Fortune 100 Manufacturing Company Controls Business Email Compromise With Proofpoint

The Challenge
  • Minimise risk associated with large network of supply vendors
  • Accelerate response time to zero-day threats
  • Align business stakeholders with cybersecurity priorities
The Solution
  • Proofpoint Email Protection
  • Proofpoint Targeted Attack Protection
  • Proofpoint Threat Response Auto-Pull
  • Proofpoint Security Awareness Training
The Results
  • Dynamic security protects manufacturing operations from emerging threats
  • Reporting capabilities justify investment to executives
  • Automated solution helps cybersecurity team save time

The Challenge

Safeguard a supply chain of thousands of vendors

For any major manufacturer, preventing cyber threats is essential. The organisation needs to protect its intellectual property, as well as the daily interactions with its massive network. This includes its suppliers, business partners, and customers—all around the world. But the threat landscape is constantly evolving. And the company needed global visibility to discover and protect itself from the latest threats.

“We have a very distributed environment. We operate in about 90 different sites across approximately 70 countries,” said the company’s global threat leader. “We needed to gain a more proactive view into the interactions between our vendors and our organisation, so that we could detect and stop fraud. For example, in the past, there wasn’t a strong connection between our security team and the accounts payable team.”

He was especially concerned about an emerging generation of business email compromise (BEC) attacks. Now attackers are using supplier impersonation with compromised supplier accounts to target the organisation.

“We have tens of thousands of vendors and all sorts of really complex environments,” said the threat leader. “Gaining advanced visibility into these attacks was almost impossible. And the only methodology we had against them was our staff training.”

“Although email account compromise continues to be a threat, Proofpoint has been a huge help to us. We now have improved monitoring, and our new detection engine is effectively alerting us to attacks. And we recently prevented a fraud attempt of approximately $1 million from an attacker impersonating a supplier.”

Global Cyber Threat Leader, Fortune 100 Manufacturing Company

The Solution

Stopping emerging threats with Proofpoint

To gain the holistic protection it needed to protect its organisation against supply chain fraud, the company chose the Proofpoint Threat Protection Platform, which captures both known and unknown threats. Its advanced machine learning/AI-based detection stack is trained with rich threat data gathered from inbound and outbound gateway telemetry, supply chain risk analytics, and API data from cloud productivity platforms. And it provides advanced BEC defence capabilities to detect and block non-malware email threats, such as email fraud. It also helps the team gain insight into impostor threats and risks for people across the organisation, for better awareness and more proactive planning.

With Proofpoint Threat Protection, the company can keep its communications safer by protecting against a wide variety of email threats. These include email fraud, ransomware, credential phishing, account takeover and more. And by taking an ensemble approach and using machine learning algorithms trained by rich threat data, Proofpoint enables the company to stay ahead of the escalating threat landscape. It also allows them to spot threats early in the attack chain.

“Proofpoint gives us automated, continually updated threat intelligence that goes into the system. And it’s much better tuned and fully updated when compared to competitive solutions that require you to do much of that work yourself,” said the threat leader. “It also gives us granular insight into different types of BEC threats. My people can log in to the dashboard, filter the view to see impostors, and get forensic details on some of the tactics that these impostors are using.”

The Proofpoint solution also helps the company use its resources more efficiently by automating manual processes. This means that the organisation can do more with less.

“One of the main advantages of Proofpoint is its automation capabilities. They enable us to rapidly review large volumes of emails with the click of a button,” said the threat leader. “I’m essentially using just one-third of a full-time employee on that work now. These types of tasks could easily have consumed ten people in the past, so the automation capabilities have produced some great benefits in reducing our operating expenses.”

The company also deployed Proofpoint Threat Response Auto-Pull. TRAP makes it easier for the threat team to analyse emails and automatically move the malicious or unwanted ones to quarantine, even after delivery. What’s more, TRAP follows forwarded mail and distribution lists and creates an auditable activity trail.

Another way to mitigate attacks is through employee education. To help with this, the company rolled out Proofpoint Security Awareness Training to its employees. This highly targeted training helps ensure that people know what to do when they’re faced with a cybersecurity threat.

The Results

Stopping millions in invoice fraud

The Proofpoint Threat Protection Platform has rapidly delivered dividends to the company. It’s also shown its effectiveness in detecting and stopping complex supplier invoicing fraud attacks.

Shortly after it was deployed, the team discovered BEC messages that impersonated the company’s suppliers, presenting false invoices to the company. The Proofpoint ML/AI-based detection platform detected and stopped several supplier invoicing fraud attacks. The attackers used tactics such as lookalike domain spoofing and compromised supplier accounts to target the company’s accounting department.

Thanks to the Proofpoint solution and high-priority incident response by the company’s information security team, the attacks were stopped in their tracks.

“We successfully stopped both attacks,” said the threat leader. “The first fraudulent invoice was for $350,000, and the second one we received from a different attacker was for $80,000. Overall, we are protecting our organisation at industry-leading levels of 99.94% against a decline in a shifting mix of attacks.”

The company is also educating its workforce to help employees build security best practices into their daily routines using Proofpoint Security Awareness Training. This customisable program helps employees in two ways. Now not only can they better understand threats, but they can modify their behaviour when they encounter them. By helping them respond more proactively, Security Awareness Training has played a key role in helping the organisation realise the full value of its cybersecurity investments.

“Our employee phishing click index remains at industry-best levels, at or below 15 clicks per 100,000 attacks. In one month, we measured the smallest number of clicks on suspicious emails—just 36 total,” said the threat leader. “And our employees continue to show improved phishing awareness through these internal measures.”

To help keep the entire organisation informed about the company’s security posture, the team uses the Proofpoint reporting feature. Now he can regularly share details with the organisation's procurement and finance teams, as well as executives. “I send the report to the CEO every week so he can fully understand what’s going on here,” said the threat leader.

Protecting a global extended enterprise of employees, suppliers and partners is an ongoing challenge. But with help and solutions from Proofpoint, the company is strengthening its culture of cybersecurity to proactively minimise risk.

Download Customer Story