Storebrand has chosen Secure Practice to help employees with safe handling of suspicious emails.
Bjørn Richard Watne (CISO) says the solution greatly helps both preventive and operative security.
– This way, our company receives hundreds of new security eyes, which enable us to
detect a lot more of what goes on at any time, and the security can be accordingly close to the
action when something happens.
– We really like how Secure Practice allows colleagues help each other in a simple and visible
way, continues Maja Charlotte Otnes, who is Risk & Security Manager at Storebrand.
She has led the work with establishing the service inside the enterprise, and describes how Secure
Practice both simplifies and improves the handling of suspicious emails in the employees' inboxes.
– It is much more effective for us when Secure Practice can give the user automatic feedback on
results from the analysis, and we see that users appreciate this. In addition, we get all data very
accessible when we do our own assessments, and the automation helps us make the assessments much
more efficiently. This way, we can put a priority on relevant mitigation efforts, instead of
spending time on processing every single email manually, says Otnes.
Market leading user experience
Previously, Storebrand had implemented a manual process for reporting emails, where the degree of
reporting and data quality to a great extent depended on the individual users' IT skills.
– Most people tried to simply forward the email to notify about something suspicious. This
however caused us to miss out on important meta data data about origin and email sender, which is
essential for further analysis and implementation of effective countermeasures, Otnes explains.
From an internal end-user survey, she can tell that with Secure Practice in place, people have a
really positive experience with being able to check emails quickly, including the opportunity to ask
for further feedback, if necessary. The amount of reported incidents related to suspicious emails
has in addition increased significantly.
– Secure Practice offers a holistic solution with a great end-user experience, says the
risk and security manager.
Key piece in the security puzzle
With more than € 100 billion in managed capital, the Storebrand group is a leading actor in the Nordic
market for long term savings and insurance. As a consequence, the company's employees in both Norway
and Sweden become attractive targets for cybercriminals.
– We see that email is the most frequent attack vector against us, in addition to the wide
application and attack surface for the entire group, says Bjørn Richard Watne.
He points out that spam and virus filters are only as good as their last update, and that the
security department works continously with awareness and following up on all employees.
– Security is a collective responsibility at Storebrand. We find it exciting how Secure
Practice combines a more traditional form for protection and reporting, with the opportunity for
integrated training of employees on information security, Watne continues.
Enabling technology collaboration
The MailRisk service is delivered in collaboration with a managed security services provider (MSSP), who already
operates a 24/7 security monitoring service for Storebrand. The MSSP has further developed an integration between
Secure Practice and their own security platform, which enables further automation and mitigation.
Maja Charlotte Otnes has expectations to this collaboration going forward, and is happy to see
innovation within this important area.
– It is exciting to see the puzzle coming together. Email is in one way very simple,
yet at the same time a complex attack vector to protect an entire organization against. We
cannot only think about the technical solutions and people separately, both need to be aligned,