Prime Downhole Manufacturing is a global machining, fabrication and services company serving the Oil & Gas and Aerospace industries. Their mission is to deliver precision-machined products and services through cutting-edge equipment, a team of dedicated, diverse and highly-skilled personnel, and uncompromising craftsmanship.
With many customers all around the world, Prime Downhole Manufacturing needed to ensure that the data and information they store, process and transfer was secure from social engineering and cyberattacks.
Danielle, ERP Manager at Prime Downhole, manages the implementation of ERP systems across the company, manages the company's IT program, and was in charge of starting a security awareness training program.
While working with an international company, an employee noticed something amiss. Due to a social engineering attempt, the company almost lost $500K. A user was compromised but caught the error before disaster. While they avoided the money loss, they knew something needed to change in their overall security posture.
Additionally, the company was seeing various social engineering attacks across company, such as gift card scams. Employees were being asked by their "boss" to buy gift cards for "clients" which put employees at risk of losing theirs and the company's money. This is an extremely common social engineering attack in which employees fall prey. And while the company had done training over Zoom calls in the past, they knew they needed a complete platform to test, train, and report on security awareness.
Danielle was looking for a solution that not only provided quality phishing simulations, but as a wearer of many hats, she wanted a true training partner in security awareness. That's why she ultimately chose Hook Security.
"The campaign of the month phishing simulation takes so much off my plate, and they're REALLY convincing! It is such a load off to be able to know that without any effort from me, once a month my users are going to be tested so that I can tell how our program is working."
With the help of Hook Security, Prime Downhole Manufacturing started with a baseline phishing test to gauge where their company risk level was at the beginning of the engagement. This gave both Hook and Prime Downhole helpful data to compare to future results. "The baseline test you'll run at the beginning of your time with Hook is really important!" said Danielle, "It tells you where you're starting at so that you can see if the program is working or not."
Danielle also needed training content that would play well with her existing learning management system (LMS). With our SCORM package integration, she was able to access our security awareness training with her existing LMS. "Now, instead of having to log in to several different places for their training, my users just log in to our LMS training platform and they can get to everything from Safety to Cyber Awareness and Procedural Trainings!"
Finally, the advanced reporting features made Hook the tool of choice for Prime Downhole. We were able to provide in-depth details about their phishing test, including just how far the user would have gone had it been a real world phishing attack.
Reduced Risk of Phishing
Since their initial baseline test, Prime Downhole has reduced their average monthly phishing test clicks down to 0-2 users. Occasionally, a "super sneaky" template will spike some fails, but Danielle sees this as a positive, meaning users are continually trained over time vs. one time.
Increased Employee Morale
Surprisingly to the company, phishing simulations has actually resulted in a large BOOST in morale at the company. They rolled the program out properly, set proper expectations, and gamified the results.
The IT team was able to create a positive, fun conversation around cybersecurity instead of a scary, punitive one.
It actually became a game around the office to dodge phishing emails and boast when they successfully spotted and reported a phishing email. "After phishing simulations, we often get emails from our team such as 'Haha, you didn't get me!'" said Danielle.
"Hook has impacted my work, my team, and my company! I was the person in charge of creating the training material for cyber awareness, so now that we use Hook, I can focus on the rest of my job, it freed up days of work for EACH time it needed to be updated.
My team is able to easily monitor how our cyber awareness program is going and make suggestions when we need to ramp it up or give specialized training to a user.
My company as a whole has not had a breach since we began with Hook, and while users sometimes click, they are much better prepared and quite frankly, less gullible!"