Wotton + Kearney Case Study

At a Glance

Deployed KnowBe4 Defend and Prevent to augment and improve existing SEG system

Users report receiving useful alerts at the right times to help improve their security practices

Data breaches have been successfully prevented and threats have been detected that existing SEG missed

Australian Law Firm Wotton + Kearney Keeps Inbound and Outbound Email Secure With KnowBe4

Founded in 2002, Wotton + Kearney has grown from two partners to be one of the Asia Pacific region's undisputed leaders in the provision of legal services to the insurance industry with more than 900 professionals, including 100+ partners, spanning 13 offices across Australia, New Zealand, Singapore and Thailand.

The Challenge

Being part of a growing business in a highly regulated industry means that W+K is committed to adopting and maintaining the most stringent data and information security controls.

Industry

Legal

Location

Australia

Challenge

Needed a more effective approach to email security that addressed issues with false positive alerts and malicious emails bypassing their existing system.

KnowBe4 Products

“We provide legal services to some of the world’s largest insurance companies, and they regularly perform audits and third-party risk assessments,” said Mahesh Belagali, Information Technology Security Manager at W+K. “Our clients have specific information security and data protection requirements, so it’s imperative we have sophisticated IT security measures in place.”

W+K has taken a defense-in-depth approach to their email security with a number of best-in-class products from different vendors: a secure email gateway (SEG), security awareness training (SAT), user reporting for automatic scanning, and outbound email security to block misaddressed emails.

But users were frustrated with the number of false positive alerts.

“There were a lot of complaints that they interacted with a particular recipient quite often and were still receiving prompts which were wrong,” Belagali says. “Those kinds of prompts were putting off the users and actively working against the behavioral changes we try to drive and increases the chance the warning will be ignored when a real threat exists.”

Additionally, Belagali estimated that around 40 malicious emails were evading inbound detection every month. Given these concerns, Belagali and his team decided to look to see if another product would better suit W+K’s needs.

“As a small lean IT team, one of our main focuses was to try to find a platform that addressed multiple pain areas rather than just one or two,” he said.

The Platform

W+K’s IT team researched potential email security platforms and ultimately chose KnowBe4. “We wanted to see if we could get better protection from outbound email threats but quickly found that most intelligent email security vendors focus just on inbound. I consulted Gartner and found KnowBe4,” Belagali says.

With KnowBe4 deployed, Belagali and his team have focused on protection in several areas. Outbound protection is now provided by KnowBe4 Prevent, which prevents users from sending misdirected emails, those with misspelled addresses and emails that contain both a password-protected file and the password.

“We detect and warn staff on [data] exfiltration attempt from sending emails to their personal accounts,” Belagali says.

The inbound protection provided by their SEG has been augmented by KnowBe4 Defend to fill the gaps that were resulting in malicious emails evading detection. Defend uses intelligent technologies to detect suspicious emails and add color-coded warning banners to help users understand the nature of the threat.

Wotton + Kearney