Industry
Critical Infrastructure
Location
Oklahoma, USA
Challenge
Increase security posture and increase productivity of IT team
KnowBe4 Products
MESA is a three‑time Malcolm Baldrige National Quality Award (MBNQA) winning organization (2006, 2012, 2020). The award recognizes performance excellence, focus on continuous improvement and innovation, leadership, governance, and success in financial and market outcomes.
“Through our Baldrige engagement, we knew there were opportunities for improvement in upping our IT security stance. Awareness training for our employees was an area we could advance. I reached out to my peers in the industry, and KnowBe4 came highly recommended,” MESA CIO/CISO Sarfraz Shaikh says. “You can throw a lot of expensive technology to fortify your ecosystem, but common mistakes made when using email, web and within the physical world, can leave the organization vulnerable.”
Elevating Training Through the KnowBe4 Platform
MESA’s journey with KnowBe4 began in late 2018 with KnowBe4 Security Awareness Training.
“We needed a platform that provided short, relevant and interestingly‑produced content that could be uploaded in our existing Learning Management System (LMS). Additionally, it had to sync with our Active Directory to eliminate the need to manage multiple portals. KnowBe4 was the right fit,” Shaikh says. “Post‑sale, KnowBe4’s customer service and onboarding were tailored to suit our needs, where my team was able to customize workflows, notifications and reporting. They were concise and provided us with the knowledge and support we needed.”
“Every new hire that comes into our organization, goes through the initial security assessment to gauge their awareness levels. The monthly phishing campaigns provide ongoing training and intelligence around evolving threats. This interactive approach has significantly strengthened our cybersecurity posture.”
Improving Testing Cadence and Caliber
MESA conducted initial baseline testing when it began working with KnowBe4. Shaikh was alarmed to see that the Phish‑prone™ Percentage (PPP), or the likelihood that employees would click on a phishing email, was extremely high.
“Our baseline testing was an eye‑opener, with nearly 52% of our employees clicking links, entering personally identifiable information (PII) and more. That’s the kind of stuff that should keep you up at night. And it did,” Shaikh says.
Immediately, one of the key goals of the program was to dramatically lower the PPP. With the KnowBe4 Platform, MESA initiated monthly phishing campaigns, tying in topical subjects and internal events to test employees’ awareness.
For example, when the HR and Communities departments were planning to host a blood drive, Shaikh and his team would spin up a phishing email requesting employees to enter their date of birth and other PII. This level of targeted campaigning tested team members’ critical thinking skills and awareness of phishing tactics. If employees failed the test, they were auto‑enrolled in short training modules which highlighted blind spots to mitigate such future occurrences. Employees were also given numerous opportunities to participate in supplemental courses at their convenience, including KnowBe4’s award-winning “The Inside Man” video training series.
Faster Incident Response with PhishER
In addition to the KnowBe4 Platform, MESA had a deep security stack that included firewalls, endpoint detection and response, antivirus software, email spam filtering and dark web monitoring tools.
“We had a few defense solutions in place, but each was a different platform and required frequent back and forth intervention by our team,” Shaikh says.
MESA employees had already been trained to use KnowBe4’s Phish Alert Button (PAB), to forward suspicious emails to Shaikh’s team to investigate.
“We were filtering out roughly 10% of emails, but the IT team had to review each one individually forwarded to the ticketing system. We knew we needed automation to expedite this process,” Shaikh says.
Shaikh learned about KnowBe4’s lightweight SOAR platform and full incident response platform, PhishER™, and felt it was the right choice, in part, because it provided a single pane of glass view.
“Full integration with PAB, PhishML™, the machine learning module, PhishRIP™ to quarantine messages sent to multiple employees—it was all within the KnowBe4 ecosystem. I was sold,” Shaikh says.
PhishER was deployed in mid‑2021, and MESA saw an immediate return on its investment.
As soon as a team member clicked the PAB, sending the email in question to PhishER, the platform would automatically scrub and review the message for potential threats. This saved the IT team significant time so they could focus on other issues rather than investigating every suspicious email. Shaikh’s team saved additional time by implementing PhishRIP, which is a PhishER feature that removes confirmed malicious messages from every person’s inbox.
Previously, multiple people within the organization could have received the same suspicious email with only one reporting it to the IT team. This meant others who had received the email could end up clicking it. PhishRIP, however, identified every user that had received the email and withdrew it from all user inboxes all at once.
“PhishRIP is an enormous time saver, and efficient in shutting down threats quickly,” Shaikh says.
