Keepnet Labs Logo
Menu
HOME > case studies > hotel chains triumph over smishing

Boosting Awareness with SMS Phishing Simulator

Learn how an international hotel chain overcame a severe smishing attack with Smishing Simulator. By enhancing threat awareness and streamlining reporting across all locations, improved employee response to SMS phishing by 87% in just three months.

International Hotel Chain in Tackling Smishing

Introduction

An international hotel chain operating in 85 locations and employing over 8,000 individuals worldwide faced a severe and coordinated SMS phishing attack. 

The attackers exploited localized content and personal information, posing a significant threat to the business. Employees were bombarded with 5 to 6 smishing messages each week. The widespread nature of the hotel chain added complexity to managing human risk, considering the diversity of languages, cultural contexts, and cyber awareness levels across different regions. 


Traditional training methods proved inadequate to handle the scale and sophistication of the SMS Phishing attacks.  An automated human risk detection and response platform became imperative to address these challenges. Such a system would empower employees to identify, comprehend, and promptly report any suspicious SMS activity, effectively mitigating the risks associated with these persistent smishing campaigns.

Successful Outcomes

  • Saved $239,940 from incident analysis and response. 

  • Prevented  $1.285M potential loss annually.

  • Boosted employee's ability to identify and respond to SMS phishing by up to 87% in three months

Understanding the Risks of Smishing Attacks

Without effective countermeasures, the hotel chain was at risk on various fronts:

  • Operational Disruption: Attacks can cause booking system chaos and delay emergency responses.

  • Data Breach and Financial Loss: Employees may expose sensitive data, leading to identity theft and unauthorized transactions.

  • Reputation and Customer Experience: Attacks harm reputation, causing cancellations and negative reviews.

  • Legal and Regulatory Risks: Data breaches can result in legal action and heavy fines.

  • Increased Costs: Addressing attacks raises security expenses and insurance premiums.

  • Internal Trust and Staff Morale: Attacks create mistrust, confusion, burnout, and lower productivity.

  • Loyalty Programs: Compromised data can reduce customer loyalty and repeat bookings.

  • Vendor and Partner Trust: Breaches disrupt vendor relations and require stricter security protocols.

  • Business Continuity: Persistent attacks undermine long-term growth and operations.

  • Location-based Risk: The challenge to protect and manage human issues across various locations presented a significant risk.

"Keepnet revolutionized our cybersecurity strategy with their Smishing Simulator, boosting threat awareness across all locations. We now have streamlined reporting and comprehensive training capabilities to minimize human error. Through a proactive security culture initiative, we witnessed an outstanding 87% improvement in identifying SMS phishing attempts within three months."

Jake Davis, Information Security Manager at International Hotel

Potential Loss Prevented

The average loss per individual

$502

Employees recognize and report Phishing

from 55% to 87% in 3 months

The total potential loss prevented: $1.285M annually

Cost Saved From Incident Handling

Avg. time to respond to a Phishing incident

from 8 hours to 2 minutes

The average cost of one staff

$60 per hour

The cost of a single Smishing incident reduced

from $480 to $2

The average number of Smishing incidents reported per year

500

The total estimated cost savings are $239,000 annually

(reducing the cost from $240,000 to 1000).

Hotel’s Success in Tackling Smishing Threats:

  • Amplified Threat Awareness: The hotel used real-world scenarios to train employees across all locations, significantly improving their ability to detect smishing threats.

  • Streamlined Reporting: Enhanced security training educated staff about smishing threats and streamlined the reporting mechanism across the entire hotel chain.

  • Minimized Human Error: By exposing employees to simulated attacks, the hotel effectively reduced human error in identifying and responding to threats.

  • Fostering Security Culture: Regular training sessions fostered a proactive security culture, involving employees actively in the hotel's cybersecurity strategy.

  • Regulatory Compliance: Frequent simulations ensured that the hotel adhered to various cybersecurity regulations across all locations.

  • Efficient Risk Management: The hotel implemented a centralized system for managing human risk, with real-time monitoring and feedback to ensure continuous improvement.

  • Real-time Monitoring: The smishing simulations tracked employee behavior, identifying weaknesses and determining training needs across all locations.

Operational Results

  • Trained over 8,000 employees, ensuring persistent high-level security awareness.

  • Improved smishing recognition success rate to 87% from 55% in three months.

  • Enhanced incident reporting and follow-up process with robust policies and procedures.

  • Decreased anxiety linked to smishing threats, creating a secure working atmosphere.

Strategic Results

  • Achieved $239,940 annual cost savings from incident response.

  • Mitigated regulatory risks, enhancing compliance strategy and confidence in adherence.

  • Strengthened cybersecurity defenses with rigorous security protocols and an incident response plan.

  • Fostered a culture of reporting and continuous improvement across all locations through constant learning and risk analysis.

Schedule your 30-minute demo now!

You'll learn how to:
tickQuickly deploy SMS phishing campaigns to elevate employee readiness against phishing threats.
tickTest with real-world SMS phishing templates, increasing vigilance and preparedness.
tickGenerate customized reports on employee actions, identifying specific areas for cybersecurity improvement and strengthening your defenses.

Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.
iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate