Storebrand

Storebrand has chosen Secure Practice to help employees with safe handling of suspicious emails. Bjørn Richard Watne (CISO) says the solution greatly helps both preventive and operative security.

– This way, our company receives hundreds of new security eyes, which enable us to detect a lot more of what goes on at any time, and the security can be accordingly close to the action when something happens.

– We really like how Secure Practice allows colleagues help each other in a simple and visible way, continues Maja Charlotte Otnes, who is Risk & Security Manager at Storebrand.

She has led the work with establishing the service inside the enterprise, and describes how Secure Practice both simplifies and improves the handling of suspicious emails in the employees' inboxes.

– It is much more effective for us when Secure Practice can give the user automatic feedback on results from the analysis, and we see that users appreciate this. In addition, we get all data very accessible when we do our own assessments, and the automation helps us make the assessments much more efficiently. This way, we can put a priority on relevant mitigation efforts, instead of spending time on processing every single email manually, says Otnes.

Market leading user experience

Previously, Storebrand had implemented a manual process for reporting emails, where the degree of reporting and data quality to a great extent depended on the individual users' IT skills.

– Most people tried to simply forward the email to notify about something suspicious. This however caused us to miss out on important meta data data about origin and email sender, which is essential for further analysis and implementation of effective countermeasures, Otnes explains.

From an internal end-user survey, she can tell that with Secure Practice in place, people have a really positive experience with being able to check emails quickly, including the opportunity to ask for further feedback, if necessary. The amount of reported incidents related to suspicious emails has in addition increased significantly.

– Secure Practice offers a holistic solution with a great end-user experience, says the risk and security manager.

Key piece in the security puzzle

With more than € 100 billion in managed capital, the Storebrand group is a leading actor in the Nordic market for long term savings and insurance. As a consequence, the company's employees in both Norway and Sweden become attractive targets for cybercriminals.

– We see that email is the most frequent attack vector against us, in addition to the wide application and attack surface for the entire group, says Bjørn Richard Watne.

He points out that spam and virus filters are only as good as their last update, and that the security department works continously with awareness and following up on all employees.

– Security is a collective responsibility at Storebrand. We find it exciting how Secure Practice combines a more traditional form for protection and reporting, with the opportunity for integrated training of employees on information security, Watne continues.

Enabling technology collaboration

The MailRisk service is delivered in collaboration with a managed security services provider (MSSP), who already operates a 24/7 security monitoring service for Storebrand. The MSSP has further developed an integration between Secure Practice and their own security platform, which enables further automation and mitigation.

Maja Charlotte Otnes has expectations to this collaboration going forward, and is happy to see innovation within this important area.

– It is exciting to see the puzzle coming together. Email is in one way very simple, yet at the same time a complex attack vector to protect an entire organization against. We cannot only think about the technical solutions and people separately, both need to be aligned, she concludes.