Case Study

From Vulnerable to Vigilant

The Journey of an International Hotel Chain in Tackling Smishing

Introduction

An international hotel chain operating in 85 locations and employing over 8,000 individuals worldwide faced a severe and coordinated SMS phishing attack.

The attackers exploited localized content and personal information, posing a significant threat to the business. Employees were bombarded with 5 to 6 smishing messages each week. The widespread nature of the hotel chain added complexity to managing human risk, considering the diversity of languages, cultural contexts, and cyber awareness levels across different regions.

Traditional training methods proved inadequate to handle the scale and sophistication of the attacks. An automated human risk detection and response platform became imperative to address these challenges. Such a system would empower employees to identify, comprehend, and promptly report any suspicious SMS activity, effectively mitigating the risks associated with these persistent smishing campaigns.

Successful Outcomes

The achieved annual Return on Investment (ROI) stood at an impressive $239,940.
Significant potential financial losses were prevented, amounting to a reduction of $1.285M per year.
In three months, employees exhibited a remarkable 87% improvement in their ability to identify smishing attempts.

Understanding the Risks of Smishing Attacks

Data Breach Risk: Employees could unintentionally give attackers access to sensitive hotel and guest data.
Financial Loss: Smishing could trick employees into sharing financial information, potentially leading to significant unauthorized transactions and theft.
Reputation Damage: Public knowledge of successful smishing attacks could harm the hotel's reputation, potentially losing clientele.
Operational Disruption: Attackers gaining access to hotel systems like room bookings could result in substantial disruptions and customer dissatisfaction.
Legal Risks: Failure to protect guest data could result in breaches of regulations like GDPR or CCPA, resulting in legal action and heavy fines.
Internal Trust Issues and Panic: Sophisticated smishing attacks could foster employee mistrust, confusion and panic.
Location-based Risk: The challenge to protect and manage human issue across various locations presented a significant risk.

“Keepnet Labs revolutionized our cybersecurity strategy with their Smishing Simulator, boosting threat awareness across all locations. We now have streamlined reporting and comprehensive training capabilities to minimize human error. Through a proactive security culture initiative, we achieved an impressive ROI of $239,940 and witnessed an outstanding 87% improvement in identifying phishing attempts within a short span of three months.”

Jake Davis, Information Security Manager at International Hotel

Return on Investment (ROI)

The average loss per individual

$502

Employees recognizing and reporting smishing

from 55% to 87% in 3 months

The total potential loss prevented: $1.281M annually

Average Cost of Smishing Incident Response

Avg. time to respond to a Smishing incident

from 8 hours to 2 minutes

The average cost of one staff

$60 per hour

The price of a single Smishing incident reduced

from $480 to $0,12

The average number of Smishing incidents reported per year

500

The total estimated cost savings are $239,940 annually (reducing the cost from $240,600 to $60).

Keepnet Labs' Role in Tackling Smishing Threats:

Amplified Threat Awareness: Keepnet's Smishing Simulator used real-world scenarios, training employees across all locations to detect smishing threats.
Streamlined Reporting: Security training educated staff about smishing threats and streamlined the reporting mechanism across the hotel chain.
Minimized Human Error: By exposing employees to simulated attacks, Keepnet helped reduce human error across all locations.
Fostering Security Culture: Regular training created a proactive security culture throughout the hotel chain, involving employees in the cybersecurity strategy.
Regulatory Compliance: Frequent simulations ensured adherence to various cybersecurity regulations across all hotel locations.
Efficient Risk Management: The platform provided a centralized system for managing human risk across different locations, offering real-time monitoring and feedback to ensure continuous improvement automatically.
Real-time Monitoring: The Smishing Simulator tracked employee behavior during simulations, identifying weaknesses and determining training needs in all locations.

Operational Results

Over 8000 employees were trained, ensuring a persistent high-level security awareness.
In just three months, employees exhibited an impressive 87% success rate in recognizing smishing attempts which was 55% at the beginning.
Introducing robust policies and procedures dramatically improved the incident reporting and follow-up process.
Most importantly, the anxiety linked to smishing threats significantly decreased among employees and created a secure working atmosphere.

Strategic Results

Through Keepnet's seamless integration, the hotel chain achieved significant annual cost savings of $239,940.
They successfully mitigated regulatory risks, enhancing their compliance strategy and instilling confidence in adherence.
Rigorous security protocols and a defined incident response plan strengthened their cybersecurity defenses.
The unified approach enabled constant learning and risk analysis across all locations, fostering a culture of reporting and continuous improvement.