German Software Manufacturer Case Study

At a Glance

The percentage of users failing simulated phishing tests reduced from an initial 16.1% to 1.7%

High acceptance of phishing training among employees as part of the new security culture

Consistent employee feedback on the training content, which leads to greater awareness of the current threat landscape

Over 50% of employees engaging in non-mandatory training

Establishing a Comprehensive Security Culture with KnowBe4

A renowned software manufacturer and SaaS provider, leader in the area of Enterprise PLM including Digital Twin product catalogs, is now strengthening its cybersecurity with simulated phishing tests and security awareness training from KnowBe4. The globally active group of organizations has 12+ subsidiaries and a total of 400+ employees.

The Risk of Cyber Attacks Is Constantly Growing

The organization, like most organizations, is exposed to phishing attacks on an almost daily basis. The dynamic development of artificial intelligence (AI) and its malicious use are leading to an ever-increasing threat landscape, as criminals can now use AI tools to carry out sophisticated phishing attacks with little effort or know-how.

Industry

Software manufacturer

Location

Munich, Germany

Challenge

Establishing a comprehensive security culture, especially in light of the growing threat of cyber attacks. The focus is on coping with daily phishing attacks and integrating KnowBe4 into the security strategy in order to be able to react proactively to security breaches

KnowBe4 Products

Security Awareness Training

To mitigate the threat, the organization decided to take comprehensive IT security measures to raise security to a new level. An effective security awareness training program for employees plays a crucial role in this.

Selection Process and Implementation of KnowBe4

The organization knew their lack of continuous security training and simulated phishing tests was a gap in their security architecture that needed to be addressed. While searching for a suitable platform, they learned of KnowBe4 through a presentation on “modeling employee behavior” and, after comparing offers, unanimously decided that KnowBe4’s HRM+ platform was the way to go.

The first task was to determine the organization’s baseline phishing susceptibility. Using a free baseline phishing test from KnowBe4, they were able to gain insight into their security posture. The phishing security test analysis revealed that 16.1% of users clicked on the simulated phishing attempts and 8.3% even disclosed their data. This demonstrated a big potential for improvement in terms of security awareness among employees and was an important finding that ultimately influenced the decision to implement the KnowBe4 platform. In addition, the large variety of training content, the quality of the simulated phishing tests and the comprehensive customization options convinced both the IT department and the management team that KnowBe4 was the right fit.

The organization deployed KnowBe4’s Security Awareness Training in the third quarter of 2022. While the program was initially carried out manually, since the beginning of 2023 it has been largely automated, and employees are trained monthly. All new employees in Germany now take part in security awareness onboarding training and there are also plans to establish this approach globally.

The high level of acceptance within the organization is further illustrated by the fact that employees are integrating tools, such as the Phish Alert Button and KnowBe4’s Weak Password Test, into their everyday workflow alongside the scheduled security training.

The Most Important Successes with the KnowBe4 Platform

KnowBe4 has empowered the organization to strengthen its internal security infrastructure, particularly thanks to the security awareness training offered. The automation of onboarding and offboarding, including synchronization with Microsoft Entra ID (formerly Azure Active Directory), makes it easier to train new employees.

“The KnowBe4 platform enables granular control, which was previously impossible for us to implement in cloud applications. Thanks to KnowBe4’s Smart Groups feature, we can also selectively synchronize employees, automatically form groups and create more targeted training campaigns,” the Information Security Officer explains. “Another advantage is that we can now use the results of the phishing simulations to create sample phishing templates based on frequently clicked phishing emails.”

It was found that over 50% of employees responded positively to the non-mandatory training – showing a good level of employee engagement that can be increased in the future.

In addition, the opportunity to provide detailed feedback on phishing reports has not only led to a change in employees’ perception of security vulnerabilities but has also uncovered weaknesses in the policies and security systems of the entire organization.

Next Steps With KnowBe4

The organization’s management thinks continued collaboration with KnowBe4 is vital. They plan to further expand the usage of KnowBe4’s HRM+ platform to implement a uniform security culture based on the “ABCs” of security culture (Awareness, Behavior and Culture).

The implementation of the KnowBe4 platform has had a significant positive impact on the organization’s security culture and the establishment of a strong awareness of the risks and effective preventative measures.

The Information Security Officer says he is optimistic about the future: “The successful continuation of the collaboration is an important concern for our organization, and we see great potential for further raising employee awareness and optimizing internal processes.”

Download the PDF

German Software Manufacturer