centric” programs before settling on Wombat’s more expansive solution. Wombat delivers simulated phishing attacks via its PhishGuru® tool, but then goes beyond the “attack only” methodology, giving organizations the opportunity to train employees about numerous cyber security threats. The goal of Wombat’s approach is to drive long-term behavior change, which in turn reduces risk.

“From a learner’s perspective, we felt our employees would benefit from the structure of the training modules,” said the company’s learning and development consultant. “The training is engaging and interactive, and it was a really good fit for our audience. The modules are short and snappy, and having the questions throughout the training is much more effective than leaving everything until the end of the module.”

The Company also leveraged Wombat’s USBGuru® assessments, which allowed the organization to plant “infected” flash drives around its location and track access. “Our IT groups gave very positive feedback about participating in the USBGuru exercise,” said the IT security officer. “For them, USB-driven malware infections are a known issue, particularly in some of our other locations around the world.” Running the assessment in North America was a valuable opportunity to educate employees to avoid these attacks. They established a baseline fail rate, delivered training, and then showed behavior change because the second mock USB attack showed in a 55% reduction in the number of individuals who accessed the devices.

The Results

In a four-month span a year prior to the training, the organization experienced 1,891 malware infections globally. A year later, during the same four-month span — in the heart of the training cycle — global infections dropped to 1,099, a 42% year-over-year reduction.  That reduction in malware infections translated into a significant time savings for the company’s IT staff and its employees. According to the organization’s internal calculations, the 792 infections — the year-over-year change — would have resulted in more than 360 hours in remediation time for the IT staff and more than 72 hours of lost productivity time for employees.

The company saw also changes in their employees’ behaviors on a day-to-day basis relatively quickly after the training had kicked off and in a short amount of time people were a lot more conscientious about opening emails and using USB devices. People were discussing security topics in lunch room conversations.  Mission accomplished.  The reduction in malware infections and helpdesk calls has freed up company resources, and significant savings on remediation costs is a proof point of the value of Wombat’s security education methodology and solutions.  Given the favorable response and the significant improvements the Company has seen associated with North American training, the organization is planning to roll out similar efforts in other global locations.

Wombat’s President and CEO, Joe Ferrara, stated “This is a tremendous example of how effective a holistic security awareness and training program can be.  This Company’s receptiveness to training was proven by the substantial number of users who went well beyond their training assignments to complete all of Wombat’s unique training modules. The ultimate proof of success was not just the reduction in susceptibility to attack but actual reduction in malware infections. Results like these should get the attention of executive teams and boards in every organization.”

Wombat has deep roots in the Security Awareness and Training market, and is a recognized authority, having recently been named a leader in the Gartner Magic Quadrant for security awareness computer-based training, and the Gold winner of the 2014 Global Excellence Awards in Tomorrow’s Technology Today for its Security Education Platform.  Wombat’s Security Education Platform was recently acknowledged as Best IT Security-related Training Program in the Professional Award category of the 2015 SC Awards.

To view the entire case study, please visit this link.  To learn more about Wombat and its product offering, please visit /.

About Wombat Security Technologies

Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior.  Their SaaS cyber security education solution includes a platform of integrated broad assessments, as well as a library of simulated attacks and brief interactive training modules. Wombat's solutions help organizations reduce successful phishing attacks and malware infections up to 90%. Wombat is helping Fortune 1000 and Global 500 customers in industry segments such as finance, technology, banking, higher education, retail, and consumer packaged goods to strengthen their cyber security defenses.

Lorraine Kauffman-Hall


Amy Baker
412-621-1484 x 115